Solved

patch management

Posted on 2016-09-21
7
45 Views
Last Modified: 2016-09-22
We have a small windows 2012 domain with windows clients.  Is there a free way to handle patch management using a tool that pushes out updates from the server to the clients?
0
Comment
Question by:al4629740
7 Comments
 
LVL 12

Assisted Solution

by:Dustin Saunders
Dustin Saunders earned 83 total points
Comment Utility
You can use WSUS for your update management.

Link on how to deploy:
https://redmondmag.com/articles/2015/06/17/wsus-in-windows-server.aspx
0
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
Nothing free that pushes. WSUS is free and good for Microsoft products, but relies om client queru/pull.
0
 

Author Comment

by:al4629740
Comment Utility
So if I use WSUS, then I would have to manually execute it from the server in the client machine?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 2

Assisted Solution

by:Nilesh Kamble
Nilesh Kamble earned 83 total points
Comment Utility
WSUS is a free version from Microsoft to install patches on any client computers whether it is server operating system or client operating system create a group policy configure some of the settings you can get it on technet and enjoy patching.
https://technet.microsoft.com/en-us/library/hh852344(v=ws.11).aspx
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 83 total points
Comment Utility
Nom you approve updates in a server console, and the next time a client checks in then it will pull down the update. The client can be configured yo automatically check in on a schedule, but it is still a pull technology.

Contrast that with a product like SCCM, which can wake machines with WoL, and can forcibly tell its agent to install an update immediately. That fits the traditional "push" definition.

For businesses that need push (high security environments with rapid response), push is a legit requirement. Even a scheduled pull can be too great a delay. This is sn instance where terminology matters, and push was listed as an initial requirement.
0
 
LVL 7

Accepted Solution

by:
Hector2016 earned 251 total points
Comment Utility
You can use WSUSOffline.

You need to install the tool on a PC with internet access, then run the Updater selecting the products you want to update. Then the tool will download all related updates and service packs. When finished, you will be able to share the CLIENT folder on the LAN, so the computers on your network must have access to that folder for read and execute. Later you can connect remotely to each computer and run the UpdateInstaller.exe launcher application, or create a start-up script that calls UpdateInstaller.exe and apply it to all computers in the domain.
0
 
LVL 7

Expert Comment

by:Hector2016
Comment Utility
You can also do a  similar task by using a VBS script that forces the installation of pending updates on Windows computers connected to a WSUS server or using the Windows Update site. But if you don't have a WSUS working right now, it is better to use WSUSOffline, because you will not need to deal with updates approvals.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now