3

I'm looking for a solution to updates - I really need all my flash and Java updates to be installed automatically as soon as they are available.

Microsoft Updates pro - updates all versions and office products con - some big updates require administrative permissions, then I have to go around to all the computers and put in credentials myself con - only does Microsoft updates

Security Center Configuration Manager / Security Center Essentials Pro - it will do all 3rd party updates that have an msi file Pro - it will do all Microsoft updates con - cost, server license, and time to setup

there has to be something in between the 2 I per-fer not to devote a server to just updating, but will if necessary

Anyone have any ideas?

Phygg
  • 55
  • 1
  • 5

3 Answers3

2

I do a lot of automation of just this kind of thing with my Customers.

If you've got an Active Directory domain I'd recommend using Group Policy to execute startup scripts to update EXE-based products, and Software Installation Policy to update MSI-based products. It takes a bit of work, but you're trading your time for the cost of a licensed "application management application". Group Policy Software Installation Policy and Startup Scripts run under the computer's SYSTEM context, so credentails to perform the updates isn't a concern.

If you don't want to roll your own, you can get something like a KACE appliance. In that situation, you're basically just paying a subscription fee for someone else to work out how to automatically deploy the updates.

Edit:

Basically, you're either paying somebody else to manage updates for you (either via "smart" software or via a "mechanical turk" metaphor), or you're doing the legwork yourself and spending your time / salary on it.

What you're looking for is a tradeoff of your time and energy for money. Be aware that you'll have to develop a lot of specialized knowledge to "get good" at doing this. You can get documentation from Microsoft re: software installation policy and group policy. Bear in mind that you'll need a decent understanding of how the Windows Installer works if you want to be able to handle sticky corner-cases effectively.

In terms of startup scripts and changes when new updates come out, that all depends on the manufacturer's setup program. Ultimately, what you're doing with startup scripts to manage updates / installations is running the manufacturer's setup program in an unattended manner (with whatever dodgy hacks you have to do to make that work). If they make major changes to their setup then you may have to make major changes to your scripting infrastructure. (The same scripts that install Office 2007 work for me to install Office 2010, for example. That was one where we just got lucky...)

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331
  • Sounds like it would take quite a bit to setup, can you point me to any documentation? I think, because I already have the infrastructure setup - this may be worth a try. Do I need to edit the startup scripts when new updates come out? How do I do it??? – Phygg Jul 20 '10 at 21:30
  • @Phygg: I've dropped on an edit. – Evan Anderson Jul 20 '10 at 21:48
1

Someone here mentioned a KACE appliance. I see them advertised on AppDeploy, and they look great. A co-worker, who worked for a large IT support staff for a public school system in one of America's biggest cities, relied on it and loved it. However, this is a small environment. That means money is probably tight. Active Directory, if properly organized, and kept under control with Group Policy is a great choice. If you do, make sure you install Group Policy Preferences if the client computers are XP or Vista (it is default on Windows 7). It makes a lot easier, including some fun with scheduled tasks (which are great for installing non-MSI installers, and you can never avoid them how much you try).

Now, AD and Group Policy ain't cheap if you are a tiny shop. If you need something free and interesting, I heard about WPKG, an open source alternative to Group Policy that tries to do the same with their own client app and some scripts on a file share. So, if you cannot afford or re-purpose a server with Windows 2003 or 2008 Server to get some domain controllers, or have the know-how, which both cost money, this might help you out. This project was debuted on FLOSS Weekly, which is a big deal podcast that highlights the best and most interesting open source projects. It is also used by the developer for a large deployment in public schools somewhere. So, I do not recommend this because it some joke project. People use it.

Also, check out the Unattended Source Project. If you do not like that platform, which is similar, there is some useful documentation I use regularly to deal with software deployments I do and you will need to acquaint yourself with.

songei2f
  • 1,934
  • 1
  • 20
  • 30
  • Alharaka, Thanks for the great advise with WPKG, I've never heard of it but if I had a Linux Environment I'd be looking into it now. Pros I have the infrastructure in place, so no extra cost I have a Windows 2003 Functional Level domain, so I can definitely go with group policy - Minimal time spent for configuration/setup Cons Updates is that you have to install the original program in order to push the updates with GP. Thanks Phygg – Phygg Jul 22 '10 at 14:18
0

I have not tested myself (we are starting beta), but Microsoft has launched a service to do this through the cloud.

Check out Windows InTune.

Its $11/mo per PC (I beleive that's still the price) and you get a Windows license with that. Its cloud-based desktop management, and depending on the size/complexity of our environment, seems like you'd be a great use case for it.

Taylor
  • 394
  • 1
  • 3