Re: AW: SUS Help

[Jane Han <janehan22 () yahoo com>]

Hi, all

If you set to automatic download and install at 3:00AM
option through group policy, what happen to
workstations that are shut down at 3:00AM?  In my
company, most people shut down their workstations. 
How will these workstations get all updated patches
from SUS server?

Thanks,


Jane


> -----Original Message-----
> From: Tim Warren
> [mailto:tim.warren () computerjobs com] 
> Sent: Friday, September 12, 2003 8:18 AM
> To: 'Markus Rossi';
> security-basics () securityfocus com
> Subject: RE: AW: SUS Help
>
> The Sus App works extremely well, we have been using
> it with no I'll effects
> for almost a year.  It was really meant for large
> workstation installs and
> we also use it for our testing servers, but not the
> web farm.  SUS has a
> patch approval process by which the patch is
> downloaded and waits for your
> approval.  SUS by no means mitigates your
> responsibility to stay on top of
> patches and test them, it only helps roll them out. 
> It also comes with a
> multi-tier testing and approval design you can
> implement if you so choose.
> It's very flexible, has caused no errors and is free
> unlike RedHats version,
> for which I subscribe because they have to earn
> revenue anyway they can and
> I don't want them going out of business or being
> bought by IBM.  But, don't
> use it or any other patching program on a production
> server, not that it
> won't work, unless you're a gambler.
>
> Tim W
>
> -----Original Message-----
> From: Markus Rossi
> [mailto:securityfocus () familyrossi com] 
> Sent: Thursday, September 11, 2003 3:44 PM
> To: security-basics () securityfocus com
> Subject: Re: AW: SUS Help
>
>
> Chris,
>
> AFAIK HFNetChk should work with NT4 domains as well
> as AD. I've yet to 
> deploy it but it looks extremely promising. See
> www.shavlik.com
>
> Markus
>
> Meidinger Chris wrote:
>
> > Hi guys,
> >
> > i'm dealing with exactly the same problem, and i
> can promise you there 
> > is
> > *no* affordable option to automagically patch NT
> boxes without scripting it
> > yourself. Which is what i will spend the next week
> doing.....
> > Cheers,
> >
> > Chris
> >
> > -----Ursprüngliche Nachricht-----
> > Von: Roger A. Grimes [mailto:rogerg () cox net]
> > Gesendet: Donnerstag, 11. September 2003 03:40
> > An: Gooch, Linnie;
> security-basics () securityfocus com
> > Betreff: RE: SUS Help
> >
> >
> > It doesn't work in NT environments.  SUS must be
> installed on a W2K or 
> > Server 2003 server, and the client must run the
> Automatic Updates 
> > service (which doesn't run on NT).
> >
> > There are few options available when patching an NT
> environment.  Even 
> > Win98 has more patch mgmt options.
> >
> > Roger
>
> ***********************************************************************
> > ****
> > *Roger A. Grimes, Computer Security Consultant
> > *CPA, MCSE (NT/2000), CNE (3/4), A+
> > *email: rogerg () cox net
> > *cell: 757-615-3355
> > *Author of Malicious Mobile Code:  Virus Protection
> for Windows by O'Reilly
> > *http://www.oreilly.com/catalog/malmobcode/
> > *Author of Apress's upcoming Honeypots for Windows
>
> ***************************************************************************
> > -----Original Message-----
> > From: Gooch, Linnie [mailto:Linnie () wescom org]
> > Sent: Tuesday, September 09, 2003 8:28 PM
> > To: security-basics () securityfocus com
> > Subject: SUS Help
> >
> >
> > I've been reading everyone's input on SUS and I'm
> trying to evaluate it 
> > at my company. I want to know if anyone has
> deployed it with an NT4 
> > environment? We aren't moving to AD for another 3
> months, but with the 
> > blaster worm and other such vulnerabilities, I want
> to get it up and 
> > running right away.
> >
> > Here is what I'm looking for.
> >
> > I'm reading the documentation for SUS, and it talks
> about setting the 
> > registry on client machines, which is no problem,
> but the documentation 
> > is so unclear about what exactly I need to add to
> the registry. I was 
> > wondering if anyone knew exactly what registry keys
> needed to be added 
> > or changed so I could test it right away.
> >
> > Thanks guys. This list rocks!
> >
> >
> > Linnie Gooch, MCSE
> > Manager of Systems and Technology
> > Wescom Credit Union
> > (888) 493 7266 x 8801
>
> **********************************************************************
> > This email and any files transmitted with it are
> confidential and 
> > intended solely for the use of the individual or
> entity to whom they 
> > are addressed. If you have received this email in
> error, please delete 
> > it immediately and advise the sender. WESCOM CREDIT
> UNION (626) 
> > 535-1000
>
> **********************************************************************
> >
>
> -----------------------------------------------------------------------
> > ----
> > Captus Networks
> > Are you prepared for the next Sobig & Blaster?
> > - Instantly Stop DoS/DDoS Attacks, Worms & Port
> Scans
> > - Precisely Define and Implement Network Security
> > - Automatically Control P2P, IM and Spam Traffic
> > FIND OUT NOW -  FREE Vulnerability Assessment
> Toolkit
> > http://www.captusnetworks.com/ads/42.htm
>
> ---------------------------------------------------------------------------
> -
> >
>
> -----------------------------------------------------------------------
> > ----
> > Captus Networks 
> > Are you prepared for the next Sobig & Blaster? 
> > - Instantly Stop DoS/DDoS Attacks, Worms & Port
> Scans 
> > - Precisely Define and Implement Network Security 
> > - Automatically Control P2P, IM and Spam Traffic 
> > FIND OUT NOW -  FREE Vulnerability Assessment
> Toolkit 
> > http://www.captusnetworks.com/ads/42.htm
>
> ---------------------------------------------------------------------------
> -
> >
>
> -----------------------------------------------------------------------
> > ----
> > Captus Networks 
> > Are you prepared for the next Sobig & Blaster? 
> > - Instantly Stop DoS/DDoS Attacks, Worms & Port
> Scans 
> > - Precisely Define and Implement Network Security 
> > - Automatically Control P2P, IM and Spam Traffic 
> > FIND OUT NOW -  FREE Vulnerability Assessment
> Toolkit 
> > http://www.captusnetworks.com/ads/42.htm
>
> ---------------------------------------------------------------------------
> -
> >  
=== message truncated ===


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------