Latest posts by Dan Franciscus (see all)
- SolarWinds Server Performance and Configuration Bundle - Tue, Jun 18 2019
- SolarWinds Patch Manager: Updating Windows and third-party software - Tue, Apr 30 2019
- Monitor file changes in Windows with PowerShell and pswatch - Fri, Feb 1 2019
The product allows administrators to manage both Microsoft and third-party patches through the Windows Update agent. The software also provides comprehensive reporting and allows task scheduling. Patch Manager aims to deploy patches for Microsoft Windows servers and workstations and applies to a wide range of environments from dozens to thousands of nodes.
Testing environment ^
For the purpose of this review, I installed a free 30-day trial of Patch Manager as a standalone deployment on a relatively small network. The software automatically installed both a SQL Server Express database as well as a local WSUS server on a single machine, making integration very easy. Although it's also an option to connect to a separate update and database server for larger environments, I did not test these features. If you already have SolarWinds network or systems management products in your portfolio that are running on the Orion® integration platform, Patch Manager can also be installed and integrated with Orion to give you consolidated monitoring, management, and patching of your entire IT stack in a single, centralized view.
Downloading and publishing packages ^
It's a fairly simple task to publish, download, and approve packages within Patch Manager. It lists published software under Update Services in the left-hand panel. This section of Patch Manager manages an actual Windows WSUS server. It lists all updates under the All Updates tree branch. This pane also lists the approval status for each patch.
To approve a patch, simply choose Approve under Actions on the right-hand side. Just as in WSUS, you can divide computers into groups by how and when patches are applied. You can assign approval to a particular group and execute it at a particular time via automated tasks.
The actual download of patch software occurs through FTP and requires allowing outbound FTP through any network firewalls. An air-gap option is available for standalone network environments. Publishing and approving patches is intentionally manual to prevent the software from inadvertently installing patches in a potentially harmful way.
However, after approving the software, you can automatically pull it via scheduled task from the update site. You can also use Patch Manager to build and deploy custom patches easily.
Third-party patches ^
It is fairly easy to publish third-party patch software. In the tree pane, under Administration and Reporting, is a branch titled Software Publishing. This branch houses all third-party patch software. You can publish this software to the deployment list above by simply choosing Publish Packages under Actions in the right pane.
Automation options ^
In addition to general patch management, the software includes a fair amount of pregenerated automated scripts for managing Windows machines. For the nonscripter, they are a good alternative to running WMI or PowerShell. From the Computer Management panel, you can view each computer through the Computer Explorer. This obtains very detailed information about the machine via WMI and displays it in this window.
Although the use of agents is not required, an optional agent sometimes facilitates communication to machines located behind firewalls over just one port, instead of needing a wide range of WMI ports opened.
Below is an example of the Computer Explorer gathering the details of the Windows Firewall policy. Additional information easily collected from this window includes network adapter information, network statistics, processes, system information, services, installed certificates, and installed software.
Gathering the details of the Windows Firewall with Computer Explorer
Other automation tasks include computer reboots, inventory gathering, Wake-on-LAN, enabling and disabling services, and various software deployments. Remote desktop to each computer is also available for more detailed management tasks. The amount of detail to collect during a machine inventory is configurable via the Inventory Configuration Editor.
Upon completing a particular task either immediate or scheduled, the tool displays the task results under Task History. Various reports are also available. An example basic registry report is below. Reports are available for export as .pdf or Excel files, and you can set them up for automatic email distribution.
SolarWinds licenses Patch Manager on a per-node basis. A license with first-year maintenance starts at $3,750 for up to 250 nodes. This particular review used the 30-day free trial license that can be found here.
Overall, the software appears to provide decent value for the money. It was simple to install, easy to use, and provided a wealth of out-of-box functionality and reporting capabilities. Support and training are also readily available.
Plenty of documentation and webinars are available online, and support is available with a live representative 24/7. Patch Manager is a solid product to use for patch management and automation in a Microsoft environment.