How to deploy monthly Windows updates

Brock Bingham candid headshot
Brock Bingham|February 14, 2017
monthly updates
monthly updates

I've come to realize that I have a serious love-hate relationship with Windows updates. I love that they patch vulnerabilities and fix bugs. I hate that they take forever and occasionally introduce new vulnerabilities and bugs. Windows updates are the epitome of "can't live with them, can't live without them." And I'm not alone in my frustrations. There's a good chance you or someone you love expresses similar feelings towards Windows updates. Thankfully, PDQ Deploy and PDQ Inventory make managing and deploying Windows updates a breeze.

How does PDQ software help?

PDQ Deploy and PDQ Inventory specialize in deploying applications and managing system information. With PDQ Deploy, you have access to our package library, which is jam-packed with hundreds of pre-built application packages, including Windows updates. PDQ Inventory, on the other hand, specializes in collecting and organizing information about the computers in your environment, making it easy to keep track of which computers have the latest updates and which don't. This epic combination will transform your network management capabilities.

Windows 7 & Windows 8.1 updates

Yes, you read that right. You may have incorrectly assumed that Windows 7 was dead. And while you're not wrong, you're not right either. 

Support for Windows 7 officially ended on January 14, 2020. However, if you just couldn't bear to part ways with your beloved operating system, and you had a nice chunk of change sitting around, you could purchase Windows 7 Extended Security Updates (ESU) for a maximum of 3 years. Meaning, there are people out there who will be receiving Windows 7 updates (security updates only) until the year 2023. Mind blown.

So what about Windows 8.1? Windows 8.1 reached end of Mainstream Support on January 9, 2018. However, it continues to have Extended Support through January 10, 2023. So that means that we'll have Windows 7, Windows 8.1, Windows 10, and soon, Windows 11 all being supported simultaneously. Awesome, right? RIGHT?!?!

Updates for Windows 7 and 8.1 have changed in recent years, though they don't quite follow the same format as Windows 10 updates. Windows 7 and Windows 8.1 come in two distinct flavors: Monthly Rollup and Security-only updates.

Monthly Rollup updates are similar to Cumulative updates. They contain all of the new security fixes for that month, as well as fixes from all the previous Monthly Rollup updates.

Security-only updates only contain security updates for that month. If you need a security update from a previous month, it will need to be downloaded and deployed separately.

Here's what the Windows 7 and Windows 8.1 update packages look like in PDQ Deploy.

monthly updates1

Windows 10

Windows 10 updates present their own challenges because of the numerous different versions of Windows 10 that are available. If you're not familiar with what I'm talking about, here's a list of all the different versions of Windows 10.

  • Windows 10 version 1511

  • Windows 10 version 1511

  • Windows 10 version 1607

  • Windows 10 version 1703

  • Windows 10 version 1709

  • Windows 10 version 1803

  • Windows 10 version 1809

  • Windows 10 version 1903

  • Windows 10 version 1909

  • Windows 10 version 2004

  • Windows 10 version 20H2

  • Windows 10 version 21H1

To add to the confusion, each version of Windows 10 has its own end-of-life date, which you can view here. Additionally, Windows 10 updates come in a few different varieties.

  • Cumulative Updates / Quality Updates: These are the standard Windows updates that are released every month on Patch Tuesday. They contain all of the updates from the previous cumulative updates. These updates include bug fixes, security patches, and system stability improvements.

  • Feature Updates: Feature updates are new versions of the operating system. They are released twice a year, usually in the spring and fall. These updates include new features, security improvements, visual differences, and more. Pre-built packages for feature updates are not available in the PDQ Deploy package library.

  • Out-of-band Updates: Out-of-band updates are updates that are released outside of the normal Patch Tuesday release Window. These patches usually address and patch severe vulnerabilities. Out-of-band updates are not included in the PDQ Deploy package library, but we go over how to create and deploy your own custom packages for out-of-band patches here.

Here's what the Windows 10 cumulative update packages look like in the PDQ Deploy package library.

monthly updates2

Deploying Windows with PDQ Deploy

Okay, now that we know all about the different versions of Windows updates and their little nuances, let check out just how easy it is to deploy them with PDQ Deploy.

