As one way to deal with this more-or-less weekly chore, I touched six months ago upon Microsoft's SUS (Software Update Services) 1.0. SUS is a free utility that downloads all available Microsoft patches to one or more enterprise servers. You then select the fixes your servers will push out to clients. End users never run Windows Update on their own.
The recent release of service pack 1 for SUS makes the freebie all the more attractive. The update makes SUS compatible with Windows 2000 domain controllers and Small Business Server. What's more, the separate SUS feature pack integrates the update utility with Microsoft's SMS (Systems Management Server), a tool that inventories and manages machines in the enterprise.
The InfoWorld Test Centre recently reviewed SUS and a new, beta version of SMS and gave positive ratings. A step-by-step SUS guide has also been published by Microsoft Certified Professional Magazine.
Independent software vendors who make competing products say SUS is worth every penny of what it costs. So, you may want alternatives.
Patchlink: Sean Moshir, CEO of Patchlink, points out that SUS updates only Windows 2000 and XP. His company's cross-platform Update 4.0 software adds support for Windows 95, 98, Me and NT, as well as Unix, Linux, AIX, Solaris and NetWare.
Additionally, "Microsoft only offers Microsoft patches," Moshir says. Update 4.0 automates more than 200 vendors' upgrades, including those of McAfee, Sophos and Symantec. The product costs $US1295 for a server version, plus about $US11 per machine per year (at a volume of 1000 seats).
BigFix: SUS is slow, lacks extensibility, and can't easily target individual client machines for specific patches, says Steve Larsen, CEO of BigFix. By contrast, BigFix Enterprise sends only small delta files across your network and is configurable with numerous modules. It's $US2500 for a server plus $US10 per machine annually for its Patch Manager component.
Patchlink and BigFix, as with SUS, install "agents" on each client PC for monitoring. Companies that instead use a remote scanning approach include:
Shavlik: HFNetChk Pro can group PCs by domain or IP address. It's $US16 per seat, or use the free, "light" starter version.
St Bernard: UpdateExpert boasts support for over 1000 patches that SUS doesn't. It costs about $US9 per year.
Gravity Storm: Service Pack Manager patches Windows NT/2000/XP plus Exchange, Outlook etc. It's about $US20.