I'm looking for recommendations on on-premises alternatives to WSUS for Windows updates and patch management since WSUS is deprecated. My client operates in a strictly closed network environment, so any cloud options like SCCM, MECM, or Intune are off the table. What solutions have you found effective in similar situations?
5 Answers
While WSUS won't get new features, it should remain functional for another 6 years or so. If you're already using it, it might not be necessary to switch just yet. SCCM still relies on WSUS for its backend updates, so keep that in mind if you're considering a switch.
We switched to PDQ Deploy from WSUS and have found it quite useful, especially since it operates entirely on-premises. The transition was smooth, and it offers a wide range of deployment options for various updates.
How's it working for you? I’m curious if it handles different update categories well.
If you're into scripting, consider writing a PowerShell script that can automate updates based on the version checks. If the network is closed, it can streamline the process without needing third-party tools. This method could work well especially if you've got read access to the needed updates.
For something robust, I've seen BigFix and GFI Languard mentioned for isolated environments. They require some manual efforts to download and transfer updates, but they handle end-to-end patch management quite well. Just make sure to have a pipeline for transferring updates.
I’ve heard mixed reviews about BigFix—sounds like you either love it or hate it. What’s your take on it?
You might want to look into Ivanti as an alternative. I used it years back, but I've heard it has improved since then. Just be sure to evaluate its current capabilities since my experience was a while ago.
I tried it recently, and I wasn’t impressed. It had quite a few issues that made the patching process cumbersome.
Got it, that's good to know! Guess we have some time before we need a backup plan.