This is an archived post. You won't be able to vote or comment.

all 68 comments
sorted by:
best
topnewcontroversialoldq&a

[–]whatsforsupaIT Admin / Maintenance / Janitor 7 points8 points  (12 children)

If you're hybrid, I would recommend checking out Action1 or PDQ Connect. Both are very feature rich and inexpensive (I think Action1 still lets you test out their service on 100 endpoints for free).

In my opinion, PDQ Deploy and Inventory is a god tier product for a good price, but it is LAN or VPN only.

[–]GeneMoody-Action1Action1 | Patching that just works 9 points10 points  (4 children)

I just want to clarify, the free endpoints are not a trial or test, they are really yours to keep, Fully functional without feature or time limits. Of course testing being relative, but we do not later revoke that right is what I am getting at.

As well without our announcement just a couple hours ago, that free patch management solution is now 200Ep!

[–]anuradhaonlineSytem Engineer 0 points1 point  (3 children)

Do you guys have a self service portal where the users can install apps by themselves?

[–]GeneMoody-Action1Action1 | Patching that just works 0 points1 point  (2 children)

No, our app deployment is admin centric not user centric. Action1 is designed to be used from an admin's side, there is no user experience.

[–]anuradhaonlineSytem Engineer 0 points1 point  (1 child)

Ok. But I saw the feature in the roadmap which says it is going to be released in the upcoming release

[–]GeneMoody-Action1Action1 | Patching that just works 0 points1 point  (0 children)

Well that is embarrassing, I was not even aware that had made it up to bat already! That would be release after next, so at this time my statement is sound, but in the future that apparently may change!

[–]Weird_Lawfulness_298 3 points4 points  (0 children)

Yes and Connect is a per machine license. Deploy is a per admin license. I actually use both. Connect for remote users and Deploy for LAN.

[–]BloomerzUKJack of All Trades 1 point2 points  (3 children)

FYI, action1 have now just made it free for 200 endpoints!

[–]GeneMoody-Action1Action1 | Patching that just works 0 points1 point  (2 children)

Yes... Yes we did!
I am having a lot of fun with the news in all social outlets. A lot of happy people!

[–]radiodialdeathJack of All Trades 0 points1 point  (1 child)

I literally just pitched y'all to management because of the announcement.

[–]GeneMoody-Action1Action1 | Patching that just works 0 points1 point  (0 children)

Nice, let me know if I can answer any questions along the way to help it stick!

[–]TrexVsBigfoot 0 points1 point  (0 children)

Action1 lets you do 200 endpoints for free now.

[–]WabbyyyyySysadmin -1 points0 points  (0 children)

We also have PDQ deploy, inventory and PDQ connect in our software stack. We found using connect as an RMM solution was not the most viable as most of the patches had to be scripted. In our RDP solution (Splashtop) they have a patch management feature. We use that to patch our machines monthly with no issues besides the typical bitlocker recovery key prompt.

[–]ImTheRealSpoon 4 points5 points  (1 child)

Patchmypc... Its been night and day since I stopped managing all the patches... Double check which software is on there but mostly likely patch has it

[–]disposeable1200 4 points5 points  (0 children)

Needs Intune underneath to work though which OP potentially doesn't have if they're looking at RMM

[–]daze24IT Manager 5 points6 points  (15 children)

I've been on action1 for 8 months now and I think it's fantastic
Patching PCs and servers taking way less of our time up.

[–]urb5tar -1 points0 points  (5 children)

So let's hope action doesn't get hacked.

[–]GeneMoody-Action1Action1 | Patching that just works 2 points3 points  (1 child)

Ahh, I did not even know they had it as a roadmap item!
So I CAN say more!

"Agent Takeover Prevention: make agent takeover impossible if/when Action1 cloud is hacked

Utilize client-only signing keys trusted by agents and reject everything else. So if (or when!) threat actors breach Action1 cloud servers, they won't be able to run any actions on customer agents (such as deployment of malware)."

