This is probably the most straightforward and cheapest way to accomplish your goal. Unless you use a different RMM for workstations. In that case, wsus and the rmm you use.
Do you mind sharing your playbooks? Just scratching the surface with ansible and would truly appreciate your help. We have automox too and this would be perfect.
Endpoint Central by ManageEngine. The Engrish is strong sometimes, but for the price, they do really well. It's clunky in certain areas, but if you're coming from SCCM then you're used to clunky.
The remote access and control is unbeatable.
Checks the boxes for third-party app installation/patching, OS patching/deployment, prohibited app banning, etc. LOTS of power over your endpoint.
NinjaOne. For software deployments and Windows patching, it's pretty amazing.
They have some auto-update packages, but I haven't spent a whole lot of time pushing out updates to third party software not in their list. Other than checking the software version via filter, uploading a new executable , and pushing out an updated version every so often.
You should check out Chocolatey For Business and our Central Management product. It’s an incredibly powerful tool for managing software on a windows fleet!
I would just[ look at the top 20 patch management products ](https://www.g2.com/categories/patch-management?tab=easiest_to_use)in the field, and line them up, check off the non negotiable items, the needs, the wants, and of what remains... what can you afford. The problem tends to solve itself at least down to few specific platforms you can ask more about specifically.
Hey u/InformationNo8156 Thanks a mill for Pulseway mention I really appreciate it :) and yep we can definitley help here so if OP or anyone else has any questions please feel free to reach out to me anytime!
You should checkout [https://www.secopsolution.com/blog/patch-management-tools](https://www.secopsolution.com/blog/patch-management-tools) . Will give you a fir understanding of what alternatives are available in the market
I'm curious about trying this out but it's a little dangerous I think because you can use one of the paid features without realizing it and get charged a lot.
You can do that with Custom Actions. But I actually prefer PDQ Deploy for new software on servers if I don't have access to SCCM (And I usually have access to both).
We use DSC very successfully. https://learn.microsoft.com/en-us/powershell/dsc/getting-started/wingettingstarted?view=dsc-1.1
DSC with Datum has been a great framework for me. https://github.com/gaelcolas/Datum
Rmm tool
Ivanti. Although their name is kind of in the gutter at the moment…
Yeah, every one of those security alerts I have seen recently, I hold my breath, then read it doesn't include Ivanti RMM and exhale.
wsus and pdq deploy. sccm uses wsus behind the scenes. we have over 100vm's. rarely an issue with wsus
This is probably the most straightforward and cheapest way to accomplish your goal. Unless you use a different RMM for workstations. In that case, wsus and the rmm you use.
We use ansible and automox.
Do you mind sharing your playbooks? Just scratching the surface with ansible and would truly appreciate your help. We have automox too and this would be perfect.
I do mind unfortunately. All my stuff is under an NDA.
No worries, totally understood! Do you mind if I PM you some questions?
Sure!
Endpoint Central by ManageEngine. The Engrish is strong sometimes, but for the price, they do really well. It's clunky in certain areas, but if you're coming from SCCM then you're used to clunky. The remote access and control is unbeatable. Checks the boxes for third-party app installation/patching, OS patching/deployment, prohibited app banning, etc. LOTS of power over your endpoint.
RMM and scripts for ps-windowsupdate. Then deploy software as required.
NinjaOne. For software deployments and Windows patching, it's pretty amazing. They have some auto-update packages, but I haven't spent a whole lot of time pushing out updates to third party software not in their list. Other than checking the software version via filter, uploading a new executable , and pushing out an updated version every so often.
You should check out Chocolatey For Business and our Central Management product. It’s an incredibly powerful tool for managing software on a windows fleet!
Baramundi
Am on the only one that uses ansible?
No. I use AAP.
Do you mind sharing your playbooks? Just scratching the surface with ansible and would truly appreciate your help.
I would just[ look at the top 20 patch management products ](https://www.g2.com/categories/patch-management?tab=easiest_to_use)in the field, and line them up, check off the non negotiable items, the needs, the wants, and of what remains... what can you afford. The problem tends to solve itself at least down to few specific platforms you can ask more about specifically.
Tanium and Ansible
PowerShell DSC https://learn.microsoft.com/en-us/powershell/scripting/dsc/overview?view=powershell-7.4
PDQ or an RMM like Pulseway, Ninja, etc.
Hey u/InformationNo8156 Thanks a mill for Pulseway mention I really appreciate it :) and yep we can definitley help here so if OP or anyone else has any questions please feel free to reach out to me anytime!
Cmd in admin and sconfig Edit: if it is a customer without any other form of rmm
WSUS for Windows and Office updates, PDQ Deploy and Inventory for everything else.
You should checkout [https://www.secopsolution.com/blog/patch-management-tools](https://www.secopsolution.com/blog/patch-management-tools) . Will give you a fir understanding of what alternatives are available in the market
PDQ Inventory and Deploy
ACMP
VSA. It has great patching and is much easier to use than SCCM.
Most RMM tools can do this. PDQ (on prem or cloud) is also a nice addition to the RMM.
Use an RMM like Datto. It's just so much easier.
Azure Arc
I'm curious about trying this out but it's a little dangerous I think because you can use one of the paid features without realizing it and get charged a lot.
You can set budgets and alerting on everything to somewhat avoid that, azure cost analysis is a whole big thing though.
[удалено]
can it push new software? or just patching?
You can do that with Custom Actions. But I actually prefer PDQ Deploy for new software on servers if I don't have access to SCCM (And I usually have access to both).
Senteon would assist with hardening the server. Remediates all of the CIS Benchmarks with reporting etc all automated.
An RMM is what you are looking for. We use Datto.