Compare
PDQ pushes software to your Windows machines and catalogs what's installed. WinSentinel tells you whether those machines are securely configured — and fixes them when they're not.
TL;DR: PDQ is a Windows software deployment & inventory suite (push apps and patches, catalog assets). WinSentinel is a security hardening tool (audit misconfigurations, score posture, auto-fix, compliance). They solve different problems — PDQ keeps machines up to date, WinSentinel keeps them hardened. Many teams use both.
| Capability | WinSentinel | PDQ Deploy & Inventory |
|---|---|---|
| Primary Purpose | Security hardening & compliance | Software deployment & inventory |
| Security Posture Score | ✓ 0-100 with grade (A-F) | ✗ Not a security tool |
| Auto-Remediation | ✓ One-click fix for findings | Via custom deploy packages |
| Configuration Auditing | ✓ 33 audit modules | ✗ Reports config, doesn't judge it |
| Compliance Mapping | ✓ CIS, SOC2, HIPAA, Essential 8 | ✗ Not designed for this |
| Software Deployment | ✗ Not a deployment tool | ✓ Core strength (packages & patches) |
| Patch Management | Flags missing updates | ✓ Deploys third-party patches |
| Software Inventory | ✓ With vulnerability flagging | ✓ Comprehensive catalog |
| Real-Time Monitoring | ✓ Continuous agent mode | Scheduled scans |
| Threat Detection | ✓ MITRE ATT&CK mapping | ✗ Not designed for this |
| Open Source | ✓ MIT licensed | ✗ Proprietary |
| Setup Time | 30 seconds (dotnet tool) | Server install + agent deploy |
| CI/CD Integration | ✓ GitHub Action + SARIF | ✗ Not designed for CI |
$0/forever
All security features, no limits, one machine. Full power.
Pro fleet: $29/25 nodes · $79/100 nodes
$1,575/yr (per admin)
On-prem Deploy + Inventory bundle, licensed per admin. PDQ Connect (cloud) is priced per device.
Pricing scales with admins & managed devices
PDQ pricing is approximate and per their published plans; check pdq.com for current rates.
Many teams use PDQ to keep software current and WinSentinel to keep it securely configured. They’re complementary — deploying the latest version of an app doesn’t harden the OS around it.
WinSentinel goes beyond deployment — it finds the misconfigurations PDQ never checks and fixes them.
dotnet tool install --global WinSentinel.Cli
They solve different problems. PDQ Deploy pushes software and patches to Windows machines, and PDQ Inventory catalogs what is installed. WinSentinel audits how a machine is configured for security, scores it 0-100, and fixes the misconfigurations it finds. Deployment and hardening are complementary - many teams run both.
No. WinSentinel does not push application packages or run a software repository. Its fixes are targeted security remediations — toggling BitLocker, tightening firewall rules, disabling SMBv1, correcting Defender settings — not general-purpose software distribution. If you need to install or update apps across a fleet, PDQ Deploy is the right tool; if you need to know whether those machines are securely configured, that is WinSentinel.
It inventories security-relevant state — installed software (with vulnerability flagging), services, drivers, scheduled tasks, local accounts, startup items and more — as part of its audit. But its focus is judging that state against security best practice and remediating it, not full asset management, license tracking or hardware lifecycle reporting.
WinSentinel is free for unlimited use on a single machine — all audit modules, the real-time monitor, scheduled scans and PDF reports, with no account. PDQ Deploy & Inventory is licensed per-machine annually (roughly $1,575/yr per admin for the on-prem Deploy + Inventory bundle, with PDQ Connect priced per device). WinSentinel Pro — which adds fleet management across many machines — is $29/mo for up to 25 nodes or $79/mo for up to 100 nodes, with annual billing saving 17%.
Yes. The CLI and every audit module are free and open source under the MIT license, installed with dotnet tool install --global WinSentinel.Cli. A single machine gets the full power — all audit modules, the real-time monitor, scheduled scans, and PDF reports — with no limits and no account required. Pro is only for organizations that want to manage many machines from one control plane.
Yes. WinSentinel is built specifically for Windows 10 and Windows 11 (and Windows Server), just like PDQ. It uses native Windows APIs to audit configuration that cross-platform tools treat generically, which is why its hardening checks are deeper on Windows.