PDQ Deploy, in conjunction with PDQ Inventory, can be a powerful tool in setting up automated software deployments. When combined, the two can be configured to identify and patch many of the most common applications with pre-built packages in our Package Library. Below is how I like to setup my software deployments using PDQ Deploy's, Package Library, and PDQ Inventory's, Collection Library.
The four prominent features we're going to use to set up our automated software patching are:
Auto-Download Packages, Scheduled Deployments, the Package Library, and the Collection Library.
This is how I build an automated silent software deployment of 7-Zip.
First, I download the 7-Zip package from the library:
While that's downloading, I create a new schedule for 7-Zip. There are a few things I like to modify, starting with the triggers. I almost always use a heartbeat trigger in conjunction with a traditional trigger on all my schedules. Both triggers help catch those laptops or machines that are shut down during my normal patching hours.
The next and probably most important part of this whole process is targeting correctly. In my schedule, I want 7-zip on all machines that have an outdated version of 7-Zip, as well as any machines that don't have it installed. So I use two Inventory collections as my targets. (7-Zip (old) and 7-Zip (not installed).
Now, I look at the 'Options' tab in the schedule definition. I make sure that scans are running after the deployment, in this case, an applications scan, because I’m pushing an application out to the machines. This scan is important when using aggressive triggers. That way I make sure I’m not needlessly deploying the same patch over and over to the same machines while waiting on typically longer inventory scan triggers
The last thing on my list to complete our remote install of 7-Zip is to attach the 7-Zip package to the schedule from the ‘Packages’ tab, otherwise, what was the point of setting the rest of this up?
I like to create a schedule for each application that I am patching. Creating a schedule gives me the most granular control of when each package goes out and how often. In part two of this blog, I’ll show you how I set up pilot groups to test application updates in my environment before rolling new patches out to everyone. Also, check out this video for best practices using the auto-download feature in PDQ Deploy.