Deploy Windows Updates with PDQ Deploy

0

If you are like me, keeping your hosts updated can be one of the most cumbersome and tedious tasks that you have to carry out in your environment. However, as has recently been shown with numerous security scares already to start out 2020, patching your systems is one of the most important tasks that you need to make sure you do often.

Many of the breaches that occur capitalize on known security vulnerabilities that are in the wild and already patched. If you don’t have the required patches installed, this can lead to a very dangerous security vulnerabilities in your environment.

Also, using WSUS server feels antiquated and can be very finicky. How can you automate Windows patching without WSUS Server and do this effectively? In case you have not heard about or seen PDQ Inventory or PDQ Deploy in action, let’s take a closer look at these two very effective and easy tools and see how to deploy Windows Updates with PDQ Deploy.

PDQ Inventory and Deploy Overview

PDQ Inventory and Deploy are two very powerful utilities developed by PDQ.com. They are both pay for utilities, but do have a free version of the programs with a few limitations.

In the below, walk through, I will be using the Enterprise version of PDQ Inventory and Deploy to do the following:

  1. Discover Windows servers in need of updates
  2. Download the cumulative rollup patch
  3. Apply the patches to a collection of servers identified by PDQ Inventory using PDQ Deploy

In case you are wondering, both programs work in tandem with each other. Think of the PDQ Inventory tool as a discovery tool of sorts that allows combing through your environment and cataloging many different things about your resources. It can discover various forms of software that are installed, including third-party applications, machine details including hardware resources, as well as things like “needs a reboot”. This gives you tremendous visibility into the software and application landscape as it exists in your environment.

PDQ Deploy on the other hand is the vehicle to actually deploy software in your environment. PDQ Deploy works with PDQ Inventory in that it uses the collections created in Inventory as the groupings it can use to actually deploy software.

One of the things I really like is that PDQ Inventory includes out-of-the-box many of the very useful collections that you would have to otherwise build from scratch. It already has these built for you. Collections like we are talking about for the context of this post, “which machines do not have the latest cumulative update”?

Deploy Windows Updates with PDQ Deploy

Let’s look at how we would deploy Windows Updates with PDQ Deploy. The first thing we need to do is go to PDQ Inventory and see which servers need the latest cumulative update. There is already collections built for this purpose by default in PDQ Inventory. If you go do to the Collection Library > Applications > Windows Updates > pick your OS and then select the collection that has (old) on the end. This tells you the servers contained in the collection do not have the latest patches.

Discovering-servers-that-need-the-latest-cumulative-updates Deploy Windows Updates with PDQ Deploy
Discovering servers that need the latest cumulative updates

Open up PDQ Deploy and select the Package Library. Then scroll down under the library to the section containing the OS you want to download updates for and find the update that correlates to your operating system. Click the Download selected button, then hit the Deploy Once button.

Selecting-and-downloading-the-needed-Windows-Update-package Deploy Windows Updates with PDQ Deploy
Selecting and downloading the needed Windows Update package

Choose your targets for the deployment. Here, we will choose the PDQ Inventory collection that we identified above using the (old) designation for Windows updates.

Choosing-the-target-of-the-deploy-operation-in-PDQ-Deploy Deploy Windows Updates with PDQ Deploy
Choosing the target of the deploy operation in PDQ Deploy

Select the collection.

Selecting-the-PDQ-Inventory-collection-containing-the-servers-that-need-the-update Deploy Windows Updates with PDQ Deploy
Selecting the PDQ Inventory collection containing the servers that need the update

Click the Choose Packages link.

Choose-the-packages-you-want-to-install Deploy Windows Updates with PDQ Deploy
Choose the packages you want to install

Use the arrow to select the package you want to deploy. In this case the Win 10 (1809) and 2019 – Cumulative Update package.

Add-the-deploy-packages-you-want-to-install Deploy Windows Updates with PDQ Deploy
Add the deploy packages you want to install

Package has been selected.

Package-has-been-selected-to-deploy Deploy Windows Updates with PDQ Deploy
Package has been selected to deploy

Now, we are ready to Deploy Now.

Choose-the-deploy-now-button-to-begin-deploying Deploy Windows Updates with PDQ Deploy
Choose the deploy now button to begin deploying

The deployment kicks off. You now can monitor the progress of the deployment process.

Package-deployment-begins-and-monitoring-progress-in-PDQ-Deploy Deploy Windows Updates with PDQ Deploy
Package deployment begins and monitoring progress in PDQ Deploy

Wrapping Up

As you can see, the process to deploy Windows Updates with PDQ Deploy is super easy and requires only a few clicks. PDQ Inventory allows finding all machines that need the updates, and then you use PDQ Deploy to deploy the updates that are needed.

This allows you to really take charge of your environment and Windows servers/workstations to keep them updated and also push out emergency patches like the “curveball” patch seen recently.

Vembu BDR Suite