TheaterFire

Recommendations Open-source / free patch-management tool?

Posted by Low_codedimsion@reddit | sysadmin | View on Reddit | 40 comments

Hi, I'm looking for a usable patch management tool that is either open-source or free. Any recommendations?

Reply to Post

40 Comments

leonsk297@reddit

OpenUEM: https://openuem.eu/
View on Reddit #75899719

Comfortable_Sorbet53@reddit

OpenUEM - Looks interesting. Do you know if there is plans for patch management? Cause i cant seem to find it anywhere right now. I can however see that it can install and manage software.
View on Reddit #85394659

leonsk297@reddit

[https://openuem.eu/docs/Introduction/features](https://openuem.eu/docs/Introduction/features) * Know if your Windows systems have all the **windows updates** applied and browse the updates history * Know if your Linux systems have **pending security updates**
View on Reddit #85419437

Comfortable_Sorbet53@reddit

You dont know if they have plans for being able to initiate update installation?
View on Reddit #85419632

leonsk297@reddit

I suppose you can always run a script on target machines where you want to initiate installation.
View on Reddit #85455144

dustojnikhummer@reddit

At 400 you are large enough to afford something. As others said, my (departments) money would be on Action1.
View on Reddit #75906120

Low_codedimsion@reddit (OP)

Yes, I’m considering Action1, as they offer the first 200 devices for free. If it works well, I’ll look at purchasing licences for the rest.
View on Reddit #75906549

GeneMoody-Action1@reddit

IF I can do anything there, or provide direction, just let me know!
View on Reddit #76426498

dustojnikhummer@reddit

Yeah you can always enroll a group of test PCs (maybe a department or two) and give it a shot.
View on Reddit #75906714

dvr75@reddit

If you have under 200 endpoints then you can use Action1.
View on Reddit #75674045

segagamer@reddit

Is that 200 active endpoints? Or is that 200 overall? We have about 100. But when we replace them with new hardware and sunset the old ones, we'll be over 200 for sure.
View on Reddit #75734294

dustojnikhummer@reddit

All registered endpoints.
View on Reddit #75906017

dvr75@reddit

This is a RMM solution , so remove the obsolete endpoints.
View on Reddit #75739452

Low_codedimsion@reddit (OP)

Unfortunately, we have about 400.
View on Reddit #75674342

GeneMoody-Action1@reddit

Well then its half price! (Actually true on EP count, the 200 stay free, so they come off the top of your EP count, at 400 EP you would be paying for 200 EP and support on 400.) There are free solutions out there, but for free I always ask one to consider the long term. For instance we have people that pay for support on our free model, because free does not always mean what you initially pay, it means cost to support as well. When something is not working in the moment you absolute need it to, production support is simply a requirement for some people. Action1 is about security and peace of mind, if you are not patched, you are practically inviting compromise. But I get everyone has budgets, so while there are completely viable free ways to get things done, the long term questions almost always come down to support-ability, scalability, ease of use, and time saved. Then measured against results. So when doing a project this crucial, I would simply take free off the list of requirements, sure you can use it as a qualifier "As free or low cost as possible", but what you want is the correct tool for the job. I suggest you make plan, what you need, what you have, what you need to accomplish, any regulations you face, and management hurdles to meet your goals. And then choose the tool or tools that meet that need. The cheapest of that list, is the one you cannot afford to be without regardless of price. So often when IT is given the "You can have this as long as it is free" that argument, can score better financial investments in proper tooling. Free does not mean bad, paid does not mean good, effective is the measure, and the cost of the tools that do what you need is the price your org's management needs to reconcile not try and dodge.
View on Reddit #75675819

Darknicks@reddit

Any plans on implementing a better Remote Control tool? No offense but the one you currently have is so slow and lacks many features. I thought it was because it's web based but DW Service is also web based and it works so much better and has all the features IT/MSP usually need.
View on Reddit #75679192

MDL1983@reddit

It has improved recently. One criticism I had of it was that if I connected to a headless device, I just had a black screen. Now, however, I can operate it as normal.
View on Reddit #75686934

dustojnikhummer@reddit

I mean it kinda makes sense. Those tools are catching video output. You can't VNC into a physical system without a monitor either, that's what those headless HDMI/DP dongles are for, to simulate a monitor. It's also why you need to assign a virtual display to a VM.
View on Reddit #75906008

DoogleAss@reddit

Doubtful they have stated many times they focus on Patch Management which is what their platform was built for.. it was never intended to be and likely never will be a RMM solution at least in the form your asking for I came across Action1 while looking into various RMM solutions and I too found the remote feature to be not great and a few other things it just didn’t check the box for.. again it just isn’t meant to be that product. If anything I would say they consider that feature a nice to have not a necessity Having said that in terms of patching it does pretty well.. there will still be things you have to manually update at times but overall it good
View on Reddit #75685004

