An extremely important part of the overall security of your environment is patching. There are countless times when attackers take advantage of outdated systems that are missing critical security patches to infiltrate or compromise the security of your network.
When employees are working remotely or from home, most of the traditional solutions to apply updates to your Windows clients no longer applies. Most likely employees are not working on-premises and may not be able to get updates through the normal means such as Windows Server Update Services (WSUS).
How can you effectively install Windows updates remotely from the cloud? How can you track what updates are missing, which remote endpoints they are missing on, and have the ability to approve updates to be applied on a schedule that is least disruptive for your remote workers? Let’s take a look at a solution from Action1 that allows effectively managing and installing Windows updates across your organization for remote workers.
What is Action1?
Organizations today are tasked with carrying on business while addressing the needs of their employees. This often calls for supporting remote work environments. As we have seen recently, this is a trend that will only continue to evolve. While working from home can provide a great deal of flexibility and options for employees, this can present challenges for organizations who are still using traditional means of managing, monitoring, securing, and controlling their endpoints in the environment.
Action1 is a fully cloud-based management platform that allows you to effectively manage, monitor, and troubleshoot your Windows Servers and clients no matter where these are located. As organizations continue to revisit how their employees do work and shift many to remote work from home or other locations, this means changes in the way endpoints are managed.
Action1 solves many of these challenges by providing a solution that is located in the cloud and a platform that no longer relies on traditional infrastructure to manage your environment.
What are some of the features and functionality provided by Action1? These include the following:
- IT asset management including software and hardware inventory
- Software deployment allowing installing or uninstalling software from remote endpoints
- Endpoint management – This includes the tools and utilities needed to restart remote computers, run PowerShell scripts, run applications with command line, manage local users and groups, manage USB devices and removable media, discover Windows network shares, meet regulatory compliance demands, configure operating system settings and policies, monitor network activity and configuration, remote task management, manage disks partitions and volumes
- Patch management – With the patch management features, you can install Windows updates remotely, detect missing Windows updates, search installed Windows updates, and install application patches remotely
Let’s zero in on how Action1 provides effective patch management that allows you to install Windows updates remotely from the cloud.
Action1 Patch Management
This is an especially powerful feature provided by Action1 that allows your organization to maintain effective patching across the environment, regardless of where your remote workers are located. As alluded to earlier, with traditional on-premises solutions, without connectivity to the corporate network, end user Windows client patches cannot be managed effectively.
This is where Action1’s cloud-based patch management allows you to evolve beyond the traditional tools and technologies that have been used in enterprise environments for the past few decades.
Action1 allows you to easily continue managing and patching your end user Windows clients with the latest Windows Updates. It provides several advantages to your patch management:
- Cloud-based – Location of the end user Windows client does not matter
- Maintain security and compliance – Even if your workforce is working remotely, you can maintain your security and compliance standards in regards to patching your environment. Enforcing software updates is a major component of most compliance regulations such as ITIL, NIST, CIS, and PCI DSS.
- Apply patches automatically – With the cloud-based solution provided by Action1, you can see in real-time which patches are missing from your endpoints. You can apply missing patching immediately, or schedule patch installation according to a schedule
Install Windows Updates Remotely from the Cloud
Let’s take a look and see how the Action1 patch management solution works to manage and install Windows updates remotely from the cloud in your environment.
To get started, you can onboard your end user client workstations by either manually installing the Action1 agent, or automatic installation by “discovering” the end user clients while they are on the corporate network using what Action1 refers to as a collector. The collector is installed on a machine in the network and can discover your Windows Servers and clients and push out agents.
Once your machines are onboarded into the Action1 solution, the nodes are scanned and any missing updates are noted. These updates can then be approved, declined, or installed.
Below, a screenshot of the Patch management screen from Action1 shows the updates that are noted in the environment as well as the number of outdated endpoints for each patch that have been found. Note too that you can search, filter by status, or even severity of the update in question.
This allows you to have a single pane-of-glass look at your environment. As a side note here, Action1, will show third-party updates that are missing from Windows as well. This will be gathered from the software inventory that exists on each discovered endpoint.
For instance, Action1 will show Google Chrome versions and other popular third-party software installations and patches needed in the patch management area of the product.
You can see the tools that are available for patch management and the more specific Windows Updates in the Action1 navigation blade that expands in the interface from the left.
When it comes to Windows Updates, reporting is an extremely important tool that allows you to aggregate your Windows update information in one place. This allows you to see both patches that are installed as well as missing updates that are needed on your endpoint.
The filtering and searching capabilities are a great way to zero in on specific endpoints that you want to patch or otherwise update. As shown here, I have typed in the first few characters of an endpoint and it quickly displays the updates in the Missing Updates report that this specific Windows client needs.
Action1 displays a great deal of information regarding the update itself:
- Endpoint name
- KB number
- Release Date
- Support URL
- Optional status
For those that want a more “hands-off” approach to managing patches, Action1 provides the ability to enable automatic patch management to install windows updates from the cloud. When this setting is enabled, the endpoints will install updates automatically for all approved updates during the specified maintenance interval that is configured in the interface.
You can choose the criticality of the updates that are installed automatically. You can choose to automatically install only those updates that are deemed to be “critical” or “all” missing updates.
Another feature of this configuration that I like is the ability to “disable automatic updates in Windows settings to ensure only approved updates are deployed by Action1”. This way you ensure that all update operations are managed and orchestrated through Action1.
As always, you can choose to simply perform an ad-hoc installation of Windows updates any time you want on any endpoint. This will allow the flexibility to work with various situations and circumstances when managing patches across your environment.
Wrapping Up and Impressions
I really like the Action1 solution. It provides IT admins with powerful tools to manage the environment wherever the various server or client resources exist, both on-premises or elsewhere. The cloud architecture of Action1 means that you can always get to your management tools and Action1 can get to servers and workstations.
When it comes to a solution that is engineered for today’s demanding non-standardized approach to allowing employees to work from home, Action1 provides a great way to manage your environment easily without the limitations of traditional on-premises management platforms.
Detailing in on the patching capabilities and its ability to apply Windows updates, it easily allows managing this operation in your environment, even with employees working from home networks or elsewhere. The visibility and reporting of Windows Updates and patches provided easily allows seeing which endpoints need critical patches and allows marking patches as approved or declining them as needed.
You can also schedule the installation of patches during specific maintenance windows and even do this automatically without any administrator interaction.
Be sure to check out Action1 to install Windows updates remotely from the cloud. Sign up here.