PDQ Deploy

Basic Information

• Model: PDQ Deploy (often bundled with PDQ Inventory)
• Version: Latest stable version is 19.5.0.0.
• Release Date: Version 19.5.0.0 was updated on October 9, 2025.
• Minimum Requirements:
  • Operating System (Console/Server): Windows 10 / Server 2016 or later.
  • Operating System (Target Computers): Windows 10, 11, Server 2016 or higher.
  • .NET Framework: 4.7.2 or later.
• Supported Operating Systems:
  • Console/Server: Windows 10, 11, Server 2016 or later.
  • Target Computers: Windows 10, 11, Server 2016 or higher.
  • Not Supported: Windows 7, 8, 8.1, Server 2012 R2 or lower, Windows Vista, XP, and Home editions.
• Latest Stable Version: 19.5.0.0.
• End of Support Date: Not explicitly stated as a fixed date; support is tied to an active subscription for Pro and Enterprise licenses.
• End of Life Date: Not explicitly stated as a fixed date; perpetual licenses allow indefinite use of the purchased version, but updates and support require a current subscription.
• Auto-update Expiration Date: Not applicable; auto-updates for the Package Library and product are tied to an active subscription.
• License Type: Free, Pro, and Enterprise. Free mode allows unlimited use of a subset of features. Pro and Enterprise are subscription-based, with Enterprise offering all features including multi-user capability with Central Server and auto-download of library packages. Licenses are per administrator, not per managed computer.
• Deployment Model: On-premises, agentless, client/server model. It interacts with endpoints using standard Windows authentication.

Technical Requirements

• RAM:
  • Console/Server: Minimum 4 GB, 8 GB recommended.
  • Target Machines: Minimum 1 GB, 2 GB recommended.
• Processor: Not explicitly detailed for the console, but generally requires a modern 64-bit Intel or AMD processor. For PDQ Connect Agent (related product), recommended is 3.0 GHz or higher.
• Storage: Approximately 50-100 GB recommended for package repositories and databases, with fastest disk storage (NVMe or SSD) recommended.
• Display: Not specified, standard display capabilities are assumed.
• Ports: Utilizes SMB (Server Message Block) protocol for file transfer, preferably SMBv3. Requires administrative access to IPC$ and ADMIN$ shares on target computers.
• Operating System:
  • Console/Server: Windows 10 / Server 2016 or later.
  • Target Computers: Windows 10, 11, Server 2016 or higher.

Analysis of Technical Requirements: PDQ Deploy's technical requirements are moderate for the console/server, emphasizing sufficient RAM and fast storage for optimal performance, especially with larger package libraries and databases. The target machine requirements are minimal, reflecting its agentless design and reliance on existing Windows infrastructure. The software leverages standard Windows protocols like SMB, which is a common and efficient method for network communication in Windows environments. The .NET Framework dependency is standard for many Windows applications. The recommendation against installing on a Domain Controller or Microsoft Exchange Server indicates a focus on dedicated server roles for the application to avoid potential conflicts or performance issues.

Support & Compatibility

• Latest Version: 19.5.0.0.
• OS Support:
  • Console/Server: Windows 10, 11, Server 2016 or later.
  • Target Computers: Windows 10, 11, Server 2016 or higher.
• End of Support Date: Support is included with active Pro and Enterprise subscriptions.
• Localization: Not explicitly detailed, but the product is widely used in English-speaking IT environments.
• Available Drivers: Not applicable for this software, as it is a deployment tool and does not require specific hardware drivers for its operation.

Analysis of Overall Support & Compatibility Status: PDQ Deploy maintains strong compatibility with current Windows operating systems, both for its console and target machines. The support model is subscription-based, ensuring access to updates and assistance for licensed users. This approach incentivizes continuous updates and provides ongoing value. The integration with Active Directory is a key compatibility feature, allowing for efficient targeting of machines. The product is designed for on-premises Windows device management, complementing cloud-based solutions like PDQ Connect for remote environments.

Security Status

• Security Features:
  • Data encryption for sensitive information (passwords) stored in PDQ databases using industry-standard AES encryption with three separate keys.
  • Agentless, client/server model interacting with endpoints via standard Windows authentication, creating temporary services that are deleted after use.
  • Regular access to the internet for Package Library, Collection Library, Tools Library, and system variables updates via HTTPS.
  • Vulnerability Monitoring and Scanning Program, including weekly internal and external vulnerability scans and code analysis tools.
  • Annual human-based and weekly automated penetration tests.
  • Integration with third-party bug bounty programs.
  • Ability to update older, out-of-date software packages to enhance security posture.
  • Utilizes the highest available SMB version (preferably SMBv3) for file transfers, which supports AES encryption.
• Known Vulnerabilities:
  • A credential-theft risk was identified in December 2024, where admin credentials used by PDQ Deploy's "Deploy User" run mode could be stolen from active memory on target machines by an attacker with local access. This is attributed to long-established Windows vulnerabilities.
  • Past instances of PDQ Deploy being used by threat actors to spread ransomware (e.g., Medusa ransomware in April 2024).
  • Older vulnerabilities (2017) included improper authentication and information disclosure due to insecure transmission of username/password, with recommendations to keep equipment behind a secure firewall and change default passwords.
• Blacklist Status: No general blacklist status is indicated.
• Certifications: Not explicitly detailed in public information.
• Encryption Support:
  • AES encryption for sensitive data at rest (passwords in databases).
  • Data in transit uses HTTPS for external communications and SMB (preferably SMBv3 with AES encryption) for internal endpoint interactions.
• Authentication Methods: Relies on existing Windows authentication for access control. Supports both local and domain administrator accounts.
• General Recommendations:
  • Mitigate credential-theft risk by using Windows Local Administrator Password Solution (LAPS) for endpoint-specific credentials and applying the principle of least privilege.
  • Utilize the "Logged on User" deploy mode (Enterprise version) for more secure deployments, though it may require user action.
  • Ensure PDQ equipment is not accessible from the internet and is behind a secure firewall.
  • Change default passwords on all network equipment.
  • Maintain a patched and securely configured Windows server for PDQ Deploy.

