Two products I have been playing with to keep isolated BMS networks that have windows boxes updated. BMS network with all the hosts isolated from any external network. How does one keep the PCs used by the staff for monitor updated especially when its more than one and not managed by the customers internal IT?
Batchpatch - https://batchpatch.com/
Cost
$400/user/yr for ongoing support and updates. Free version is fully functional, limited to 4 machines at a wack. Pro, one user can manage any number of machines. Can purchase pro once, use does not expire. Just can't update after the year expires.
Use
Complete offline windows update to any number of machines. Does a fair bit more than this as well. Deploy software, run tasks, etc.
Does not require agent running on each machine. Requires local admin account, PsExec, file & print sharing & WMI.
https://docs.microsoft.com/en-us/sysint ... ads/psexec
Ninite - https://ninite.com
Cost
$1 box / month for pro
Use
Keep all the crap not updated by the standard windows update mechanism. Non-MS browsers, java, teamviewer, putty, VNC, etc. Rather long list of common applications.
Requires an agent on each machine. Updates are transparent to the user. Some apps if in use, cannot be updated at that time.
Will add to this as time goes on. Got something else for isolated networks without WSUS/AD?