Using the Goverlan Remote Administration Suite with or without WSUS, you can globally manage your Automatic Update Services on your workstations.
A Discussion about Windows Updates
I remember a time when Windows Updates was something you did to fix a well known bug or plug an occasional security hole in your Windows NT, Windows 95 or Windows 98 installation. Let’s fast forward to today to what is now known as Patch Tuesday, the day Microsoft decides to unleash a wave of updates for its OS and Applications. It’s on every System & Desktop Administrator’s calendar all over the world. In fact, with Windows 7, I do not remember a time when I didn’t have updates pending installation.
Enter the Patch Management Solution…
There are hundreds of Patch Management solutions out there including the venerable Windows Server Update Service or WSUS. However, when it comes to third party management software, they can be cumbersome and add complexity to your update management tasks. In this article, we will take a look at how the Goverlan Remote Administration Suite compliments WSUS and can help you manage your patches in a small or large enviornment and add some functionality to your deployments. Also, while I discuss the use of WSUS with Goverlan, it is important to note that WSUS is not mandatory for Goverlan to manage your Windows updates from the client side.
Patch Management Challenges
Now lets talk about some of the issues you can face with patch management as a whole. Like all client-server based computing, there are three sides to every story. The server side, the client side, and somewhere in the middle lies the truth.
Challenge 1: How do we easily get a picture of the current patch level of your workstations?
First things first. Make sure you have a working WSUS environment and give your workstation time to report in after the setup is done. Once you have WSUS working the way you want it to, take a look at the reports.
Here we can clearly see what systems need a particular update and approve it for deployment.
You can then verify this on your test computer by running the Windows Update tool within Goverlan. You get an easy-to-view snapshot of what is pending for that computer, plus some extras, like if a reboot might be required!
Challenge 2: What do we do about the systems that were discovered and are not at the desired patch level?
After you approve the patches you want on your workstations, you can then create a Goverlan Scope Action that will tell all the workstations to install the desired patches.
With the Scope Action, you can tell Goverlan to install either software or driver updates or both, then schedule the updates to occur at a specified time. Now, you may ask yourself, “Why do I need Goverlan to do that? I can do that with the standard Windows Automatic Update client.” The difference here is that when you bring Windows Update into a Scope Action, you can add much more functionality. These include things like checking for the existence of a file or registry key before the update(s) are processed or executing a script or program before or after the update is installed. I can go on and on with this!!! The point is, Goverlan provides you with ease and flexibility to your Windows Update process.
Out of the box thinking… What if you could make a custom AD attribute, use a Scope Action to time-stamp the workstations account, then report or take action with another Scope Action based on that time? Think about the possibilities.
Challenge 3: How do we maintain our patch level once we are compliant?
We can easily use the native WSUS reports in conjuction with Goverlan Scope Action reports to see the whole picture. Take a look at the server side, then the client side to gain full visibility. You approve updates with WSUS and use scheduled Goverlan Scope Actions to deploy the updates and add functionality to the whole process, then use both reports to measure your success rate or identify issues. Remember, three sides to every story…
At the end of the day we need to manage these updates. The truth is there are vulnerabilities and security holes found everyday in software. Staying vigilant with patching is a necessary evil. If we have to do it, let’s do it intelligently and with Goverlan you can add more functionality and look like the System Admin superstar that you are.