I want to make windows clients at my workplace more secure by using software obtained with winget and have it automatically updated on a regular schedule. I have a Linux (Gentoo and Debian) background.
In the majority of cases the users are AD users without Administrator rights, so they cannot do winget upgrade --all in PowerShell. My idea was to create a scheduled task which runs as the SYSTEM user, but unfortunately, a PowerShell spawned that way cannot access winget, reporting that this Cmdlet cannot be found.
I recently saw WAU (Winget-AutoUpdate). I did not try it myself yet. Can it do the job? What are you doing to maintain 50+ windows clients with users that are not Administrators on their system and lack the knowledge to update software besides what Windows 11 does for them out-of-the-box.
Interestingly, there does not seem to exist anything on Windows that is as easy as cron, systemd.timers or unattended-updates. And, in most cases users of Linux clients get sudo rights, because you can expect some basic knowledge about the package manager. On the other hand it wouldn’t strictly be neccessary if they are not devs and need only a static set of software. The beauty of having it all in one repo + flatpaks in user space makes it all possible on Linux.
Even with winget which is a great relieve on Windows, btw., OS updates are seperate from app updates; basically only “flatpak”, but without native auto-updates.
One additional remark: The apps need to be preinstalled before a new AD user logs on; I have to use --scope machine with winget. Users should not be bothered installing software themselves, not even with winget install --scope machine
I like to read, what you are using and I hope, it can be done without spending money on it. An open source solution is preferred.
Have your looked at chocolatey?
No, thx, I’ll check it out.