SolarWinds Patch Manager: Updating Windows and third-party software

• Author
• Recent Posts

Dan Franciscus

Dan Franciscus is a systems engineer and VMware Certified Professional (VCP) specializing in VMware, PowerShell, and other Microsoft-based technologies. You can reach Dan at his blog or his Twitter at @dan_franciscus.

Latest posts by Dan Franciscus (see all)

• SolarWinds Server Performance and Configuration Bundle - Tue, Jun 18 2019
• SolarWinds Patch Manager: Updating Windows and third-party software - Tue, Apr 30 2019
• Monitor file changes in Windows with PowerShell and pswatch - Fri, Feb 1 2019

The product allows administrators to manage both Microsoft and third-party patches through the Windows Update agent. The software also provides comprehensive reporting and allows task scheduling. Patch Manager aims to deploy patches for Microsoft Windows servers and workstations and applies to a wide range of environments from dozens to thousands of nodes.

Testing environment

For the purpose of this review, I installed a free 30-day trial of Patch Manager as a standalone deployment on a relatively small network. The software automatically installed both a SQL Server Express database as well as a local WSUS server on a single machine, making integration very easy. Although it's also an option to connect to a separate update and database server for larger environments, I did not test these features. If you already have SolarWinds network or systems management products in your portfolio that are running on the Orion® integration platform, Patch Manager can also be installed and integrated with Orion to give you consolidated monitoring, management, and patching of your entire IT stack in a single, centralized view.

Downloading and publishing packages

It's a fairly simple task to publish, download, and approve packages within Patch Manager. It lists published software under Update Services in the left-hand panel. This section of Patch Manager manages an actual Windows WSUS server. It lists all updates under the All Updates tree branch. This pane also lists the approval status for each patch.

Managing WSUS through Patch Manager

To approve a patch, simply choose Approve under Actions on the right-hand side. Just as in WSUS, you can divide computers into groups by how and when patches are applied. You can assign approval to a particular group and execute it at a particular time via automated tasks.

The actual download of patch software occurs through FTP and requires allowing outbound FTP through any network firewalls. An air-gap option is available for standalone network environments. Publishing and approving patches is intentionally manual to prevent the software from inadvertently installing patches in a potentially harmful way.

However, after approving the software, you can automatically pull it via scheduled task from the update site. You can also use Patch Manager to build and deploy custom patches easily.

Third-party patches

It is fairly easy to publish third-party patch software. In the tree pane, under Administration and Reporting, is a branch titled Software Publishing. This branch houses all third-party patch software. You can publish this software to the deployment list above by simply choosing Publish Packages under Actions in the right pane.

View third party packages

Automation options

In addition to general patch management, the software includes a fair amount of pregenerated automated scripts for managing Windows machines. For the nonscripter, they are a good alternative to running WMI or PowerShell. From the Computer Management panel, you can view each computer through the Computer Explorer. This obtains very detailed information about the machine via WMI and displays it in this window.

Although the use of agents is not required, an optional agent sometimes facilitates communication to machines located behind firewalls over just one port, instead of needing a wide range of WMI ports opened.

Below is an example of the Computer Explorer gathering the details of the Windows Firewall policy. Additional information easily collected from this window includes network adapter information, network statistics, processes, system information, services, installed certificates, and installed software.

Gathering the details of the Windows Firewall with Computer Explorer

Other automation tasks include computer reboots, inventory gathering, Wake-on-LAN, enabling and disabling services, and various software deployments. Remote desktop to each computer is also available for more detailed management tasks. The amount of detail to collect during a machine inventory is configurable via the Inventory Configuration Editor.

Selecting data sources in the Inventory Configuration Editor

Upon completing a particular task either immediate or scheduled, the tool displays the task results under Task History. Various reports are also available. An example basic registry report is below. Reports are available for export as .pdf or Excel files, and you can set them up for automatic email distribution.

Creating a registry report

Conclusion

SolarWinds licenses Patch Manager on a per-node basis. A license with first-year maintenance starts at $3,750 for up to 250 nodes. This particular review used the 30-day free trial license that can be found here.

Overall, the software appears to provide decent value for the money. It was simple to install, easy to use, and provided a wealth of out-of-box functionality and reporting capabilities. Support and training are also readily available.

Plenty of documentation and webinars are available online, and support is available with a live representative 24/7. Patch Manager is a solid product to use for patch management and automation in a Microsoft environment.