We have a number of laptop users for which deploying software updates reliably and promptly is an issue.
The circumstances are:
- The users rarely come into the office. As a result, their computers are rarely connected to the domain/corporate LAN during boot
- Users do not have local admin privileges
- Pre-logon VPN connection is available
- Updates are the typical core apps (Java, Adobe Reader, etc), plus some line of business apps. Mixture of everything from MSIs to self-extracting zips
- Currently use no third party deployment tools
- Fairly small deployment (less than fifty users currently) so don't have the budget or resources for very heavy-weight solutions
- Users regularly connect to the network post-boot (and usually post-logon) via a typical client VPN (happens to be RRAS/SSTP in this case, but probably not relevant)
- Computers in questions are domain-joined Windows 8.1 Pro machines. Servers are all Windows Server 2012 R2
Because of the lack of connectivity to the corporate network during boot, Group Policy software installation doesn't seem to be a viable option for deploying application updates (or new applications for that matter), but I'd be happy to receive advice that says otherwise.
DirectAccess would probably open up more options, but isn't an option for the foreseeable future.
So, my question is this: what solutions would people recommend for reliable and timely deployment of applications/application updates to mobile users who are only rarely connected to the corporate LAN during boot? I'm open to third party tools if they're within the reach of small business.
I have noticed this answer which suggests Intune might be worth investigation (SCCM would likely be too much). Any other suggestions greatly appreciated.
I think Microsoft Intune would offer the services you are looking for. you can sign up for a 30 day free trial and try it out. https://www.microsoft.com/en-gb/server-cloud/products/microsoft-intune/default.aspx?
No need for GPOs or SCCM
I suggest you use group policy in combination with some power shell script to automatically push the update to the user. Basically you can do the following:
Create a external web server to host the list of software and its executable that can be run silent/quiet install. Make sure to inclduing CRC/Hash check for each package
Create a Powershell script that automatically download the link from the web server and run it. Also, there should be some type of CRC/Hash check function to ensure the file download is untamped. (Make sure including so type of mechanism to notify the user that its trying to install update/patching)
Set a Group Policy Object that automatically run the script on restart/start up
Try PDQ Deploy. you might need a MSI package builder tool to deploy EXE applications. It will be much cheaper then SCCM infrastructure.