January 6th, 2004, 04:30 PM
Junior Member
Microsoft updates
Not sure if this is the correct place to post this but here it goes. I'm looking for other peoples expierences with Microsoft critical updates and how you handle this in a corporate enviornment.
I guess there are a couple ways to handle it.
1. Set the machine to automatically update
2. Manually go out and update the systems
3. Have the end user do there own updates. Yeah right....
4. SUS server.
I don't like the first option because it grabs everything Micro$oft has to offer and I only want the critical security and driver updates.
Manually obviously takes allot of time to do and I have better things to do with my life than to go and update a faulty OS.
I can't rely on the end users to do it or even know how to do it.
So It comes down to SUS. I've installed it on a server but haven't had any luck with getting clients to connect to. Has anyone else out there had any luck with SUS or have any other ideas on how to handle the critical updates.
Thanks in advance..
If at first you don\'t succeed, f**k it try something else.
January 6th, 2004, 04:35 PM
If you have similar hardware on all your client machines, another very good option is to run them all off a common image. Then you need only to update that one image which can then be transferred to your client machines via a ghostcast or similar server.
A little too involved if it's not already set up, I know. But I thought I'd suggest it just in case it's possible for you.
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError community!
January 6th, 2004, 04:39 PM
I have a SUS server.. My server dite the dust recently (Gonna re-install today) but it still a very usefull.
I recommend my tutorial about the SUS server who will answer you a few question hot to set up.. http://www.antionline.com/showthread...=office+update
You can also check http://www.susserver.com/ for more informations.
January 6th, 2004, 04:41 PM
We treat workstations differently than our servers. The workstations are either automatically updated via the update service, or they belong to a domain and the updates (and virus updates) are pushed out via SMS. This does occasionally cause problems, but not near the problem of trying to manually update the systems or not update them (and watch the havoc a simple worm can create).
As far as the servers go, we test every patch before deploying it. It delays the installation of the patches a couple of days, but allows us to setup a nice maintenance window with plenty of prior notification to our customers of down time (and has the nice effect of rarely encountering problems from patches, since it was tested before hand). It is an expensive process (maintaining a test environment and testing multiple servers), but a viable one so long as the number of servers per administrator is relatively low. If the number of servers got to too many, they would probably fall back under SMS control.
EDIT: BTW, we do have a SUS server, just never got it working quite right, at least not for the servers (firewall issues), probably doesn't help our NT admins aren't the sharpest tools in the shed...oh well.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
January 6th, 2004, 04:46 PM
Junior Member
Yep we try to standarize on our hardware but we still have to maintain a number of different ghost images because of the different enviornments we have. We are a software dev shop so i've got to deal with QA, dev and support which require different images and in all cases the developers get the newest fastest systems. Than prior to imaging we have to backup anything they have locally then re-image the machine and go thru the configuration of the fresh image. We've tried it for a bit but found it to be more of a hassel just to get a few updates on it. Microsoft Grrrrr.....
If at first you don\'t succeed, f**k it try something else.
January 6th, 2004, 04:56 PM
Symtec: Is there any specific symptom for the clients not connecting? I set up three SUS servers, (one at either end of the WAN and one in the middle), about a month ago and everything went just swimmingly).
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
January 6th, 2004, 04:57 PM
Not sure if this is the correct place to post this but here it goes. I'm looking for other peoples expierences with Microsoft critical updates and how you handle this in a corporate enviornment.
Like Striek said run an image software, a good program for this is nortons ghost, 79.99 (believe thats the name) works excellent we use this at work. As far "experience with microsoft updates" On january 5, 2004 I just installed Windows XP Professional on my computer promblem is I had to install 15 different critical patches & services packs, 17 windows XP patches for the OS, then installed 2 drivers, after spending 5 hours of doing all of this on a ADSL connection, next I downloaded the program "Microsoft Baseline Security Analyzer" I highly recommend this software you can download it here @ http://www.microsoft.com/technet/tre...s/mbsahome.asp
Hope this helps ComputerNerd22
January 6th, 2004, 09:18 PM
From a personnel point of view it is not a very good policy to allow automatic updates for workstations as it may have unexpected results. This is especially true in an enviroment where there is a lot of internal software developpement or exotique applications (finacial software, workflow software,etc).
I would sugest a dual system for updating your enviroment. Firstly as already mentioned above a system based on predefined images. of the type greated by norton ghost, power quests drive image etc. To be properly cost effective use the option multicast. The main inconvienance with this system is your image is static. It is up to date when it is generated but it does not evolve with time. Also microsoft does not officially support windows installed completely using this system as certain problems may arise from having identical SIDs on the network.
This brings us back to the original question what about the new security updates? If all you need to deploy are the microsoft security updates then one solution would be to use the login scripts of your users. That is when the user logs on the script verifies the existance of a control file. If the file does not exist another bat file is launched which installes your security patch. As long as the number updates is not too great the extra time to log should not be too noticable. It should be note that especially under NT the workstation may need to reboot to fully apply the patch. An other senstive area would be laptop users when they connect to the network from remote locations.
I have not gone into much detail but I hope that some of this helps.
January 6th, 2004, 09:47 PM
Junior Member
Thanks for your responses everyone it is much appreciated.. I'm going to pursue the SUS a bit more to see if I can get it to work and also test out ghosting images and push out updates via Zenworks.
If at first you don\'t succeed, f**k it try something else.
January 6th, 2004, 10:32 PM
Junior Member
you really wont be able to get around automatic installing once and a while but i would sudjest to manually go through ever one even thoguh it takes time and pick out the ones that are the most important becaseu microsolf offers alot of updates and some are probally not for your OS like if you have windowsXP and its for ME or 98 then thats installing something you dont even need. hope you dicide wat to do!!!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
Forum Rules