General discussion

Locked

Pushing out updates: What procedure do you use?

By eclipse63 ·
We are using Microsoft Baseline Security Analyzer, Shavlik Netchk, and SMS to search for machines that are missing updates and then push the updates out to the machines. Our machines are located coast-to-coast with the server on the east coast. I feel that there is redundancy here in maintaining our network and wonder what is the best alternative. This is especially important to conserve bandwidth and advoid conflicting reports of update status. Any suggestions?

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Pushing out updates

by albertandrade1 In reply to Pushing out updates: Wha ...

I have Beta tested many product to accomplish this task and the best product I can find for this is patchlink hands down. Its easy to use implement and learn.

Collapse -

if using SMS.....

by paul.e.hejmanowski In reply to Pushing out updates: Wha ...

If you have SMS, why don't you have distribution servers (Management Points)in other locations 'coast to coast'???
You can throttle bandwidth as well.

Collapse -

Bweyond Procedures...

by slothem In reply to Pushing out updates: Wha ...

Also you need to take sepcial care in the frequency of network scannings using MBSA. You will need to determine this based on your available bandwith & computer resources. Also have special care when reinstalling operating systems and having them renamed with the same name, especially if your update report frequency is low, systems can appear as fully patched and dont reflect missing updates until next scan.

Collapse -

WSUS?

by m.finlay In reply to Pushing out updates: Wha ...

Microsoft WSUS3 is free on a windows server and has basic reporting built in (when a mchine last checked in, any errors during updates and what updates are installed/missing, etc.). It allows downstream servers that could be distibuted at each site and if all workstations are part of a domain you can easily set their server via policy.
That said, client machines must initiate everything. You can only report and set which patches are available from the server side. You cannot push patches out to client machines (you can run commands on the client to kick thing off though) and only machines that are known about can be reported on.
Maybe you could use WSUS as first point of for patch management and use SMS, etc. to suppliment it. You could install it on a server at each site to conserve bandwidth rather than shell out for more SMS server licenses for remote sites - or do you not pay for server, only clients?

Collapse -

I second that. Why pay for SMS when WSUS is free and does the trick?

by Big Ole Jack In reply to WSUS?

SMS is overkill for such and WSUS has a nifty reporting utility that works in the same way that MBSA does.

Back to Networks Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums