You can find that situation in environments where a branch office or division of a company is moved or acquired. Suddenly, what worked before is not what works for the new parent. In this and almost all other cases, the best approach is to pick one system and consolidate on it as aggressively as possible.
There are two basic categories of patch management tools that I'll tell you about here, which do markedly different things in different ways.
Reporting tools:
- Microsoft's
Requires Free Membership to View
When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by IT professionals today working with desktop management and security technologies.
Cathleen A. Gagne, Senior Editorial Director
- HFNETCHK tool
- The commercial version of the same program, HFNetChkPro
These tools scan local machines or computers on a network, audit whatever's in reach and then produce detailed summaries or digests about what is installed where as well as what might need to be installed or updated. They do the research and make recommendations, but they don't make any actual changes.
Management or deployment tools:
- Microsoft's own Windows Server Update Services
- Gravity Storm Software's Service Pack Manager
- Ecora Patch Manager 5.0
(There are others, but I have covered Service Pack Manager and Patch Manager before in detail)
 |
||||
|
|
|||
|
||||
These programs do the actual work of downloading and applying patches to local or remote machines. In many cases, they are also reporting tools -- they audit computers to see what's installed and what's needed, then download the needed updates and push them out according to an administrator's directives.
If you use multiple auditing or reporting tools, one caveat is that if there are inconsistencies between the depth or breadth of reporting provided by each tool, you should be aware of that ahead of time so you're not thrown off. That way you won't think you're missing something, and you won't feel compelled to try to fix something that isn't even really broken.
If you are using multiple patch management or deployment tools, the problem isn't so much that one tool duplicates or undoes the work of another, but that the administrator (or administrators) becomes confused by the presence of multiple tools to get the same job done. That's a short road to user error -- at best a situation where one person could duplicate or even undo another person's work (or even his own) and, at worst, it develops into a case where real damage can be done.
In the long run, the best thing to do is settle on one method of management to avoid confusion -- not just for yourself, but also for the person who might inherit your job.
Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!
This was first published in May 2006