General discussion

  • Creator
  • #2224580

    Pushing out updates: What procedure do you use?


    by eclipse63 ·

    We are using Microsoft Baseline Security Analyzer, Shavlik Netchk, and SMS to search for machines that are missing updates and then push the updates out to the machines. Our machines are located coast-to-coast with the server on the east coast. I feel that there is redundancy here in maintaining our network and wonder what is the best alternative. This is especially important to conserve bandwidth and advoid conflicting reports of update status. Any suggestions?

All Comments

  • Author
    • #2619209

      Pushing out updates

      by albertandrade1 ·

      In reply to Pushing out updates: What procedure do you use?

      I have Beta tested many product to accomplish this task and the best product I can find for this is patchlink hands down. Its easy to use implement and learn.

    • #2619740

      if using SMS…..

      by paul.e.hejmanowski ·

      In reply to Pushing out updates: What procedure do you use?

      If you have SMS, why don’t you have distribution servers (Management Points)in other locations ‘coast to coast’???
      You can throttle bandwidth as well.

    • #2619492

      Bweyond Procedures…

      by slothem ·

      In reply to Pushing out updates: What procedure do you use?

      Also you need to take sepcial care in the frequency of network scannings using MBSA. You will need to determine this based on your available bandwith & computer resources. Also have special care when reinstalling operating systems and having them renamed with the same name, especially if your update report frequency is low, systems can appear as fully patched and dont reflect missing updates until next scan.

    • #2627034


      by m.finlay ·

      In reply to Pushing out updates: What procedure do you use?

      Microsoft WSUS3 is free on a windows server and has basic reporting built in (when a mchine last checked in, any errors during updates and what updates are installed/missing, etc.). It allows downstream servers that could be distibuted at each site and if all workstations are part of a domain you can easily set their server via policy.
      That said, client machines must initiate everything. You can only report and set which patches are available from the server side. You cannot push patches out to client machines (you can run commands on the client to kick thing off though) and only machines that are known about can be reported on.
      Maybe you could use WSUS as first point of for patch management and use SMS, etc. to suppliment it. You could install it on a server at each site to conserve bandwidth rather than shell out for more SMS server licenses for remote sites – or do you not pay for server, only clients?

      • #2627033

        I second that. Why pay for SMS when WSUS is free and does the trick?

        by big ole jack ·

        In reply to WSUS?

        SMS is overkill for such and WSUS has a nifty reporting utility that works in the same way that MBSA does.

Viewing 3 reply threads