When it comes to keeping your network secure, few things can be as critical (and annoying) as keeping your servers and workstations patched.

At least in the Windows world, Microsoft comes out with vulnerability patches on the second Tuesday of each month. 

Affectionately known as "Patch Tuesday" this is a day that is the bane of most IT Administrator’s existence. 

Why do you ask?  Because it means another round of downloading patches, another round of testing, another round of scheduling deployments and then dealing with any fallout when applications for some strange reason just stop working.

Automation is the Key

Anyone who’s been in the IT industry for any length of time knows that automation is the key to eternal happiness, and automating system patching is essential.

Everyone has their preferred way of automating this process, and we’re very interested in knowing your favorite method.

Some of the one’s I’ve used and have grown to "appreciate" even if I don’t love them, are:

Windows Server Update Services (WSUS)

WSUS is a free offering from Microsoft and has come along way since the 1.0 days. 

It offers a comprehensive management console, and allows you to patch Windows servers and workstations.  With a variety of built-in reports, it can make deploying patches throughout your environment much less painful.  WSUS also integrates with Microsoft’s System Center Configuration Manager (SCCM 2007) and together provide a robust platform to patch, deploy, image and more.

AutoPatcher

AutoPatcher, while not as commercially recognized in the corporate environment, provides a user-friendly method for patching your environment. 

Updates are provided monthly, and you can patch/tweak a number of things beyond Microsoft’s security vulnerabilities.

In essence, AutoPatcher is a comprehensive collection of patches, addons and registry tweaks and some IT people prefer it to WSUS or other patching options.

Patchlink

Patchlink, which has recently purchased by Lumension, has a Patchlink Update Server (Plus!) product that takes a lot of the sting out of patching larger environments.

Patchlink is an agent-based patching solution, and once a client has the patchlink agent installed it checks in with the Patchlink server and reports its currently vulnerabilities.

With Patchlink you are able to group deployment based on operating system or groups of your choosing, along with being able to define users who can administer (deploy) patches to their own systems.

Being able to schedule patches ahead of time, stagger deployments to various groups across an enterprise footprint, and get fairly real-time reporting make Patchlink a major contender in the larger enterprise patching space.

There are some other great patching tools out there, including some home grown scripts for small networks that do the trick just fine.  Share your favorites, or your tried and true methods (or even the patching products you hate!)