1

Here is the scenario,

We have Windows 10 Pro (100 end points) all physical. It is a MS Windows AD environment. What is the best solution to update these end points remotely? Looking for something that does this job, not a host of other features. The tool should update all the end points with the MSI package and possibly generate a report (not required) Looking for options other than Microsoft System Center.

Appreciate your input. Thanks in advance.

truthtriumphs
  • 59
  • 1
  • 8

1 Answers1

-1

Try deploying a MSI through a GPO:

https://www.advancedinstaller.com/user-guide/tutorial-gpo.html

https://docs.mattermost.com/install/desktop-msi-gpo.html

mrmut
  • 362
  • 2
  • 4
  • 17
  • Thanks!! how do I get a MSI package? I see only MSU package – truthtriumphs Jan 16 '20 at 07:50
  • Another thought - aren't you using automatic update? If you are using WSUS you can define which updates can be applied. – mrmut Jan 16 '20 at 12:46
  • Thanks. I don't have an WSUS server setup. I just enabled it using GP. In one of the end points its showing, the updates are downloaded and will be installed with the device is not active. Not sure what that means. Please let me know if you have any thoughts on this. – truthtriumphs Jan 18 '20 at 06:40
  • 1
    You should take some time and learn how the updates work. In my networks I don't use WSUS anymore as there is no real need - Windows 10 distribute patches in local network from other clients. Having WSUS only complicates things. GPO approach to updates is good. Set it and forget it. And have a dedicated enterprise antivirus. – mrmut Jan 18 '20 at 10:24
  • Thanks for your comments, I am trying to understand your configuration. You mention that "Windows 10 distributes patches in the local network". Appreciate if you could explain this, how do the endpoints get the patches from other clients. Thanks for the comments, we tried installing a separate WSUS server, but did not work. I enabled it via the GP. I checked it one of the test PC's the installation seems to be happening without user intervention and after office hours. – truthtriumphs Jan 18 '20 at 11:13
  • Here is what I did, it seems to be working. I modified the Group Policy that is being applied to the domain, with following setting. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc720539(v=ws.10)?redirectedfrom=MSDN – truthtriumphs Jan 18 '20 at 15:49
  • WSUS is pain in the ass and it creates a lot of administrative overhead. I skip it completely now. For optimization delivery read this: https://docs.microsoft.com/en-us/windows/deployment/update/waas-optimize-windows-10-updates – mrmut Jan 18 '20 at 17:28
  • Hi mrmut, I did check one of the PC's it's showing the updates are pending for install how can we automatically make sure the install happens without administrators intervention? – truthtriumphs Jan 19 '20 at 04:47
  • You can propagate a rule that forces a restart. – mrmut Jan 19 '20 at 09:42
  • you mean in the existing group policy? – truthtriumphs Jan 19 '20 at 09:45
  • Never use same policy for everything, always create new ones. – mrmut Jan 19 '20 at 14:08