Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 310
  • Last Modified:

SUS or Something Else?

Used to use AdventNet Security Mgr Plus to deploy patches to workstations, but now am running Windows 7 on my domain, and this product requires remote registry to be active.  Don't want to do that...so I need a new product.

Tried SUS but it's a big waiting game (wait to detect the systems after GP configures them, schedule the updates, hope for the best)

 I prefer downloading the patches automatically, but deploying the patches manually (right-click, deploy, or "deploy all" by a group.)  SUS is...TOO automated.  What should I use instead?
0
NAMEWITHELD12
Asked:
NAMEWITHELD12
  • 2
  • 2
  • 2
3 Solutions
 
FlippCommented:
IMO, after moving from a fairly strict regime of patch management using ManageSoft with a previous company, I have deployed WSUS to all of my Windows Networks, and the options given via WSUS Console and GP is sufficient.

At the end of the day, Users these days know what to expect with Windows, as they have been working with it for years at home - so why change. WSUS gives the right type of control and central management.
0
 
NotVeryFatCommented:
Personally I agree with Flipp. You can control what's deployed through WSUS by approving or declining updates, and can control their frequency and install behaviour via GPO.

There are third-party solutuions available, such as LANDesk, which will manage updates, software installs and a whole lot more.
0
 
NAMEWITHELD12Author Commented:
Maybe I'm doing something wrong, then...I made the GP changes to point a system to my development SUS server, and it took about 3 1/2 hours before it showed up in the SUS console as detected, and another 2 hours before it finished a scan to determine the patch level..is this typical?  I have selected option 4, automatically download and schedule update.
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
NotVeryFatCommented:
I agree there are limitations with WSUS, but I think ulimately it makes sense to use a Microsoft solution to update Microsoft systems. Unfortunately I think it can take a while to show up in the console, though you can speed up the update detection process on a PC by running wuauclt /detectnow, which can be incorporated into a login script.
0
 
NAMEWITHELD12Author Commented:
I'll give the command line a shot.  Going to miss Manage Engine tho :(
0
 
FlippCommented:
A command I have found so useful is the following - this ensures the update runs straight away:

net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow

http://technet.microsoft.com/en-us/library/cc720477(WS.10).aspx
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now