Patching windows
Results 1 to 9 of 9

Thread: Patching windows

  1. #1
    Senior Member
    Join Date
    Feb 2002
    Posts
    177

    Patching windows

    What do you think the best approach is to patching a 100% windows environment? We have about 400-500 machines across North America. I can almost guarantee that none of the machines know what a MS patch even looks like. We have SMS running, but the contstant reboots between patches would screw this up.
    So what would you say is the best way to go about this?
    Hey zigar! This is what you do for a living right? hehe What do you do?

    Thanks!

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    well ...you could dedicate your life to the pursuit...(and with 500 boxes...it would likely be all you did...hehe)

    One tool that i've been messing around with is called Service Pack Manager from

    www.securitybastion.com

    i've only got the freeware version, which will enumerate missing service packs and hotfixes on all your network machines within a domain...(which is very valuable on it's own...)..the full version looks like you can remotely apply customized service packs for each machine...

    i've no experience with it in real life...but it would be worth a look at...

    a license for 500 machines is about 5 grand...but that's only 10 bucks a machine...seems to me that's pretty cost effective ...if it works as advertised...they do a have time limited fully functional demo...and the crippled freeware version...

    from their site

    Product Overview
    Service Pack Manager 2000 enables system administrators to fix security vulnerabilities and stability problems in Windows NT/2000/XP and additional Microsoft products. The increasing number of viruses such as Code Red and Nimda worms and continuous discoveries of security flaws in Microsoft products mandate cost-effective security measures, provided by Service Pack Manager 2000, to protect both servers and workstations on the enterprise networks.

    Service Pack Manager 2000 is an automated security utility that allows an IT professional to remotely detect, track, monitor, and install Windows NT/2000/XP Service Packs and Hotfixes on the enterprise networks from a central console. Remote inventory, research, and deployment of the security vulnerabilities patches and stability updates makes Service Pack Manager highly cost-effective tool when used on the enterprise LANs and WANs. More importantly, it makes the task of maintaining security of the large networks viable.

    You can use the Manual Update Costs spreadsheet to estimate the costs of maintaining the security and stability of Windows NT/2000/XP machines manually, based on the network size, labor costs, update frequency, and other enterprise-related factors.

    Service Pack Manager 2000 provides the solutions to many problems that you are challenged with while trying to keep your network secure:

    - It provides easy-to-use detection of the hotfix installation on remote computers. The installation status of hundreds of hotfixes can be detected in minutes on any number of remote computers, and presented in easy-to-read report. The alternative of manual discovery of installation of multiple hotfixes on hundreds of computers is simply not viable.

    - It provides easy-to-use Service Pack and hotfix installation. Multiple hotfixes can be simultaneously installed on multiple machines within minutes. The alternative of manual installation of Service Packs and multiple hotfixes on multiple machines is not viable, especially considering the fact that it requires to physically attend every target computer, whether it is located on the same building floor, another building, or a different geographical location.

    - It provides capability of detecting a particular set of hotfixes that might have critical security importance to a particular Windows platform. For example a hotfix that prevents Denial of Service attack on Windows NT/2000 servers running Internet Information Services (IIS).

    - It eliminates the need to write time-consuming and complicated scripts to perform the management tasks involved in managing Service Packs and hotfixes on the networked machines.
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    177
    Sounds like a pretty nice toy...thnx for the info.
    Yeah, it took me about 20 minutes just to patch one machine with everything it needed. Multiply that by 500, plus the fact that more than half of these machines are remote.......whoa just got dizzy. Better not think about it.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    244

    Re: Patching windows

    You can also use http://www.bigfix.com/website/enterprise/overview.html

    I use the Bigfix client[freeware] and it works great.[a must have ]
    i m gone,thx everyone for so much fun and good info.
    cheers and good bye

  5. #5
    Junior Member
    Join Date
    Mar 2002
    Posts
    2
    Hey zigar

    Thax for the info, I'm just about to test the software

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    There was a recent thread on the Focus-MS mailing list at securityfocus about this, it's worth checking out. There are very many autoupdate software packages available based on hfNetCheck.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Posts
    177
    Thanks for all the adivce on this one. I've been playing around with the hfnetchk utility too. Its a pretty nice little tool.

  8. #8
    Junior Member
    Join Date
    Sep 2001
    Posts
    1
    I can assure you it works (Service Pack Manager 2000). Lots of very well known names across all industries (from banks and insurance companies, hi-tech sector, through oil corporations, phone companies, and to Army, AFBs, Navy, Pentagon and NASA, and more - they all use it quite successfully, LANs or WANs...)

  9. #9
    Senior Member faust's Avatar
    Join Date
    Oct 2001
    Location
    Chicagoland/Murphysboro
    Posts
    105
    use qchain to link the hotfixes requiring 1 reboot...
    ms knowledge base article Q296861
    It's free!
    qchain

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •