Checking on patch levels with multiple clients. ninite pro?
-
@Mike-Davis
Here are couple choices I found Solarwinds Patch Manager and Cloud Management Suite -
@black3dynamite said in Checking on patch levels with multiple clients. ninite pro?:
@Mike-Davis
Here are couple choices I found Solarwinds Patch Manager and Cloud Management SuiteThey don't just do the patch management, you have to get the bundle, and it's pretty expensive per endpoint. 4x what I was paying for GFI max before Solarwinds bought them.
-
@Mike-Davis said in Checking on patch levels with multiple clients. ninite pro?:
@black3dynamite said in Checking on patch levels with multiple clients. ninite pro?:
Maybe a combination of WSUS and PDQ Inventory would help.
I'm not really considering WSUS because I would have to log in to every server to check on every client. Some of them don't even have a server. I'm looking for a single pane of glass.
Use a hosted WSUS instance and you will be fine, just open some ports to allow it through. I have thousands of VMs, they can talk to any of my hosts in any of my datacenters. Just have to configure the client side to talk to your WSUS server, which isn't that bad.
Remember though that WSUS is a pull system, not a push. You can lead a machine to water, but you can't make them drink. So configure it on the client side to force it as best as you can.
-
@Mike-Davis said in Checking on patch levels with multiple clients. ninite pro?:
I'm looking for a way to tell if a machine has downloaded and applied all available Microsoft Windows Updates? Other applications would be nice as well. Is anyone using Ninite pro? Is there something else I should look at? This would be for about 140 computers.
I use Ninite Pro and WSUS since Ninite cannot tell me status of the Windows updates. WSUS usually has a delay of one or two days to report all computers.
-
@PSX_Defector said in Checking on patch levels with multiple clients. ninite pro?:
n talk to any of my hosts in any of my datacenters. Just have to configure the client side to talk to your WSUS server, which isn'
My Win 10 1703 clients won't talk to my WSUS servers anymore - there appears to be a problem, but looking this morning, no solution yet.
-
@Dashrender said in Checking on patch levels with multiple clients. ninite pro?:
@PSX_Defector said in Checking on patch levels with multiple clients. ninite pro?:
n talk to any of my hosts in any of my datacenters. Just have to configure the client side to talk to your WSUS server, which isn'
My Win 10 1703 clients won't talk to my WSUS servers anymore - there appears to be a problem, but looking this morning, no solution yet.
Run get-windowsupdatelog, if it's not talking, it's gonna tell you why.
Most of the time when I look, I find that the machine has been flagged for not using WSUS and it's going to Microsoft, which in turn is blocked because we don't provide RNAT by default. Make sure your path is set correctly in HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate and that UseWUServer is set to 1 in AU.
-
@PSX_Defector said in Checking on patch levels with multiple clients. ninite pro?:
@Dashrender said in Checking on patch levels with multiple clients. ninite pro?:
@PSX_Defector said in Checking on patch levels with multiple clients. ninite pro?:
n talk to any of my hosts in any of my datacenters. Just have to configure the client side to talk to your WSUS server, which isn'
My Win 10 1703 clients won't talk to my WSUS servers anymore - there appears to be a problem, but looking this morning, no solution yet.
Run get-windowsupdatelog, if it's not talking, it's gonna tell you why.
Most of the time when I look, I find that the machine has been flagged for not using WSUS and it's going to Microsoft, which in turn is blocked because we don't provide RNAT by default. Make sure your path is set correctly in HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate and that UseWUServer is set to 1 in AU.
Pre upgrade to 1703, WSUS worked fine, post upgrade - no talkie to WSUS. The GP central store has been upgraded to 1703 ADMX files, and 1607 machines are working just fine (say many check in today). All machines in question use the same GPOs, so there is no difference there.
-
@Dashrender said in Checking on patch levels with multiple clients. ninite pro?:
@PSX_Defector said in Checking on patch levels with multiple clients. ninite pro?:
@Dashrender said in Checking on patch levels with multiple clients. ninite pro?:
@PSX_Defector said in Checking on patch levels with multiple clients. ninite pro?:
n talk to any of my hosts in any of my datacenters. Just have to configure the client side to talk to your WSUS server, which isn'
My Win 10 1703 clients won't talk to my WSUS servers anymore - there appears to be a problem, but looking this morning, no solution yet.
Run get-windowsupdatelog, if it's not talking, it's gonna tell you why.
Most of the time when I look, I find that the machine has been flagged for not using WSUS and it's going to Microsoft, which in turn is blocked because we don't provide RNAT by default. Make sure your path is set correctly in HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate and that UseWUServer is set to 1 in AU.
Pre upgrade to 1703, WSUS worked fine, post upgrade - no talkie to WSUS. The GP central store has been upgraded to 1703 ADMX files, and 1607 machines are working just fine (say many check in today). All machines in question use the same GPOs, so there is no difference there.
So what does that powershell return?
-
For those of you running a WSUS server in the cloud, who should I consider? AWS EC2? Azure? How do I estimate the bandwidth etc that's going to be required each month to keep 140 machines up to date?
-
@Mike-Davis said in Checking on patch levels with multiple clients. ninite pro?:
For those of you running a WSUS server in the cloud, who should I consider? AWS EC2? Azure? How do I estimate the bandwidth etc that's going to be required each month to keep 140 machines up to date?
If your WSUS server is in the cloud, then you will tell the workstations to download direct from Microsoft. The Cloud instance will have next to no traffic other than checkins.
You setup your clients to talk to your cloud WSUS instance. to know what to update, but tell them to download direct. Why download things twice? Once to WSUS, then once to client.
Your WSUS instance will not download anything except the listings for approval.