Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Best Patch Management Software 1

Status
Not open for further replies.

Dyadmin

IS-IT--Management
Oct 31, 2002
217
CA
What's the best patch management software out there, I'm curious to see opinions.
 
Patch management for what? For OS, SUS. It's free and it works. There's an "improved" version on the way that will handle Office as well.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.
 
For one that you have to pay for I would highly suggest Patchlink.
 
Hehe yeah sorry I should have been clearer. I meant the patching of the MS OS and its products due to to their

I've tried SUS but it simply is terrible to configure and works so-so as I have found it. Sometimes I'm not so sure it works at deploying the patches. So I have been looking at the following:
SUS - tried that, it works so so
HFNetchkPro - tired it, works fine but expensive
Updatelink- tried it and its confusing
Sitekeeper - tried it, and its even more confusing.

Ah well I'll look at Patchlink. I'm just looking for easy discovery, efinds the patches it needs, downloads them and patches the machine. Hopefully patchlink is good. I'll try.
 
Personally I love Patchlink like I said above. It runs an agent on the desktop. Once the agent is installed (which can be pushed out automatically or manually run) it automatically detects the the Patchlink server. On the server you can setup groups of machines to delegate control over, setup baselines, etc. It supports all windows OS's, redhat, solaris, and will also do patches for office, citrix ICA clients, adobe, etc.

Patchlink can also help you create a custom package if you need to deploy it in your environment. But don't treat it like software deployment like SMS (even though it can begin to do it), it is patch management.

I don't remember costs though... sorry.
 
Interesting. I've been running SUS for about six months now and it's performed flawlessly. It keeps about 90 systems updated locally, and another 30 across a WAN. Setup was straightforward if you read and follow the whitepaper from MS.

And, like I said, it's free. The version coming out soon will let you keep Office patched as well as other MS apps.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.
 
Another vote for SUS.

I use SUS for 106 machines w/o any issues. It's a bit hairy to set up if it's your first attempt(like it was for me) but definitely runs flawlessly and it's best selling poin is that it's free! I have noticed that it occasionally misses some patches but those are usually due to my own error.

just my .02

Good luck
 
Hrmm.. maybe its something I should reinvestigate. I used group policy to distribute sus but it wouldn't send out the patches (it did at first but then it stopped), the server itself was still downloading the patches reliably, but the deploy was the hairy part, I mean it worked but then it stopped.

Anyone mind pointing out the whitepaper you all referenced?
 
Didn't know of that place... thank you very much! Star for you!
 
Hi all,

Has anyone tested the new WUS server and clients in a non-active directory environment???

We have over 800 machines and are wondering if it is reliable enough to handle over 50 offsite locations.

Thanks all.

Brett.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Intel 3.2Ghz Prescott 800FSB (OC 3.8Ghz)
Fujitsu MAS3 SCSI 15000rpm HDD 73GB
4Gig Ram
DL-DVD Burner
2 x 21in LCD DELL
All Black.., oh, good old FDD to.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Honestly I did not like the SUS server and opted to go for a paid patch management option. We used SUS for about 3 months and never liked the features mainly because it doesn’t have many unless you hack the crap out of it. There was no reporting feature to it and it was not near as easy to back off patches incase of mishap nor was it really that easy to setup PC's to do a certain update and have others ignore it. For instance there may be a patch that you want certain PC's to get but do not want others to get you could not selectively tell what PC's you want to have the patch very easily and it was all or none. I think that WUS is supposed to have a lot of the features that we were initially looking for but unfortunately we could not wait due to regulations that we have to follow so after evaluating several patch management software we thought that Symantec's iPatch had a very good product that had the features already that we needed and wanted.

I suppose the SUS may due some of the things we wanted it to but over looked it but we just found the SUS to be very clunky and not very user friendly for a corporation such as ours. We are required to test ever patch to the fullest extent and document every patch and what they do and SUS was just not for us.
 
Yes, we tried the SUS, and well it does stand up to its anogram.

Have you tried WUS yet?



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Intel 3.2Ghz Prescott 800FSB (OC 3.8Ghz)
Fujitsu MAS3 SCSI 15000rpm HDD 73GB
4Gig Ram
DL-DVD Burner
2 x 21in LCD DELL
All Black.., oh, good old FDD to.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
To my knowledge the WUS has not been released yet. They were going to release it last year but put it on hold until mid year this year. I may be wrong but that was the last thing I heard about WUS and never even looked at it again since we purchased the iPatch.
 
I downloaded the test version before the release a little later this year.

I was wondering if anyone else had also done this. An hed tested it for them

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Intel 3.2Ghz Prescott 800FSB (OC 3.8Ghz)
Fujitsu MAS3 SCSI 15000rpm HDD 73GB
4Gig Ram
DL-DVD Burner
2 x 21in LCD DELL
All Black.., oh, good old FDD to.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Yeah I just checked and it has been released in beta. I don't do much beta testing and would wait until its released gold before I messed with it much. It should be a lot better product than the SUS server and maybe a few people have already looked at the beta version.
 
I've installed the public beta of WUS for a number of clients and it is working great. One glitch I have found is that to have it serve servers, you need to manually update the file wuaueng.dll.

To answer the question posted above about using WUS ina non-ad environment, you can not do it. WUS requires AD, though it does not need to be installed on a DC. Only other gotcha on it is make sure when you install it to select to install into a NEW website, otherwise you will hose up your existing web sites.

Once installed, it performs great and is FREE. Like SUS is will continue to be free as well. WUS will nt only patch your OS but also other MS products like Office.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark
 
Thanks,

I just read through the 90 page white paper and found that with some registry changes you can get it to work in a non-ad environment.

I'll give it a try and we'll see.

thanks all.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Intel 3.2Ghz Prescott 800FSB (OC 3.8Ghz)
Fujitsu MAS3 SCSI 15000rpm HDD 73GB
4Gig Ram
DL-DVD Burner
2 x 21in LCD DELL
All Black.., oh, good old FDD to.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top