WSUS for General Patching, Bigfix for emergency patching?


We run into the situation where I am using WSUS to patch my 6000+ workstations.

However, as we know, this process takes time and has its flaws.

I want to be able to use Bigfix concurrently with our WSUS, to be able to safely hammer in security / critical updates to patch issues like the WPA Crack vulnerabilities, while letting WSUS handle the lower priority updates.

I am under the impression I cannot simply deploy the patches from Bigfix as things stand, because it will somehow break WSUS reporting or cause other issues.

Can someone knowledge-able / experienced with this scenario provide some insight? The literature I read seems either to be one system or the other but not concurrent…

Thank you in advance!


You can use them both just fine-- what you do with what is kind of up to you. You can use them both in concert to patch your machines, but I would move all reporting to BigFix. BigFix can grab things like patch installation date regardless of the deployment platform.

Okay, cool! Thanks! And I will checkout using Bigfix for my reporting.

Any process ‘gotchas’ I should worry about, like not approving the update in WSUS if im going to deploy in Bigfix for example?

Well, attempts to “reinstall” a patch a second time will fail, so no technical issues.

What I would probably do is schedule out my WSUS patches for the initial rollout, and then pick a day later in the week to catch any outliers. It get’s a little more complicated from a logistics standpoint if you are deploying patches on different days to different groups, but you get the idea.

Further, BigFix can patch machines that do not have access to your WSUS server.

1 Like