PDQ.com mobilePDQ.com desktop
Support

PDQ Deploy Automated Software Deployments: Part 1

Josh MackelprangJosh Mackelprang
·

PDQ Deploy, in conjunction with PDQ Inventory, can be a powerful tool in setting up automated software deployments. When combined, the two can be configured to identify and patch many of the most common applications with pre-built packages in our Package Library. Below is how I like to setup my software deployments using PDQ Deploy's, Package Library, and PDQ Inventory's, Collection Library.

The four prominent features we're going to use to set up our automated software patching are:

Auto-Download Packages, Scheduled Deployments, the Package Library, and the Collection Library.

Building an Automated Software Deployment

This is how I build an automated silent software deployment of 7-Zip.

First, I download the 7-Zip package from the library:

While that's downloading, I create a new schedule for 7-Zip. There are a few things I like to modify, starting with the triggers. I almost always use a heartbeat trigger in conjunction with a traditional trigger on all my schedules. Both triggers help catch those laptops or machines that are shut down during my normal patching hours.

The next and probably most important part of this whole process is targeting correctly. In my schedule, I want 7-zip on all machines that have an outdated version of 7-Zip, as well as any machines that don't have it installed. So I use two Inventory collections as my targets. (7-Zip (old) and 7-Zip (not installed).

Now, I look at the 'Options' tab in the schedule definition. I make sure that scans are running after the deployment, in this case, an applications scan, because I’m pushing an application out to the machines. This scan is important when using aggressive triggers. That way I make sure I’m not needlessly deploying the same patch over and over to the same machines while waiting on typically longer inventory scan triggers

The last thing on my list to complete our remote install of 7-Zip is to attach the 7-Zip package to the schedule from the ‘Packages’ tab, otherwise, what was the point of setting the rest of this up?

Wrapping it up

I like to create a schedule for each application that I am patching. Creating a schedule gives me the most granular control of when each package goes out and how often. In part two of this blog, I’ll show you how I set up pilot groups to test application updates in my environment before rolling new patches out to everyone. Also, check out this video for best practices using the auto-download feature in PDQ Deploy.

Ready to get started?

Take our 14-day Free Trial.
This round is on us!

Don't miss the next post!

May 2020 Patch Tuesday Vulnerabilities

May 2020 Patch Tuesday Updates and Vulnerabilities. This month has continued the trend of fewer issues that we have seen since February. CVE’s patched dropped from 113 all the way down to 111.