cross-posted from: https://lemmy.ml/post/2956502
I have 15 VM’s running for clients and I’m looking for a way to keep the tools up to date without having to connect to each server and do it manually. A few examples are WinDirStat, Firefox, SSMS, Filelocator, etc.
We have expanded recently and I’m at the limits of doing this manually. These servers are not domain joined and are in separate virtual networks.
Could use tools like ansible, chef, etc.
Why aren’t they part of a domain?
Creating an AD domain carries a substantial amount of extra overhead that they might not want to deal with. The basics of setting one up are simple enough but actually building out/maintaining the infrastructure the correct way can be a lot of extra work (2 DCs for redundancy, sites configuration, users, groups, initial GPOs). There are also licensing and CAL considerations (bare metal and hypervisor, both different), domain and forest options that can paint you into a nasty corner of you’re not careful, and a whole host of other things to think about and plan around. I’m not arguing that a domain is bad, on the whole I agree 100%. I just like to set the record straight that building a new production domain isn’t as simple as a lot of people would have you believe, and OP might not have the time to go through all that.
PDQ Deploy and Inventory. Simple and effective.
We are using Tanium, just put the agent on the servers and you are good to go…build your packages and set up deployment jobs.
It also handles Windows patching, and can do system inventory, among other features.
It’s also great for software deployments to you remote workforce systems that are rarely/never on the corporate network.
And seriously, you want a domain. GPOs are incredibly useful for pushing out a huge variety of Windows config changes extremely easily.
Tactical RMM works well for me. You also can use ssh.
You will need a software manager such as Ruckzuck or scoop
