Server Patch Management Automation RRS feed

  • Question

  • Hi,

    I am looking for a robust reliable tool to automate server patching. I have tried a combination of VB and Powershell scripts along with scheduled task however this was not as reliable as I would have liked. I have also been looking into third party application but I have not yet found one that is robust and reliable.The end result is that i would like a way to do the following.

    1.Work without the need for a SUS server if possible and also handle third party patches

    2. perform a pre-scan that shows what patches are needed and allow me to approve those patches/ it would be nice to approve patches for specific groups of servers (critical-noncritical)

    3. set groups of servers to patch on a specific day of the month at a set time and be confident that the process will kick off.

    I would also like to be able to view status as machines are being patches.

    4. The final thing I would like is to receive a report after the patches have been installed indicating success or failure of what has been installed.

    I have found scripts that are able to do this in conjunction with WSUS however they have not been as reliable as I would like. My environment is over 90% virtualized and we have a combination of 2008 and 2012 servers.

    Please let me know if there are any third party products anyone can recommend.



    Monday, March 31, 2014 7:59 PM

All replies

  • Best one I have used instead of WSUS is Shavlik. You can do quiet a lot with this software also this company test all the patches before it sends down to you.



    Monday, March 31, 2014 8:38 PM
  • 1.Work without the need for a SUS server if possible and also handle third party patches

    Can you explain what you mean by the first part of this requirement?

    e.g. you don't want (W)SUS because......?

    Is it because you don't want to download and host the updatefiles/binaries centrally? (i.e. you want to pull them directly from the web source to the updateclient machine?

    For the second part of this requirement (handle third party patches), do you mean anything and everything, or typical stuff such as is offered via SCUP catalogs, or shavlik/SPM/secunia/etc?

    I assume you are seeking no-cost or low-cost options?

    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    • Edited by DonPick Monday, March 31, 2014 8:39 PM
    Monday, March 31, 2014 8:38 PM
  • You hit the nail on the head. i don't want to manage and DL the SUS patches separately from third party application patches. i would like a single process that does server patch management well. I agree you and Muhammad that Shavlik would be a good choice however that idea was not approved.
    Monday, March 31, 2014 8:49 PM
  • Muhammad,

    I agree that Shavlik would be the best tool and we currently use it for our desktops however my boss want to steer away from it since we may not renew our maintenance contract with them.

    Monday, March 31, 2014 8:53 PM