Educause Security Discussion mailing list archives
Re: Options for Delaying Restart after Patching
From: John Ramsey <jramsey () STUDENTCLEARINGHOUSE ORG>
Date: Fri, 15 Jun 2018 16:53:16 +0000
In essence, we use a GPO that enables automatic updates for any of our PC asset classes. (Note: these are security updates and not OS version upgrades). The GPO then is configured to restart on Saturday nights (if the device wasn't restarted prior to that.) Within 6 months, our top 50 most exploitable devices went from 86% as PCs down to less than 28% of these devices being PCs. John Ramsey, Chief Information Security Officer, National Student Clearinghouse Certified: CISSP, CISM, PMP, CSSLP, CRISC, CGEIT 2300 Dulles Station Blvd., Suite 220, Herndon, VA 20171 P: 703.742.4428 | http://www.studentclearinghouse.org Read the Clearinghouse Today Blog Winner "2016 When Work Works" & "Excellence in Work-Life Balance" -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Hahues, Sven Sent: Friday, June 15, 2018 11:57 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Options for Delaying Restart after Patching Hi everyone, I wanted to find out if some of you could share what some of the approaches you have taken when handling the post-patching required restart of the client computers in your environment. We would like to have the flexibility for the staff to opt out/postpone the otherwise mandatory restart for 12-24 hours or so however, have countdown timer on the desktop to indicate the restart is still required (and can be accomplished at any time) or it will be done without any user intervention when the countdown expires. We have been experimenting with a tool that has been unsupported for the last 5 years or so with mixed results and inconsistencies reported by the test group. There are paid 3rd party tools/services available but we would prefer to do this in-house at minimal expense. We are aware of current tools/methods in which the User is repeatedly prompted but we would prefer the constantly visible countdown timer. Could you guys share some of your approaches? Thanks in advance and have a great weekend, Sven Sven Hahues Florida Gulf Coast University Director, ITS Helpdesk, Network Services & Security Tel: (239) 590 1337 E-Mail: shahues () fgcu edu ======================================================= This message has been analyzed by Deep Discovery Email Inspector.
Current thread:
- Options for Delaying Restart after Patching Hahues, Sven (Jun 15)
- Re: Options for Delaying Restart after Patching John Ramsey (Jun 15)