Analysis on the Overall Security Rating: PDQ Deploy incorporates robust security measures, particularly in data encryption for stored credentials and secure communication protocols (HTTPS, SMBv3) for data in transit. The company actively monitors and remediates vulnerabilities through regular scanning, penetration testing, and a bug bounty program. However, a notable credential-theft risk exists due to reliance on underlying Windows vulnerabilities when using the "Deploy User" run mode, which requires careful mitigation strategies like LAPS and least privilege. The product's agentless nature and dependence on Windows authentication mean that the overall security posture is also heavily influenced by the security of the underlying Windows environment and network configuration. General recommendations emphasize network isolation and strong password practices.

Performance & Benchmarks

• Benchmark Scores: Specific benchmark scores are not publicly available for PDQ Deploy.
• Real-world Performance Metrics:
  • Streamlines software deployment and automates updates efficiently.
  • Capable of deploying applications, patches, and updates to endpoints quickly.
  • Automates repetitive tasks, freeing IT staff.
  • Efficient for managing large numbers of computers.
  • Fast and reliable for remote deployment of multiple updates and application installations.
  • Real-time monitoring and tracking of deployment progress.
  • Can deploy to thousands of machines without significant performance issues.
• Power Consumption: Not applicable, as it is software.
• Carbon Footprint: Not applicable, as it is software.
• Comparison with Similar Assets:
  • Often praised for being simpler to set up and use than alternatives like SCCM or Intune, especially for small to medium-sized organizations.
  • Excels in automated software deployment across multiple systems with minimal user intervention.
  • Integrates well with Active Directory and PDQ Inventory for optimized deployment processes.
  • PDQ Connect (cloud-based) is noted to have feature limitations compared to PDQ Deploy (on-premises).

Analysis of the Overall Performance Status: PDQ Deploy is highly regarded for its performance in automating and streamlining software deployment and patch management across Windows networks. Users consistently report significant time savings and increased efficiency due to its ability to handle bulk deployments, schedule tasks, and integrate with inventory tools. Its agentless architecture contributes to its efficiency by reducing overhead on target machines. While specific quantitative benchmarks are not published, user feedback highlights its speed and reliability in real-world IT environments, making it a strong performer for on-premises Windows management.

User Reviews & Feedback

Users widely praise PDQ Deploy for its ease of use, intuitive interface, and powerful automation capabilities. Many appreciate its ability to streamline software deployment, automate updates, and integrate seamlessly with PDQ Inventory and Active Directory. The pre-built package library is a significant strength, saving time by providing ready-to-deploy applications and updates. Reviewers frequently highlight its effectiveness in patch management, vulnerability management, and keeping systems up-to-date. Customer support is often described as responsive and knowledgeable.

However, some users note issues with network dependencies, clarity of error messages, and occasional failures with certain packages or off-network devices. A learning curve for advanced features is sometimes mentioned. While highly effective for on-premises environments, limitations with mobile workforces and off-network deployments are acknowledged, which is where PDQ Connect (cloud-based) aims to fill the gap. Some users find the UI a bit cluttered and wish scripting/automation building were simpler. The tool's strong dependence on Active Directory services and DNS is also a point of feedback.

Recommended use cases include silent installation of applications, patch management, updating third-party software, deploying custom scripts, and making configuration changes across multiple Windows computers in a network. It is particularly beneficial for small to medium-sized organizations and IT professionals looking to automate repetitive tasks and manage a large number of endpoints efficiently.

Summary

PDQ Deploy is a highly effective and widely praised on-premises software deployment and patch management solution designed for Windows environments. Its core strength lies in its ability to automate the installation, uninstallation, and updating of applications and patches across numerous computers from a central console, significantly reducing manual effort for IT administrators. The integration with PDQ Inventory and Active Directory enhances its capabilities, allowing for precise targeting and management of devices.

Strengths include its intuitive interface, extensive pre-built package library, robust automation features, and strong customer support. It is particularly well-suited for small to medium-sized businesses and organizations with a predominantly Windows-based, on-premises infrastructure. The licensing model offers flexibility with Free, Pro, and Enterprise tiers, catering to different organizational needs and budgets.

Weaknesses primarily revolve around its dependency on network connectivity and Active Directory, with some users reporting occasional issues with off-network devices or complex error clarity. A significant security consideration is the credential-theft risk associated with the "Deploy User" run mode, which necessitates careful implementation of mitigation strategies like LAPS and the principle of least privilege.

Overall, PDQ Deploy offers a compelling solution for efficient and automated Windows endpoint management. Its performance in real-world scenarios is consistently positive, making it a valuable tool for maintaining software currency and security. While it requires attention to security best practices, its benefits in terms of time-saving and operational efficiency are substantial.

The information provided is based on publicly available data and may vary depending on specific device configurations. For up-to-date information, please consult official manufacturer resources.