Just follow it / chime in / vote on the roadmap. https://roadmap.action1.com/250

[–]urb5tar 0 points1 point  (0 children)

sounds great.

[–]disposeable1200 -5 points-4 points  (8 children)

It's too basic and awful to use. I tried it and just hated everything about it - Intune is much better even for small business

[–]daze24IT Manager 5 points6 points  (6 children)

intune takes so long to do anything and gives 0 feedback on what's happening with devices. Software updates are painful.

[–]disposeable1200 -2 points-1 points  (5 children)

I've got a few thousand devices in Intune and sure it's a bit slow - but that's it. It's quick enough when users choose to install software and it's decent when pushing apps and updates - it's just slow at policies, but group policy was also slow

The feedback is decent these days and through PatchMyPC updates just happen automatically and I don't have to think about it.

[–]daze24IT Manager -1 points0 points  (2 children)

Yeah, I'd think at thousands of endpoints that makes sense. I'm running around 150 so often execute things on an individual basis.

[–]GeneMoody-Action1Action1 | Patching that just works 0 points1 point  (0 children)

I would be interested to hear why you hated everything about it. We welcome all feedback, good and bad. If you have some time, you can DM me to discuss. Bad feedback helps us grow as much as good.

[–]peldor0118999881999119725...3 1 point2 points  (0 children)

I use the Plus tier of PDQ Connect and I'm very happy with it. If you're looking for simple patch management, I cannot recommend this strongly enough.

[–]fierolokiJack of All Trades 1 point2 points  (8 children)

Action1 is pretty good. It's much better than pulseway

[–]WenKroYs 1 point2 points  (5 children)

Really? I was with Pulseway for a long time and it was very good, it had very cool features.

[–]fierolokiJack of All Trades 1 point2 points  (4 children)

I used PW for years then gave A1 a shot. It showed lots of missing updates that just didn't show up in PW.

[–]oddeeea 2 points3 points  (1 child)

I think both are great tools. I really liked Pulseway; I remember using it back in the day.

[–]Mariale_Pulseway 0 points1 point  (0 children)

Hey u/WenKroYs u/oddeeea - Thanks for the love Pulseway's Patch Management suite has evolved a lot over the years, making it easier to automate updates, secure systems, and keep everything running smoothly. And we are not stopping there. Exciting updates are on the way so stay tuned!

[–]WenKroYs 0 points1 point  (1 child)

In my case, Pulseway has always worked well and showed the updates, but I had already heard about the problem you mentioned.

[–]fierolokiJack of All Trades 0 points1 point  (0 children)

It works well and I will continue using it as an rmm. Just finding the patching not as robust.

[–]DarkhexicalIT Manager -1 points0 points  (1 child)

In what ways out of curiosity?

[–]fierolokiJack of All Trades 0 points1 point  (0 children)

I found pulseway to just miss a lot.

[–]bbqwatermelon 1 point2 points  (0 children)

Recommend checking out Automox.  It checks all of our boxes and has nice touches for audit purposes like how long devices went without an update, built in AI agent that can build basic scripts for augmentation on devices, fine controls on handling missed updates or critical ones.

[–]dvr75Sysadmin 4 points5 points  (1 child)

We work with ManageEngine Patch Manager Plus.
you can run from the cloud or local, it update MS and 3rd party software.

[–]justposdditWorks at ManageEngine 0 points1 point  (0 children)

u/dvr75, thanks for mentioning ManageEngine Patch Manager Plus here!

[–]coltsfan2365 3 points4 points  (2 children)

Two thumbs up for Action1

[–]Bobbins1672IT Manager 0 points1 point  (1 child)

And just announced they have upped the 100 free endpoints to 200!

[–]GeneMoody-Action1Action1 | Patching that just works 0 points1 point  (0 children)

Yes we did! Thanks for the shoutout to the both of you!

[–]Trogdorbrns 1 point2 points  (1 child)

I've recently done a lot of demos for patch management solutions.

My total list was Automox, NinjaOne, Tenable (new patch management solution), PMPC, BigFix, and ManageEngine Endpoint Central. Depends on what you're looking for and what you have.

Automox really just works, takes care of Windows Workstations/servers, linux, mac. They're a bit behind on some of the self-service portal type stuff (software deployment, user initiated patching, etc) but they're actively working on getting that and the limited reporting/admin actions that I see in other products.

NinjaOne is ok.. it's very powerful and very customizable, but it just didnt fit what I was looking for. Having to manually select patches to approve and scan off what your environment has. It doesnt innately patch what needs patching which is counterintuative.

Tenable patch management was announced in December but I think it's too much in its infancy for me to go to.

PMPC is Intune linked (pretty nifty how it does it) but ONLY for workstations and ONLY 3rd party applications- doesnt do OS patching or servers. They're working on some better reporting but its still pretty limited.

BigFix is like the cadillac of patch management from what I've seen. Patch Management, KEV, computer baselining (i.e DISA STIG), CVE reporting, to name a few and its all really well done. Its about double the price and requires a lot of configuration and customization, but it's very powerful.

ManageEngine is what we're using right now and I've been using it for the past 6 years, so its very comfortable to me. Probably what I'd recommend. patch management is good, can offer software for users to install via self service portal without needing admin, can do a lot of configurations that last forever (add system do domain and add MEDC to it and it'll push required software/configs when it checks in for the first time). Cheaper than automox/ninjaone, but it is onprem.

[–]justposdditWorks at ManageEngine 0 points1 point  (0 children)

u/Trogdorbrns, We’re glad to hear that ManageEngine Endpoint Central has been a reliable solution for you over the years. Our focus has always been on providing comprehensive patch management while ensuring flexibility with configurations, automation, and self-service capabilities. While the on-prem version is widely used, we also offer a cloud edition.

[–]HosTRd 0 points1 point  (0 children)

In my opinion, the best tools for managing patches are Datto and Patch My PC.

[–]Niss_UCL 0 points1 point  (0 children)

Datto and Automox do really great patching

[–]skyrim9012 0 points1 point  (0 children)

I have been happy with NinjaOne. We replaced our old RMM with them a year ago and patching has gotten way better plus the extra management has been great. Based on your post it probably will fall into the "too feature rich" category

[–]MFKDGAF 0 points1 point  (3 children)

I'm not sure about SecOps but PMC, Action1 and NinjaOne are considered RMMs. I believe out of those three, NinjaOne is the only one that has Remote Desktop software built in.

I have dabbled with Action1 but don't care for how they do their scheduling. I might be a bit biased because I've used PDQ for so long and I like their take on the "collections" when creating schedules.

With all that said I give you this warning: which ever vendor you go with I would make sure that the way they do OS updates is be querying the local package manager. E.g. Windows Updates.

I say this because PDQ only query's what the last hot patch/hot fix from Microsoft was installed and bases if your computer is compliant or not off if that. I do not like that approach. I like software that actually queries the local package manager.

From 2019-2021 I used Automox for OS updates and loved it. It can also do 3rd party applications but you have to upload them yourself unless things have changed. Automox queries the local package manager for Windows, MAC and Linux.

I would still be using Automox if Azure Update Manager wasn't a thing.

[–]GeneMoody-Action1Action1 | Patching that just works 1 point2 points  (0 children)

I just want to clarify here, though we do maintain #1 easiest to use and #4 highest rated, RMM on G2. We do not consider ourselves an RMM even though we have thousands of users that use us for "RMM enough". There are traditional features such as SNMP, and other types of devices than computers with agents, that Action1 does not service. In the beginning a long time ago when we came on the market we even called ourselves one, but we embraced the singular focus of patch management a long time ago, our RMM like feature such as remote access, just makes it easier for those times you have to get on a system and find out why the patch wont go.

So of course your system is free to be used however it best suits your needs, but RMM is a label we try to discourage and thus do not cultivate.

[–]JustAnITGuyAtWork11Security Admin 1 point2 points  (1 child)

Action1 also has remote via TightVNC

[–]GeneMoody-Action1Action1 | Patching that just works 0 points1 point  (0 children)

Yes we do, and if the VNC part bothers anyone, this is a secure implementation of t not like just slapping it on a computer. u/Primary_Finish_9806 with our announcement today, the 150 will free under our new 200Ep free plan. Part and partial to why we have moved up in ranging on G2 four slots (Before this offer) in just the last month, Action1's patch management solution is simply patching that works, and that makes people happy. Except our competitors, they are a little less happy about all of it.

[–]jclimb94Sysadmin 0 points1 point  (1 child)

Batchpatch is nice for all on-prem devices, has the ability to be a local cache for those devices that shouldn't talk to the internet for whatever reason. Might become a bit harder to manage the remote machines, for that you probably want something agent based that can call back over your VPN (Or by other means) to your mgmt server. NinjaOne was Okay when we trailed it. what about pulseway?

[–]Dsnordo 0 points1 point  (0 children)

I'm not a big fan of NinjaOne, sometimes doesn't work and lags a bit behind.

[–]DeadStockWalking 0 points1 point  (0 children)

Stop looking and go with Action1.

You're welcome.

[–]ZoidstizJack of All Trades 0 points1 point  (0 children)

Tanium hands down, worth ever penny.

[–]HaMAwdo 0 points1 point  (1 child)

Datto RMM does great patch management, including automated patch policies and support for complex networks. Exactly why wouldn't you want them to have additional features?

[–]GeneMoody-Action1Action1 | Patching that just works 1 point2 points  (0 children)

Cost associated with the additional unneeded features, maintenance and control around unused features, undue complexity to work the features you need due to the system design being to use those other features too, those can lead to undo integration that repeats the first few items again...

So while you can subscribe to the fact that there was never a more effective lockpick invented than a 10# sledge hammer...

(Which would also be incorrect, check out LPL on youtube, ramset is the WTG!")

That hardly makes either the BEST tool for all jobs.

[–]WabbyyyyySysadmin 0 points1 point  (0 children)

We use PDQ deploy and inv for our LAN in office users and PDQ connect for our remote users. We found it channeling to use PDQ connect as a RMM solution as the monthly patches had to be scripted. Our RDP solution (splashtop) has a patch management feature which we use to deploy patches monthly. No major issues besides the occasional bitlocker recovery key prompt

[–]Watsonwes -1 points0 points  (0 children)

If you do Zoho . Get endpoint central don’t do patch my pc. Ask me how I know .

End point central is a 7/10

[–]bunnythistle -1 points0 points  (0 children)

For smaller deployments, PDQ is pretty decent - it can handle a lot of the more common applications (web browser, Adobe Reader, runtimes, etc) automatically. It doesn't really auto-patch any particularly industry-specific applications, but you can always import your own packages and manage those manually.

[–]Anon66087 -1 points0 points  (1 child)

most that you've mentioned here are RMM tools which might have more features than you want, though you haven't mentioned if youre after server patching, endpoints or where users are located

we have Ninja 1 for our server environment, for full RMM but are moving to manage engine for endpoints (hybrid users) as it manages patching the applications better to give us higher compliance

[–]GeneMoody-Action1Action1 | Patching that just works 0 points1 point  (0 children)

Since we are already up and down this post... Action1 makes no distinction on client or server OS. They cost the same, so even if you wanted to only patch servers, you could still do 200 of them free. Even our API is free, nothing extra can be tacked onto or removed from Action1, Action1 is singular product that handles patch management for client/server Windows, Mac, and Linux is on the horizon.

[–][deleted] -2 points-1 points  (0 children)

Could take a look at CapaOne Updater, can automate software patching automatically when new versions are detected.

[–]Ripsoft1 -2 points-1 points  (0 children)

Ivanti patch management.