Automated task to deploy Microsoft Security Updates

ciscocharlie
ciscocharlie used Ask the Experts™
on
Hi all,

Can anyone help me with this issue i have.

I have just recently done a penetration test using Nessus on my network and it reported that a lot of my clients in my environments are missing MS updates.
Can anyone tell me if their is a automated task, script or AD that can do this for and is their any instructions on how to do this????

Many thanks

CiscoCharlie
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Active Directory/Exchange Engineer
Top Expert 2015
Commented:
You can install WSUS in your environment and configure a gpo to push updates to all of your clients.  
ref link:
https://technet.microsoft.com/en-us/library/hh852340.aspx
DonNetwork Administrator

Commented:
Absolutely WSUS as mentioned, however WSUS does no pushing of updates whatsoever. Clients query WSUS for updates they need(and are approved).
Top Expert 2015

Commented:
add a vote for WSUS!
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Author

Commented:
Hi,

Thanks for getting back to me.

Apart from using WSUS, is their away i can deploy the security updates using either AD etc because we have not got WSUS in our environment?

Thanks inadvance
DonNetwork Administrator
Commented:
If you have a server you can enable/install wsus....it's free

Author

Commented:
Hi,

I have just done a search on our network and found that we do have a WSUS 6.3.9600.16384 but i have 2 questions;
is their an article which will show me how to deploy the updates to one client within my environment

and

It seems that i have got a hard drive which has got minimal space, can i delete was on the hdd and download what updates is needed only????

Thanks inadvance
Hector2016Systems Administrator and Solutions Architect
Commented:
is their an article which will show me how to deploy the updates to one client within my environment

1. Create a new Computer Group on WSUS.
2. Aprove the desired updates for this Computer Group.
3. Move the computer object to that group.
4. On the client computer request for updates.

The client computers will show only the needed updates. Any other update approved will not be applied.

can i delete was on the hdd and download what updates is needed only????

Run the WSUS Server Cleanup Wizard from Options. Check "Unneeded update files", "Expired updates", "Superseeded updates", and "Unused updates and update revisions".

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial