Centralized Windows/Mac Patch Management that is easy to use

I'm looking for advice on what patch management solutions you would recommend based upon your experience. I'm also looking for which ones you would not recommend based upon your experience.

We have a mixed network of Windows and Mac clients. Our central servers are all Windows servers, although I have considered putting in a Mac server to better handle our Mac clients. The issue we are facing currently is that we need to maintain the patches on all of our third-party applications. Right now we use WSUS, which handles with patching of Windows and some Microsoft products but that is about it. I need something to cover the other applications, specifically things like Adobe products (Reader, Flash, Dreamweaver, etc.)

Our network isn't that big (maybe 200 clients) and I don't have a person to dedicate just to patching and maintaining a patch management solution. Thus very large and complicated solutions like System Center are most likely out.

I have recently been looking at Dell's Kace K1000 solution (software.dell.com/products/kace-k1000-systems-management-appliance/). It seems simple and it provides a lot of tools in one package that I would like/need as well. I like the fact that it is self-contained in an appliance and that it is designed for solutions like mine. However, I'm not sure if this is the best solution.

I've also looked some at Shavlik's Netchk solution (http://www.shavlik.com/netchk-protect.aspx) but I don't need an anti-virus product. However, it looks like they might have a very good patch database.

My question is this: What are your thoughts on these to products? Are there better products out there? Are there issues that I'm not considering?

I want something that is very good at patching a broad range of products, that is simple to use, that takes a minimal amount of management (like WSUS), and that (hopefully) works with Mac and Windows.


I've used Lumension Patchlink for Windows machines, but I see it supports most modern client OSes. It worked just fine; any of these products has the potential to be moderately complex, however.


For Windows, I'm using WSUS the same way you are, and WPKG (link to another plug I made for WPKG) for other software updates.

WPKG has a good Wiki where people have contributed their settings for various packages, but ultimately you're responsible for verifying and/or working out the install, upgrade, downgrade, and remove commands for each package as needed.

For the Macs, I'd look at either Apple Remote Desktop or Puppet.