GeneMoody-Action1@reddit

Thank you, and yes you are correct. We are a [patch management solution](https://www.action1.com), the remote access in it is designed to get an admin on a system to diagnose a patching issue, not be a primary remote access tool like an RMM. We have no intention of being up and coming RMM, we have all intentions of being the best patching solution you can buy. As such we are an RMM component, and if you need full RMM to manage a network, we suggest Action1 as the patch management component, and you can simply disable the internal RA because you will have another more feature rich one at your disposal for the same cause.
View on Reddit #75694078

Daniel0210@reddit

400 Endpoints and targeting a free patch management solution? Not sure if that's a good idea. Anyway, PDQ might be your best option - I'd strongly urge to look into licensed products like ManageEngine tho
View on Reddit #75675787

Low_codedimsion@reddit (OP)

Yes, I’ve considered looking at PDQ, but I don’t want anything from ManageEngine as I’ve had bad experiences with their support.
View on Reddit #75677328

DominusDraco@reddit

PDQ isnt owned by ManageEngine.
View on Reddit #75730139

PDQ_Brockstar@reddit

Here are a couple articles that cover some of the functionality that you can expect with the free tier of PDQ Deploy & Inventory [PDQ Deploy](https://www.pdq.com/blog/what-you-can-do-with-pdq-deploy-free-mode/) [PDQ Inventory](https://www.pdq.com/blog/what-you-can-do-with-pdq-inventory-free-mode/) If you find yourself needing access to some of the more advanced features like automation, then definitely check out the free trial. And if you have remote devices you need to support, check out PDQ Connect. Also happy to answer any questions if you have any. Good luck with your search.
View on Reddit #75684013

arc-xel@reddit

I used these solutions: SCCM - ok WSUS - outdated and free Azure update Manager - use it one year. Ok Patch manager - worstest. Buggy as hell with Indian support. Some of the ticket has been solving more then 3 years. PDQ - seems like ok, but didn't try in prod.
View on Reddit #75687740

kubrador@reddit

pdq deploy has a free tier that's honestly pretty solid for windows stuff if you're linux-heavy, ansible + a cron job is the move, bit of setup but works great manageengine patch manager plus has a free version for up to 25 endpoints if you're small what's your environment look like? that kinda matters here
View on Reddit #75673807

Low_codedimsion@reddit (OP)

We have a few Linux machines, but we’re mostly a Microsoft stack, with around 400 devices.
View on Reddit #75674257

Ironic_Jedi@reddit

Are you using E3 or E5 licenses? Intune is included in those so you could just spin up intune as the device MDM and set windows update from there.
View on Reddit #75676822

Low_codedimsion@reddit (OP)

Yes, but I also need to cover Linux and Mac.
View on Reddit #75677447

Ironic_Jedi@reddit

Intune works for MacOS. Not much for Linux yet though.
View on Reddit #75683752

Frothyleet@reddit

>Are you using E3 or E5 licenses? Intune is included in those In **M**365, yes, **O**365, no.
View on Reddit #75679382

devangchheda@reddit

What Microsoft licensing are we taking here? You can use WUfB or Autopatch if it includes with your licensing
View on Reddit #75675609

Low_codedimsion@reddit (OP)

We have E5, but I would also like to cover the Linux machine (15 pcs) and a few Macs (about 6 pcs).
View on Reddit #75677091

devangchheda@reddit

Autopatch +PDQ/Action1 would be a good combo. If you want all under one system for 400 devices, its gonna be tough as per “open-source”/free
View on Reddit #75677653

whatsforsupa@reddit

LAN or hybrid? What all are you looking to patch? For LAN, if you have a Windows server, you could use WSUS and could probably set GPO's / scripts to patch most major softwares. If you're hybrid and have 365 Premium or better, you could use Intune. I agree with most others though, it's just so much easier to spend a little money and get a basic RMM. Instead of spending hours setting up WSUS and GPOs, in a lot of RMMs, it's like 10 clicks to get an automated schedule going. I'm a very big fan of PDQ Deploy/Inventory on LAN, and have tested Action1 briefly and it worked great. You would technically be getting A1 for half off since you have 400 endpoints and I think they still give 200 for free (which is an insane deal).
View on Reddit #75682510

Kindly_Revert@reddit

Are these employee devices or servers? Ansible works fairly well for servers, otherwise you can use ansible-pull for remote machines. For employee devices I'd be using Intune as its included with m365 subscriptions.
View on Reddit #75676179

Low_codedimsion@reddit (OP)

A few servers but mostly devices.
View on Reddit #75677492

Vel-Crow@reddit

Some people will say they are sketchy, but Tactical RMM is solid. The sketchy comment is that the guy as a side project built an agent with a crypto miner for his personal use and devices, but stored it in the same github repo, and people freaked out thinking he was going to be put a crypto miner in the live agent. I do not beleive this was their goal, and it all could have been avoided using a separate repo. https://one.comodo.com/ might still be "free" - you pay, but are credited back each month, so its effectively free. I used the tooling when it was truly free, worked well, but that was like 6 years ago. Much happier with my paid tool, Ninja RMM.
View on Reddit #75675917

Selgen_Jarus@reddit

Action1 is free for the first 200 endpoints
View on Reddit #75674037

bobs143@reddit

OP has 400 machines to manage.
View on Reddit #75675180