Automated Windows Updates Software?
I have heard of WSUS, but is that the best solution? I have techs interrupting our clients to do Windows Updates during business hours. I need a solution that will reduce customer interruptions and is reliable.
Any products that do more than just Windows Updates?
Solution 1:
The Windows Update client can be configured to perform installations at odd hours. Combined with a solution to do Wake-on-LAN you can get update deployment to occur outside of normal hours fairly easily. (We use some scripts to do this, but there are probably off-the-shelf solutions, too.)
WSUS has been exceedingly reliable for me. I'm particularly fond of the reporting functionality in locating computers that are not receiving updates properly.
The Windows Update client is easily manageable with group policy, so that makes us very happy, too.
There are third-party and Micrsoft products (SCCM, comes to mind) that do more than just operting system patch management. I don't have any experience to relate about these. These products look to be priced out of the ballpark for the size of Customers I'm working with. (We've usually handled patching applications via startup scripts or re-deployment of patched software assignments thru GPOs...)
Solution 2:
You can use WSUS in conjunction with group policy to set when the users will be prompted to install the updates. I'm not sure if you can specify a time or not, but it's less intrusive than having a techie physically get in the way :)
http://technet.microsoft.com/en-us/library/cc720539.aspx
Solution 3:
Shavlik as mentioned by someone else. It's got some interesting features that make it stand out. Checks for actual files on the system, not just a reg value for installed updates. Takes care of precedence of updates. Scans pretty quick and you don't need to install an agent on the system.
Solution 4:
You didn't mention how many servers/clients you are talking about, but If you are wanting to control patching (just of Windows patches), then WSUS is definitely the way to go (and the price is right). You can control when the patches are loaded, approve or reject certain patches, etc. More information is available at the WSUS resource center on TechNet (http://technet.microsoft.com/en-us/wsus/default.aspx)
The next step up would be System Center Essentials, which adds server/client monitoring for up to 30 servers and 500 clients, and will allow you to distribute software (not just patches) automatically. It actually works quite well. More information here: http://www.microsoft.com/Systemcenter/essentials/en/us/default.aspx (there is also a VHD that you can download to try it out).