Educause Security Discussion mailing list archives
Re: Automated Patching and Updates?
From: "Howell, Paul" <grue () UMICH EDU>
Date: Thu, 25 Sep 2003 08:41:47 -0400
Hi, Are all of your workstations in the same domain as the SUS server? Have you tried to update workstations in a different domain? Thanks, < paul
-----Original Message----- From: Ron Parker [mailto:rparker () BRAZOSPORT EDU] Sent: Thursday, September 25, 2003 8:36 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Automated Patching and Updates? In answer to your questions below: 1) We're using Microsoft's Software Update Service (SUS) to push patches out to our XP desktops from our own update server. This is just a glorified version of the Windows update service built into XP but it lets us have some control over what gets pushed and when. We use a group policy to force the patch installation and a reboot if necessary. Unfortunately, a large part of our campus is still on Windows 98 so this doesn't help us as much it could. We are accelerating our push to convert completely to XP. This also doesn't work in our labs where we use Deep Freeze to revert the machines back to their initial state when they reboot. 2) We aren't really looking at anything else at the moment. 3) The above solution works for XP and Windows 2000 but not Windows 98. -- Ron Parker, Director of Information Technology, Brazosport College Voice: (979) 230-3480 FAX: (979) 230-3111 http://www.brazosport.edu On Thu, 25 Sep 2003, Sadler, Connie wrote:Given all of the recent worm activity, etc., it seemstimely to gathersome information from you folks regarding what you arealready doing -or planning to do - in terms of pushing updates and patchesout to youruser communities in a way that is not too "intrusive". Weall work indiverse environments where many of our users are also sensitive to having someone else "touch" their machines. Yet it seems alosing battleto continue to manually update workstations in some areaswhen they arebeing automatically attacked in very sophisticated ways. Can you folks please share with us: 1) What you are already doing now - in terms of pushing orautomatingpatching or updates? 2) What you are evaluating or looking at for doing thiskind of thing -and in what areas of your environment? 3) What technologies you are familiar with and what platforms the solutions support? Thanks much! I am willing to summarize the input I receive if I get enough good feedback... Connie J. Sadler, CM, CISSP, CISM Director, IT Security, Brown University Box 1885, Providence, RI 02912 Connie_Sadler () Brown edu PGP Fingerprint: 452A C178 1450 9CE1 3AC1 CC12 956F 2C55 DB94 A9C7 Office: 401-863-7266 ********** Participation and subscription information for thisEDUCAUSE Discussion Group discussion list can be found at
http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Automated Patching and Updates? Sadler, Connie (Sep 25)
- <Possible follow-ups>
- Re: Automated Patching and Updates? Ron Parker (Sep 25)
- Re: Automated Patching and Updates? Howell, Paul (Sep 25)
- Re: Automated Patching and Updates? Craig W. Drake (Sep 25)
- Re: Automated Patching and Updates? Ron Parker (Sep 25)
- Re: Automated Patching and Updates? Tavakoli, Rooz (Sep 25)
- Re: Automated Patching and Updates? Bradford B. Saul (Sep 25)
- Re: Automated Patching and Updates? Wehner, Paul (wehnerpl) (Sep 25)
- Re: Automated Patching and Updates? Bradford B. Saul (Sep 25)
- Re: Automated Patching and Updates? Craig W. Drake (Sep 25)
- Re: Automated Patching and Updates? Christian Grewell (Sep 25)
- Re: Automated Patching and Updates? Beechey, Jim (Sep 25)
- Re: Automated Patching and Updates? Joanne Murray (Sep 25)
(Thread continues...)