7MS #277: Patching Solutions Bake-Off - Part 3

ManageEngine Desktop Central

Overall, I have to bluntly say that I really enjoyed playing with ManageEngine's solution. It's got a crap-ton of features built into it - above and beyond patching - that I think IT/security folks will really appreciate.

Pros

• Agent or agentless management of systems

• MDM (didn't play with it but it certainly looks feature-rich)

• Application white/blacklisting

• Ability to push out configurations for things you'd normally use GPOs for - i.e. setting a login banner, enforcing screen locks, setting IE homepage and search engine, etc.

• Patch management is full-featured - it's easy to setup a simple "scan systems, download and deploy missing patches." Or just a "scan to identify missing patches" kind of thing. It's easy to run a variety of reports to find out which systems are most vulnerable, which patches are missing across the enterprise, etc.

• Software deployment engine - there's a big package library where you can easily search and deploy things like Dropbox, Adobe Reader, etc. It also includes a self-service portal where users can simply select certain packages and have them installed automagically!

• Inventory - ability to have detailed hardware/software level details on each machine. Ability to block software by path and/or hash. You can also give people a warning saying "We're gonna nuke dropbox in 2 days if you keep it on here!"

• Agent-based install gives you ability to chat with users, remote control systems, send announcements, drop to a command line at a target machine, etc.

• Reports - you can create a report for just about anything under the sun like AD group changes, user logon reports, users that are disabled/expired, and on and on...

• Email alerts - I think you can trigger an email alert for just about ANYTHING that happens in the environment.

...more on today's episode!