Educause Security Discussion mailing list archives

Re: Options for Delaying Restart after Patching

From: John Ramsey <jramsey () STUDENTCLEARINGHOUSE ORG>
Date: Fri, 15 Jun 2018 16:53:16 +0000

In essence, we use a GPO that enables automatic updates for any of our PC asset classes.  (Note:  these are security 
updates and not OS version upgrades).  The GPO then is configured to restart on Saturday nights (if the device wasn't 
restarted prior to that.)  Within 6 months, our top 50 most exploitable devices went from 86% as PCs down to less than 
28% of these devices being PCs. 

John Ramsey, Chief Information Security Officer, National Student Clearinghouse
Certified:  CISSP, CISM, PMP, CSSLP, CRISC, CGEIT
2300 Dulles Station Blvd., Suite 220, Herndon, VA 20171
P: 703.742.4428  |   http://www.studentclearinghouse.org
Read the Clearinghouse Today Blog

Winner "2016 When Work Works" & "Excellence in Work-Life Balance"

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Hahues, Sven
Sent: Friday, June 15, 2018 11:57 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Options for Delaying Restart after Patching

Hi everyone,

I wanted to find out if some of you could share what some of the approaches you have taken when handling the 
post-patching required restart of the client computers in your environment.  We would like to have the flexibility for 
the staff to opt out/postpone the otherwise mandatory restart for 12-24 hours or so however, have countdown timer on 
the desktop to indicate the restart is still required (and can be accomplished at any time) or it will be done without 
any user intervention when the countdown expires.  

We have been experimenting with a tool that has been unsupported for the last 5 years or so with mixed results and 
inconsistencies reported by the test group.  There are paid 3rd party tools/services available but we would prefer to 
do this in-house at minimal expense.  

We are aware of current tools/methods in which the User is repeatedly prompted but we would prefer the constantly 
visible countdown timer.  

Could you guys share some of your approaches?

Thanks in advance and have a great weekend,

Sven

Sven Hahues
Florida Gulf Coast University
Director, ITS Helpdesk, Network Services & Security
Tel: (239) 590 1337
E-Mail: shahues () fgcu edu
======================================================= 
This message has been analyzed by Deep Discovery Email Inspector.

Current thread:

Options for Delaying Restart after Patching Hahues, Sven (Jun 15)
- Re: Options for Delaying Restart after Patching John Ramsey (Jun 15)