patch management

We have a small windows 2012 domain with windows clients.  Is there a free way to handle patch management using a tool that pushes out updates from the server to the clients?
Who is Participating?
Hector2016Connect With a Mentor Systems Administrator and Solutions ArchitectCommented:
You can use WSUSOffline.

You need to install the tool on a PC with internet access, then run the Updater selecting the products you want to update. Then the tool will download all related updates and service packs. When finished, you will be able to share the CLIENT folder on the LAN, so the computers on your network must have access to that folder for read and execute. Later you can connect remotely to each computer and run the UpdateInstaller.exe launcher application, or create a start-up script that calls UpdateInstaller.exe and apply it to all computers in the domain.
Dustin SaundersConnect With a Mentor Director of OperationsCommented:
You can use WSUS for your update management.

Link on how to deploy:
Cliff GaliherCommented:
Nothing free that pushes. WSUS is free and good for Microsoft products, but relies om client queru/pull.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

al4629740Author Commented:
So if I use WSUS, then I would have to manually execute it from the server in the client machine?
Nilesh KambleConnect With a Mentor Sr.System EngineerCommented:
WSUS is a free version from Microsoft to install patches on any client computers whether it is server operating system or client operating system create a group policy configure some of the settings you can get it on technet and enjoy patching.
Cliff GaliherConnect With a Mentor Commented:
Nom you approve updates in a server console, and the next time a client checks in then it will pull down the update. The client can be configured yo automatically check in on a schedule, but it is still a pull technology.

Contrast that with a product like SCCM, which can wake machines with WoL, and can forcibly tell its agent to install an update immediately. That fits the traditional "push" definition.

For businesses that need push (high security environments with rapid response), push is a legit requirement. Even a scheduled pull can be too great a delay. This is sn instance where terminology matters, and push was listed as an initial requirement.
Hector2016Systems Administrator and Solutions ArchitectCommented:
You can also do a  similar task by using a VBS script that forces the installation of pending updates on Windows computers connected to a WSUS server or using the Windows Update site. But if you don't have a WSUS working right now, it is better to use WSUSOffline, because you will not need to deal with updates approvals.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.