I have never used a software deployment tool. Is this a good approach?
Hi, we purchased PDQ Deploy & Inventory a few months ago. I have used Inventory a lot since then but I'm trying to wrap my head around PDQ Deploy because I have never had a software deployment tool before.
These are my goals :
-Improve workstation deployment.
Currently we have been running the same Powershell script without logic that does back to back installs of a bunch of msi's and exe's silently : Chrome, LogMeIn Central, WinSCP, Dymo Connect, Microsoft 365 desktop apps, BitDefender, etc. I set all these up as PDQ Deploy packages and for a fresh machine I can now create a PDQ deploy schedule with the 9 packages to all run back to back. Is that a good approach?
-Improve patch management.
We are already doing good with OS patching, but 3rd party software is all over the place. For packages that are not in the included PDQ package library, is it just a matter of me going to get the most current MSI from the vendor, and then pushing that package out to machines again?
Other Questions :
-How much do you warn people before pushing software out? This should probably only be nights and weekends right?
-What is the rationale behind disabling auto-patching on everything? Do people test new Chrome patches in their environment before deploying. At least with browsers my philosophy is always to patch as fast as possible.
Thanks!
-1
Comments
Workstation deployment - That's what we do as well, we target computers in a OU that contains the new computers when they are first imaged and domain joined. Typically, you want to separate deployments into separate schedules. But for new computers, it shouldn't be a problem.
Improved patch management - Exactly. PDQ maintains packages for software that isn't license restricted. Otherwise, you create your own using the silent install commands and any configurations you need.
We warn if there is a reboot. But do your testing, some software is unreliable. MSI's are usually consistent, most of the time. It really just depends on your environment and communication culture.
Typically auto patching is disabled to control versioning. This can also be important for software like web-browsers, because when they auto update, they do so in the user context and not system context. Which creates problems. Auto updates can also prompt users to update when they don't have admin credentials to do so. It can be enabled, but admin beware. I just setup schedules for browser updates to run once or twice a week in Deploy.
Also check out their YouTube channel, this playlist is about getting started. https://www.youtube.com/watch?v=sP6gM__Kuzs&list=PL1mL90yFExsgYllGtMBoG-Fr_LV_BZOh8
They have a webcast every Thursday on YouTube as well where you can ask questions.
Very helpful, thank you!