What's that? You don't have PDQ Deploy and PDQ Inventory? What are you waiting for? Download our free 14-day trial, so you can finish following along with the article. Go ahead. I'll wait.

monthly updates3

 Finished? Great! Go ahead and launch PDQ Deploy, and we'll get started.

  1. Click on Package Library.

  2. In the package library search box, type in Windows Updates. This will narrow down the packages being displayed.

    monthly updates5
  3. Select the Windows update packages that match the operating systems in your environment, then click Download Selected (As Auto Download). (Note - When you download a package as an "Auto Download" package, it will be automatically updated as new versions of the package become available. Meaning, you won't have to go out and manually download the newest Windows 10 update package every month. It will be automatically downloaded for you.)

  4. monthly updates6
  5. The packages will begin to download into your Packages directory. When the downloads finish, click on the package you want to deploy and click Deploy Once.

    monthly updates7
  6. Enter the name or IP address of the machines you want to deploy to, and click Add Computer. Alternatively, you can click Choose Targets and select your targets from a source like Active Directory or PDQ Inventory. Once you have finished adding all of your target computers, click Deploy Now.

monthly updates8

You can monitor the status of your deployment in the deployment status window. Any errors that are encountered will be reported there.

monthly updates9

If that wasn't easy enough, you could automate this entire process by configuring a schedule for your deployment. With scheduled deployments, you can select the deployment package, the targeted computers, the triggers, and the offline settings to take care of your deployments for you. Once you automate your deployments, you won't even need to lift a pinky finger to get your deployments out on time. You can find out more about scheduled deployments here.

Tracking Windows Updates With PDQ Inventory

It's one thing to deploy updates. It's another thing entirely to keep track of them. However, keeping track of computer information is what PDQ Inventory does best.

Once you've imported your computers into PDQ Inventory, you can sit back and relax while PDQ Inventory takes care of everything else. PDQ Inventory will automatically begin scanning computers as they are added to Inventory. Scans usually only take a minute or two, but they return a lot of useful information. You'll get information back on the operating system, installed applications, hardware, users, services, and so much more. As this data is returned, computers will automatically be distributed among dozens of pre-built containers that filter for computers that match certain criteria, including containers filtering for Windows updates.

In my environment, I have three workstations, all running different operating systems. I can check to see if they have the latest updates in PDQ Inventory by expanding Collection Library > Windows Updates > Workstations > Windows 10 and then expanding the containers of the various operating systems in my environment.

monthly updates10

In this screenshot, you can see the different containers my computers have been grouped into. I have one computer in the Windows 10 2004 64-bit container, another in the Windows 10 20H2 32-bit container, and the last one is in the Windows 10 21H1 64-bit container. The containers marked (Latest) have the latest updates installed. As you can see, the computer named ODIN is in a container marked (Old), meaning it does not have the latest updates installed.

With this information, I can easily identify which computers still need to be updated and get the updates deployed to them. In fact, I can target just the containers designated as (Old) with my scheduled deployments in PDQ Deploy, that way, I'm only targeting the computers that I know need to be updated. The best part is that as the computers are updated, they will be rescanned and moved into the (Latest) containers. Then, when new updates are released, these computers will once again be placed in the (Old) containers until they are updated once again. It's like the circle of life, but with Windows updates!

Wrapping Up

As always, is here to make the lives of our fellow sysadmins easier. Why? Because we're sysadmins, too. We know the pains and struggles of managing Windows updates in an environment where you are grossly outnumbered by the computers you support. Let PDQ Deploy and PDQ Inventory help you take back control of your network.

Brock Bingham candid headshot
Brock Bingham

Born in the '80s and raised by his NES, Brock quickly fell in love with everything tech. With over 15 years of IT experience, Brock now enjoys the life of luxury as a renowned tech blogger and receiver of many Dundie Awards. In his free time, Brock enjoys adventuring with his wife, kids, and dogs, while dreaming of retirement.

Related articles