If you are like me, keeping your hosts updated can be one of the most cumbersome and tedious tasks that you have to carry out in your environment. However, as has recently been shown with numerous security scares already to start out 2020, patching your systems is one of the most important tasks that you need to make sure you do often.
Many of the breaches that occur capitalize on known security vulnerabilities that are in the wild and already patched. If you don’t have the required patches installed, this can lead to a very dangerous security vulnerabilities in your environment.
Also, using WSUS server feels antiquated and can be very finicky. How can you automate Windows patching without WSUS Server and do this effectively? In case you have not heard about or seen PDQ Inventory or PDQ Deploy in action, let’s take a closer look at these two very effective and easy tools and see how to deploy Windows Updates with PDQ Deploy.
PDQ Inventory and Deploy Overview
PDQ Inventory and Deploy are two very powerful utilities developed by PDQ.com. They are both pay for utilities, but do have a free version of the programs with a few limitations.
In the below, walk through, I will be using the Enterprise version of PDQ Inventory and Deploy to do the following:
- Discover Windows servers in need of updates
- Download the cumulative rollup patch
- Apply the patches to a collection of servers identified by PDQ Inventory using PDQ Deploy
In case you are wondering, both programs work in tandem with each other. Think of the PDQ Inventory tool as a discovery tool of sorts that allows combing through your environment and cataloging many different things about your resources. It can discover various forms of software that are installed, including third-party applications, machine details including hardware resources, as well as things like “needs a reboot”. This gives you tremendous visibility into the software and application landscape as it exists in your environment.
PDQ Deploy on the other hand is the vehicle to actually deploy software in your environment. PDQ Deploy works with PDQ Inventory in that it uses the collections created in Inventory as the groupings it can use to actually deploy software.
One of the things I really like is that PDQ Inventory includes out-of-the-box many of the very useful collections that you would have to otherwise build from scratch. It already has these built for you. Collections like we are talking about for the context of this post, “which machines do not have the latest cumulative update”?
Deploy Windows Updates with PDQ Deploy
Let’s look at how we would deploy Windows Updates with PDQ Deploy. The first thing we need to do is go to PDQ Inventory and see which servers need the latest cumulative update. There is already collections built for this purpose by default in PDQ Inventory. If you go do to the Collection Library > Applications > Windows Updates > pick your OS and then select the collection that has (old) on the end. This tells you the servers contained in the collection do not have the latest patches.
Open up PDQ Deploy and select the Package Library. Then scroll down under the library to the section containing the OS you want to download updates for and find the update that correlates to your operating system. Click the Download selected button, then hit the Deploy Once button.
Choose your targets for the deployment. Here, we will choose the PDQ Inventory collection that we identified above using the (old) designation for Windows updates.
Select the collection.
Click the Choose Packages link.
Use the arrow to select the package you want to deploy. In this case the Win 10 (1809) and 2019 – Cumulative Update package.
Package has been selected.
Now, we are ready to Deploy Now.
The deployment kicks off. You now can monitor the progress of the deployment process.
As you can see, the process to deploy Windows Updates with PDQ Deploy is super easy and requires only a few clicks. PDQ Inventory allows finding all machines that need the updates, and then you use PDQ Deploy to deploy the updates that are needed.
This allows you to really take charge of your environment and Windows servers/workstations to keep them updated and also push out emergency patches like the “curveball” patch seen recently.