For many administrators, getting third-party help to manage patches and updates is no longer an option; it's a requirement. In a big organization (a thousand seats or more), managing patches for every single machine, whether a desktop or a server, is not something you can do by hand -- not even at the departmental level.

Microsoft has its own product for deploying updates -- Windows Software Update Services -- which is available for free and uses the pre-existing Automatic Updates component on target computers as a remote agent to deploy updates. It also supports a fairly broad variety of Microsoft products, such as Office, Exchange Server and SQL Server. It is, however, far from the only solution available.

Of the many third-party programs in this space, I've written at length before about Gravity Storm Software's Service Pack Manager, now in revision 7.1. This program caught my attention as being one of the very first third-party applications to do patch management in any form. When installed, you can scan your local network, enumerate each machine on it, and compare the computer's manifest against Microsoft's own recommended list of patches and updates for each detected OS. The program uses an agentless architecture, so there's nothing to install on the target machines; it's a very lightweight and direct way to patch a Windows-only environment quickly and effectively -- provided that's all you need.

For more information:
  • Microsoft vs. third-party tools for patching
  • Tools to ease patching pains
  • However, the program's biggest strength is also one of its weaknesses: it's almost exclusively Microsoft-centric. It focuses on finding updates to Windows and many Windows Server systems, such as SQL Server or ISA Server, but it will not track patches for non-Microsoft products. For that, you would need something like Ecora Patch Manager 4.0, a slightly more sophisticated patch management application which encompasses not only Microsoft patches but third-party products as well.

    Ecora has a slightly more flexible design than SPM: it can operate in both agent and agentless modes -- in other words, if you're better served by actually having a patch-management agent present on the machines to be patched, you can do that. It also supports a broader range of platforms (including non-Windows machines) than SPM, lets you roll back patches as long as there's support for rollback with the patches in question, and is slightly cheaper: $25 per node, as opposed to a starting price of $33 per node for SPM. If you want to try them out yourself, there's good news in both cases: each program has a free 30-day trial.

    Editor's note: We will announce the results of our 2005 Product of the Year contest in the Patch Management category next week, January 16th.

    About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!

    This was first published in January 2006

    There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.