Patch Management In The Enterprise, Part II


In part I of our patch management series we discussed basic concepts and key issues that need to be addressed in order to successfully patch an enterprise-level environment. In this, our second instalment, we will look at several patch management solutions that are on the market, to see which would be the best fit for your organization. We will analyze the following: Microsoft's Systems Management Server 2003; PatchLink Update; Altiris' Patch Management Solution; and Shavlik's HFNetChkPro.

Systems Management Server 2003

Systems Management Server 2003 (SMS2003) was a huge step forward for Microsoft when compared with previous versions of the product. Most long-time users of SMS are familiar with its core features, such as software deployment capability, hardware and software inventory, and software license monitoring. The most significant improvement in SMS2003 is the addition of security patch management functionality. Through the use of the Microsoft Baseline Security Analyzer (MBSA) and the Microsoft Office Inventory Tool, SMS2003 is able to provide vulnerability analysis for the first time.

SMS2003 is an agent-based solution that requires client-side software to be installed on each managed workstation or server. Through Active Directory discovery, whenever a machine is added to the domain, this client software is installed automatically.