On-prem free agents for OS patching?
Posted by Lazengann86@reddit | sysadmin | View on Reddit | 22 comments
What's everyone out there using for this? I know we mostly use paid things like Ninja and ConnectWise but what's out there when it comes to similar things for pushing patches to Windows devices in a small organization? Something that can be locally hosted in a spare machine type of thing?
slugshead@reddit
SCCM - I'm in edu so get it heavily discounted.
Ssakaa@reddit
OP asked for "free" ... and you came up with SCCM? Without knowing anything about OP's environment? Hell, just management of that is enough either extra staff or personal gray hair to not qualify as free even if someone actually did completely cover the cost for you.
Sure, it's actually the best tool for the little they do describe, but it completely ignores their one clearly stated requirement. That's like someone asking for a simple, free, ticket system and you coming in with ServiceNow.
abn0rmalcreation@reddit
We've used a mixture of roboshadow and ninja for patching. Check out roboshadow.
RansomStark78@reddit
I love action1
ZeroOne010101@reddit
WSUS is tge only thing i can come up with
FuzzyWuzzyWuzHere@reddit
I was gonna say… have you tried WSUS?
Lazengann86@reddit (OP)
So no agent needed, as long as the device is Domain joined?
Ehfraim@reddit
Domain join is not a requirement either. You can use regkeys to set the options. But, WSUS is deprecated by MS: https://techcommunity.microsoft.com/blog/windows-itpro-blog/windows-server-update-services-wsus-deprecation/4250436
Borgquite@reddit
NB ‘Deprecated’ just means ‘no longer developed’. It’s a key part of SCCM and so is likely to be around for some time (at least another 9 years).
https://patchmypc.com/blog/wsus-is-dead-long-live/
Smash0573@reddit
Action1 has something like 200 agents for free. Works on Mac Linux and Windows.
For self hosted you could look at NetlockRMM
Smash0573@reddit
There's also Tactical RMM
plump-lamp@reddit
Didn't tactical have a Bitcoin miner built in to it? Wouldn't trust that even after they "fixed" it
Smash0573@reddit
Oh I didn't hear that. Do you have a link? For my homelab I use action 1 so I don't worry about self hosted options, just know they are discussed heavily.
WayneH_nz@reddit
It was his own "private" repository that got "leaked"
https://www.reddit.com/r/sysadmin/comments/rq5g9h/a_few_concerns_with_tacticalrmm_am_i_being/
caffeine-junkie@reddit
If possible, where Internet connection is available, would suggest going action1 as well; close second is ninjaone, although really like SCCM morep than both if price wasn't a concern. All of course depends on the scope of what you want to do and what needs coverage.
Biggest pain point I have with action1 within a RMM scope, is it only does per system installs and not per user. Some of the software we deploy is per user only, and per system does not exist which means manual deployments as I would rather not get all funky with scripts and gpos.
poizone68@reddit
Are you simply looking for patch installation, or a solution that has a local cache/repository/approvals?
Lazengann86@reddit (OP)
For now just patching.
IntrovertedRailfan@reddit
We used to use Desktop Central from ManageEngine years ago when we had only 10-15 computers, there was a free edition - not sure if that still exists.
Recent_Perspective53@reddit
This right here, I loved this
plump-lamp@reddit
https://www.manageengine.com/products/desktop-central/edition-comparison-matrix.html
Eisenhowee@reddit
If you really need agent, you can use tools like „opsi” or „chocolatey”. If you can live with agentless solution, you can use PowerShell with PSWindowsUpdate Module, Ansible with ansible.windows.win_Updates or PDQ deploy. With pdq you will have the best way to schedule and Monitor you Updates. It is also free, but without support.
TechnicaVivunt@reddit
Maybe fleet dm?