What's the Best Patch Management software?

  • Thread starter Thread starter Fred Yarbrough
  • Start date Start date
F

Fred Yarbrough

We are going to try and implement a server based patch management system
that will automatically update our clients (W95,NT,2K, XP) with the latest
patches that we approve of. This would work like the Microsoft SUS server
concept. We have researched several packages like PatchLink and
HfNetCheckPro4 the Commercial product. Is there anyone out there that has
implemented a patch management solution that works as promised?

Thanks,
Fred
 
SUS doesn't manage anythnig below 2000. Worthless for the zillions out there
with heterogenous desktops that cover the range.

We are currently considering GFI but I've n0t had the chance to get it going
yet. If you're going to bother with it might as well make it worth your
while and have it push installs and any ther type of change you can think
of.
 
Yeah, Pre Windows 2000 doesn't matter. I should not have included that in
my original posting. We still have quite a few W95 clients, but we are
pushing hard to get rid of them. We are simply looking for something to
implement that will help us in combating this onslaught of "Critical
Patches". We have way too many clients to manually do it and our clients
are not responsible enough to do it for themselves. We already have an
aggressive desktop virus package in Trend OfficeScan and it works great. We
would like to become more proactive in forcing our clients to maintain their
systems patches as well. Hopefully, someone out there is using a patch
management system that could give us some feedback on their solution and how
well it works for them. We are not looking for FREEWare but for a full
blown enterprise solution.


Thanks,
Fred
 
Out of curiosity, why wouldn't SUS serve your needs? Do you have other
patches besides Microsoft that need deployment, as well?

Mike Abrahamson
 
Mike,

From my understanding Microsoft's SUS does not push out SP's such as
SP4, only hotfixes, and non SP level updates. We may very well implement a
Microsoft SUS server but we are also looking at other products. Some of
these other products such as PatchLink allow you to push out Office patches
and other specialized patches to Linux, Unix, ect.


Thanks,
Fred
 
Fred said:
Mike,

From my understanding Microsoft's SUS does not push out SP's such as
SP4,
Click to expand...

I don't know the answer to this, but that's the exact reason I ended up
with archaic batch filez to roll out everything last week.

I asked on quite a few NGs but got very little feedback.

(See microsoft.public.win2000.setup_deployment)

In theory you should be able to put the SP in there too, as it's the
same installer technology?

With batch filez and SysInternal's Microsoft-beating PsExec, you can
just string the SP4, the hotfixes, the JVM and, IE patches and any other
crap you happen to have lying around, one after the other, and press
"Go". Just remember to write down the patch level on a piece of paper
afterwards so you'll know where you got to.
 
Thanks Gerry! I was beginning to wonder if I was not clear as to what we
wanted to do. Sometimes I have ideas in my head that I just can't convey
very well to others. Your method would be a last resort as it would take
lots of time that we do not have. We are currently evaluating a product
called PatchLink which seems promising thus far.

Thanks,
Fred
 
Hi Fred,

I looked at all the options; one of the problems was I had to get the
SPs and the patches in there, and had to do it quickly, in office hours,
and while people were away from their desks. We don't have GPO yet, but
even if we did, a blanket application of SP4 was not an option - there's
no way I'm going to risk trashing the whole network if something went wrong.

The nice thing with the stone-age approach, was that I could hit 10
machines at a time and then see if any of them exhibited problems before
moving on to the next 10.

There were also some machines that had more recent "integrated builds"
and I had to apply different updates to them. With the batch files, I
could just comment out the lines I didn't need.

I still plan to get GPO and SUS working, but basically I got this up and
running quicker than I could have read the white paper on SUS, and
there's currently complications with web servers being moved to DMZs and
SUS needs a web server - an added complication...

Fred said:
Thanks Gerry! I was beginning to wonder if I was not clear as to what we
wanted to do. Sometimes I have ideas in my head that I just can't convey
very well to others. Your method would be a last resort as it would take
lots of time that we do not have. We are currently evaluating a product
called PatchLink which seems promising thus far.

Thanks,
Fred
Click to expand...
 
Gerry,
I understand completely and do many things using the "stone-age"
approach. I think that your solution was the correct response for a quick
turnaround. We are not necessarily looking for a quick fix as much as we
are looking for a long term system solution. We have about 2000 clients and
basically 3 administrators who perform various functions. We want to
implement a system that will run somewhat automated. Thanks for your input!


Thanks,
Fred



Gerry Hickman said:
Hi Fred,

I looked at all the options; one of the problems was I had to get the
SPs and the patches in there, and had to do it quickly, in office hours,
and while people were away from their desks. We don't have GPO yet, but
even if we did, a blanket application of SP4 was not an option - there's
no way I'm going to risk trashing the whole network if something went wrong.

The nice thing with the stone-age approach, was that I could hit 10
machines at a time and then see if any of them exhibited problems before
moving on to the next 10.

There were also some machines that had more recent "integrated builds"
and I had to apply different updates to them. With the batch files, I
could just comment out the lines I didn't need.

I still plan to get GPO and SUS working, but basically I got this up and
running quicker than I could have read the white paper on SUS, and
there's currently complications with web servers being moved to DMZs and
SUS needs a web server - an added complication...
Click to expand...
 
Back
Top