I've been patching our department's computers (~75) manually. I know
there are packages available to automate this, but it didn't seem worth
the time and effort to deploy another application. The last two months
have changed my feelings, here are some of my findings:
(1) Microsoft SUS. This runs on top of IIS, so I rejected it as making
the problem bigger. (yes, I'm an anti-Microsoft bigot)
(2) Shavlik HFNetchk. They have a free download (LT version) that will
patch up to 11 computers. The Pro version seems to cost $1458 for 75
clients. I haven't checked on educational discounts yet. A nice feature
of the LT version is that it will scan unlimited computers for patch status.
(3) GFI Languard Network Security Scanner.
http://www.gfi.com/lannetscan/ I haven't tried this one yet, since they
strongly suggest reading the 127 page manual before installing. Cost is
$495 for 100 IP addresses, but they have a clause about "free for
(4) Hacking up something with utility programs... I found a program
called soon.exe at Microsoft. It lets you schedule a job on a remote
computer. It turned out to be buggy, but I found a similar freeware
utility called atnow.com. I ended up running a batch file like this:
atnow \\belmanda "\\maytag\apps\w2k-kb824146.exe" -u -f -n -q
atnow \\holbrookeli "\\maytag\apps\w2k-kb824146.exe" -u -f -n -q
atnow \\kossekoffice "\\maytag\apps\w2k-kb824146.exe" -u -f -n -q
I'm moderately happy with this. I ended up with a few computers that
didn't take the patch, but I can use HFNetchk to find those pretty easily.
Some questions for the list:
(1) What methods have you come up with for automated patching?
(2) Is there an open source program to do "WakeOnLan"?
(3) Most of the patches need a reboot. Have you worked out an agreement
with faculty about remotely rebooting their computers?