Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Patch Management...

  1. #1
    Senior Member
    Join Date
    May 2004
    Posts
    140

    Patch Management...

    So...what exactly do you use (I use Patchlink ) and how do you test your patches before deploying them? how compliant would you say you are?
    Romans 7:14-20
    14 We know that the law is spiritual; but I am unspiritual, sold as a slave to sin. 15 I do not understand what I do. For what I want to do I do not do, but what I hate I do. 16 And if I do what I do not want to do, I agree that the law is good. 17 As it is, it is no longer I myself who do it, but it is sin living in me. 18 I know that nothing good lives in me, that is, in my sinful nature. For I have the desire to do what is good, but I cannot carry it out.

  2. #2
    is that really from Romans? pretty cool!)
    ÍòǧÊÀ½ç¶àÆæÃºÆå«ÓîÖæÊ®ÍòÎÊ¡£
    ¹Â¶ÀºÚ¿ÍÀë¾ýÈ¥£¬Óû°é¹éÏçÖйú
    ºì¡£

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Microsofts SUS.... It's brilliant....

    I don't have public facing servers that have "abnormal" stuff on them so I apply the patches automatically and deal with any issues I might get by uninstalling the patch.... I have yet to have an issue that requires a patch to be uninstalled.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    I use YAST.

  5. #5
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Originally posted here by Tiger Shark
    Microsofts SUS.... It's brilliant....

    I don't have public facing servers that have "abnormal" stuff on them so I apply the patches automatically and deal with any issues I might get by uninstalling the patch.... I have yet to have an issue that requires a patch to be uninstalled.
    I also use SUS. Although... it is lacking in MANY places. The ability to create groups and choose which groups you want the patches to go to. Once you approve an update... every machine that checks in with it will grab anything that is approved for that platform. (short of upgrading IE versions)

    If you want to have several groups, you need to run multiple SUS servers and point them to the correct servers. If I'm wrong, please tell me... cause I've read the docs... not much to it.

    Reporting... what reporting?! I'm using some perl scripts to analyze the www log and extract the data I need. Then I use m$ baseline security analyzer to compare it with the sus server... which is nothing spectacular....

    IMO- a half assed "solution"... but I can't complain I guess.

    Other than that... it is pretty nice. Does the job and it doesn't cost extra.

    I'm really hoping that they do WUS better... (they are changing from SUS to WUS)...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Phish:

    Fair comments....

    But I run multiple SUS servers so it never occurred to me that it might be a problem.

    But then I want my boxes to apply the patches anyway.... I'd rather be downed by a messed up patch that I can uninstall than being cracked and having to reimage the drive and start again.... It's a toss-up really.... I prefer uninstalling the patch.... but it hasn't happened.... yet...

    I dread think what "Whuss" is from M$....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    In some cases, you have no choice to uninstall the patch. You have to reimage anyway.

    I gave a coworker sp2, and the patches since sp2, along with the latest office xp sp and recent patches...

    She called in early the next morning in a panic. She applied sp2 and all the patches, and etc.
    Upon one of the reboots...

    lsass.exe object not found.....

    Not good... Tried the recovery but it seems that the registry was hosed and it wouldn't do any good... she didn't have system restore turned on and no backups. since it was her home machine... there was also no image...

    I took another HD out, installed the OS, along with the service packs, patches, etc. then mounted her other drive as slave so she could get her data back....

    Hopefully I won't be doing that at work... one box is ok every now and again... but I simply don't have the resources to deal with hundreds....

    Seems I always run into these things with coworkers that *should* know better....
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    People _should_ always know better......

    And this is why we have jobs..... This is a good thing....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    WhatUhScrewup

  10. #10
    Senior Member
    Join Date
    Dec 2004
    Posts
    137
    Originally posted here by gore
    I use YAST.
    hi, do you use Yast to patch your standalone machine or are you patching networked workstations?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •