Looking for a patching platform

On April 20, 2012, in Security, by

Windows Intune 3 Preview:

Intune now has Mobile device management (uh I’ve had that since SBS 2003), but it still doesn’t have one of the things that IMHO it really needs – patching of servers and support of third party patching.  That’s right we’re in v3 of this and still no support of servers. 

So I’m on my review of patching solutions for small businesses that support third party patching and vendors have started pricing with a minimum amount..

Vmware Go pro is a minumum purchase of 50 devices at $1 per device per month.  So $600.

Secunia is 1-100 seats is $2,700 http://secunia.com/vulnerability_scanning/corporate/request_quote/ 

Intune doesn’t patch third party.

Anyone else got ideas?



7 Responses to Looking for a patching platform

  1. T Man says:

    PDQDeploy is unbeatable for the price. Free gets you a lot of features. $249 gets you the entire package, per admin. It isn’t as “enterprisey” as the others, and I’m not sure how well it would scale. But it is lightweight, and easy to pop on a server that isn’t too busy. I’ve been using it to patch Flash, and it works well. It can patch other stuff, but I’m not ready to do that yet. For a small business with a limited budget, and certainly no budget for patching solutions, it’s a much easier sell.

  2. James Roes says:

    I have been using GFI LanGuard for many years now. It handles the Microsoft patches, service packs and a growing number of third-party patches. Right out of the box, it does a good job but it can also be customized for specific programs.

  3. Phil Wisch says:

    Ninite Pro. Cheap and patches a ton of 3rd party apps. Very scriptable with the ability to set up its own local content repository similar to wsus. Integrated into several RMM tools already.


    command line reference


  4. Dave Nickason says:

    This looked interesting, although I don’t have any idea about licensing or pricing. http://www.eminentware.com/patch-management-solutions.html?CMP=BIZ-BLOG-NTSHLTR-PATCH_BLOG-PM-PPI-BETANEWS

  5. Indy says:

    Double the recommendation for Ninite Pro.

  6. Bruce Berls says:

    GFI Remote Management includes its patching/updating service (it’s built on GFI LanGuard but doesn’t use the name), along with remote monitoring, unattended access, and a few other things. It’s a lightweight, very cheap version of Kaseya, InTune, et al. GFI just added optional online backup and managed AV.

    GFI has worked out many of the kinks – the patches are more likely to be successfully installed now, especially if the service has permission to reboot when necessary. (I only turn on patching for workstations.) Like all monitoring & support platforms, it takes some getting used to, for both consultants and clients, but the combination of 3rd party patching and unattended access has been brilliant for me.

  7. EricE says:

    Maybe because I support SBS for nonprofits, but all of the above are just way too expensive (I must admit, after demoing them all, Eminentware was by far the nicest – and they are all about the same price ball park).

    If your cheap like me, or willing to spend a little time and make it up on the back side I’ve had real good luck with the Local Update Publisher. Best of all, it’s open source and free:


    So far I’ve just used it to manage the “terrible three” – Flash, Java and Acrobat Reader – but I figure if it can handle not one, but two Adobe products most other publishers will be a piece of cake!