So...what exactly do you use (I use Patchlink ) and how do you test your patches before deploying them? how compliant would you say you are?
Printable View
So...what exactly do you use (I use Patchlink ) and how do you test your patches before deploying them? how compliant would you say you are?
is that really from Romans? pretty cool!:))
Microsofts SUS.... It's brilliant....
I don't have public facing servers that have "abnormal" stuff on them so I apply the patches automatically and deal with any issues I might get by uninstalling the patch.... I have yet to have an issue that requires a patch to be uninstalled.
I use YAST.
I also use SUS. Although... it is lacking in MANY places. The ability to create groups and choose which groups you want the patches to go to. Once you approve an update... every machine that checks in with it will grab anything that is approved for that platform. (short of upgrading IE versions)Quote:
Originally posted here by Tiger Shark
Microsofts SUS.... It's brilliant....
I don't have public facing servers that have "abnormal" stuff on them so I apply the patches automatically and deal with any issues I might get by uninstalling the patch.... I have yet to have an issue that requires a patch to be uninstalled.
If you want to have several groups, you need to run multiple SUS servers and point them to the correct servers. If I'm wrong, please tell me... cause I've read the docs... not much to it.
Reporting... what reporting?! I'm using some perl scripts to analyze the www log and extract the data I need. Then I use m$ baseline security analyzer to compare it with the sus server... which is nothing spectacular....
IMO- a half assed "solution"... but I can't complain I guess.
Other than that... it is pretty nice. Does the job and it doesn't cost extra.
I'm really hoping that they do WUS better... (they are changing from SUS to WUS)...
Phish:
Fair comments....
But I run multiple SUS servers so it never occurred to me that it might be a problem.
But then I want my boxes to apply the patches anyway.... I'd rather be downed by a messed up patch that I can uninstall than being cracked and having to reimage the drive and start again.... It's a toss-up really.... I prefer uninstalling the patch.... but it hasn't happened.... yet...
I dread think what "Whuss" is from M$.... :eek:
In some cases, you have no choice to uninstall the patch. You have to reimage anyway.
I gave a coworker sp2, and the patches since sp2, along with the latest office xp sp and recent patches...
She called in early the next morning in a panic. She applied sp2 and all the patches, and etc.
Upon one of the reboots...
lsass.exe object not found.....
Not good... Tried the recovery but it seems that the registry was hosed and it wouldn't do any good... she didn't have system restore turned on and no backups. since it was her home machine... there was also no image...
I took another HD out, installed the OS, along with the service packs, patches, etc. then mounted her other drive as slave so she could get her data back....
Hopefully I won't be doing that at work... one box is ok every now and again... but I simply don't have the resources to deal with hundreds....
Seems I always run into these things with coworkers that *should* know better....
People _should_ always know better......
And this is why we have jobs..... This is a good thing.... ;)
WhatUhScrewup
hi, do you use Yast to patch your standalone machine or are you patching networked workstations?Quote: