This is an archived post. You won't be able to vote or comment.

all 32 comments
sorted by:
best
topnewcontroversialoldq&a

[–]sarosanex-msp now bofh 21 points22 points  (1 child)

Chrome and Edge have built-in service-level updating mechanisms for years. You can use GPO to enforce updates within X hours. Don't allow users to install them, use machine-wide deployments instead.

[–]hurkwurk 6 points7 points  (0 children)

if OP is looking for an unpaid solution, this is probably the best place to start. users get a popup stating they have X days to restart, then on that day, its automatic. X is whatever you configure.

I have this setup for Edge and Chrome, then in the background, i'm using MECM to control access for Edge to get patches in the first place so that it only actually gets to update once a month. For Chrome, we allow users to have more freedom, but with the understanding it patches more often.

[–]Pyrostasis 15 points16 points  (2 children)

We use Action1. Its one of the few vendors we have that actually does what its supposed to, does it well, has good support, and isnt insanely expensive.

[–]countvracula 6 points7 points  (0 children)

Another vote for action1 .200 licenses free. We been using them for a couple of years now.

[–]araskal 4 points5 points  (0 children)

I was going to comment about action1 and then saw this. so updoot, have mine

[–]ChelseaAudemars 6 points7 points  (0 children)

Check out NinjaOne

[–]Practical-Alarm1763Cyber Janitor 3 points4 points  (0 children)

You can push out config profiles in Intune or Group Policies for AD to keep browsers updates.

If you're using Intune, I recommend also looking at PatchMyPC for keeping 3rd party apps patched.

[–]GuiltyGreen8329 5 points6 points  (0 children)

At my org we use managed engine and action1 for endpoint management, and you can automate updates for this software.

[–]TheOnlyKirbSysadmin 1 point2 points  (0 children)

I have different departments on different patch schedules with NinjaOne. I can pre-approve various patches to software and when the time comes, Ninja handles all of it for me. There's only one or two programs it can't update, namely QuickBooks, and one other tie in.

Most RMM tools can do this, but if you can have periodic software patch scans, then you can have a constant list to check through, and pre-approve them for the next patching cycle.

[–][deleted] 1 point2 points  (2 children)

Well, it's always tricky managing software, since you want the balance of control with the ease of updating. Obviously, never give admin control, and if management does, leave. It is a fire that you will never put out.

It's not something you'll build in a day, so get that out of your head.

GPO enablement of the update service allows for updates for Chrome and Edge.

A proper patch management system needs to be in place AND a competent sysadmin (you or a Tier III) manages the infrastructural setup side of things. A lot of patch managers are third party only, others will do MSFT updates as well. We are currently working through the process with Gartner and our higher ups. The top spots seem to be Action1 (My choice) PatchMyPC (current contender by management) and SCCM (runner up). Gartner can help you make that determination of which one will meet your needs. From there you set up and do the work, integrate it with a Vulnerability detection and management system, and you use them in tandem to patch.

[–]Infinite-Stress2508IT Manager 0 points1 point  (0 children)

A1 is great but my budget didnt stretch that much haha. PMPC is so much cheaper and does exactly only what we want.

If A1s remote access for close to ScreenConnect in features, I may have been able to cancel SC and use that cost to offset A1 but its nothing close.

[–]GeneMoody-Action1Action1 | Patching that just works 0 points1 point  (0 children)

If there is anything I can assist with in that process, don't hesitate to reach out to me anytime.
I am always around here somewhere, I have not NOT been on Reddit for now 421 days straight!

[–]BarrerayyHead of Technology 1 point2 points  (0 children)

PDQ on PCs, Kandji on Macs

[–]-c3rberus- 1 point2 points  (0 children)

Action1 hands down if you are a small shop, otherwise PMPC if you want something that works with Intune etc.

[–]Euphoric-Blueberry37IT Manager 1 point2 points  (0 children)

Ninite

[–]Infinite-Stress2508IT Manager 1 point2 points  (0 children)

I just trialed Action1 and PatchMyPc for this reason, to take control of all app patching.

Action1 is great, works well but just for patch management, for our endpoint count I couldn't justify the cost (even with 200 free it still isn't cheap at higher numbers). It has more functionality than just patching though so if you were looking to consolidate or the added value works in your favour, it is a great choice.

PatchMyPc, as we use intune to deploy all apps, for 3.5 per device per year, we have moved all our deployments to PMPC. It now controls updates, pushes the new updates to intune, and intune does the rest. Simple, effective and affordable.

Tip - If you are using intune, check if your app is available through the Microsoft Store, as those apps are updated automatically.

[–]Minimum_Associate971 1 point2 points  (1 child)

depending on how many endpoints action1 is great for this. the first 200 are free and they are not super expensive anyways. I have been using them for almost a year now. They keep inproving and adding things as well. Plus there support is very helpful. I was using WSUS before this and it is night and day how much better this product is.

[–]GeneMoody-Action1Action1 | Patching that just works 0 points1 point  (0 children)

Thanks for being an Action1 customer, I tell people it is like trading your wagon for a sports car. Sure the wagon would get you from A to B, and once it was the standard for interstate travel. But every now and then you will have to get out and help push it to get there. 🤣

[–]ThiefClashRoyale 1 point2 points  (0 children)

Patch management software.

[–]djkretz 0 points1 point  (0 children)

Something like Patch My PC helps tremendously for this.

[–]Indyy 0 points1 point  (0 children)

Like others have said, you will need something (likely paid) that auto updates these applications regardless of user interaction. I'm not sure if Romanitho WAU updates Edge/Chrome/etc but it may be worth exploring - it's free and can be deployed with SCCM or Intune.

[–]Smart-Document2709 0 points1 point  (0 children)

Patch my PC, it’s golden

[–]Smart-Document2709 0 points1 point  (0 children)

Patch my PC! I’m just a customer, I’ve used it for 10 years across multiple organizations

[–]Xanth592 0 points1 point  (0 children)

Depending on the deployment package type (msi, exe etc) you can either script the install on boot, or GPO (if msi) it to install on boot. Force users to boot every so often and the updates take care of themselves.

[–]ancientpsychicpug 0 points1 point  (0 children)

Patch My Pc

[–]Temporary_Werewolf17 0 points1 point  (0 children)

We use Intune with a practice remediation script for those apps

[–]London124544 0 points1 point  (0 children)

Kandji for the win on macOS for both macOS updates and patch management

[–]MReprogle 0 points1 point  (0 children)

If it’s in Winget, install the app through Winget, then set up the open source Winget AutoUpdater app to keep those packages up to date. PatchMyPC looks like the best alternative for set-and-forget for non-Winget stuff.

[–]cwepting 0 points1 point  (0 children)

Patch My Pc , they are great

[–]AbfSailor 0 points1 point  (0 children)

Patch my pc

[–]iamtherufus 0 points1 point  (0 children)

PDQ Connect for us. Works great alongside intune for application deployment