Security Basics mailing list archives
RE: Patch Management
From: "Nick Duda" <nduda () VistaPrint com>
Date: Fri, 20 Apr 2007 15:18:02 -0400
Devin, Reading a couple words into your first paragraph and already I said to myself, 3.0 handles that now. WSUS 3.0 has a "server cleanup" feature built into it that does numerous tasks, such as, unused updates and update revisions, computers not contacting the server, uneeded update files, expired updates and superseded updates. It tells you at the completion of the cleanup on what exactly was cleaned up. - Nick -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Devin Rambo Sent: Friday, April 20, 2007 2:48 PM To: 'Sec Melis'; security-basics () securityfocus com Subject: RE: Patch Management Arif, I'm not sure how WSUS v3.0 handles the bloat of declined/expired patches, but in v2.0, you have to manually clear them. If you're on v2.0, here's what you want to do: 1. Download the WSUS server debug tool from http://www.microsoft.com/windowsserversystem/updateservices/downloads/de faul t.mspx. The link is to "Server Diagnostic Tool" just to confuse everyone, but that's the tool you want. 2. Extract the tool to someplace on the hard drive of your WSUS server. 3. Open up a command prompt, navigate to the directory where the tool lives, and type the following command: WsusDebugTool.exe /Tool:PurgeUnnneededFiles The tool is misnamed a bit. It actually purges ALL the files from the patch repository. It will then proceed to re-download anything that you have marked as approved for install. I'm running WSUS on a virtual server with semi-limited storage space, so I actually run this command over the weekend immediately following Patch Tuesday just to keep my server nice and tidy. I strongly recommend running this so the downloads happen during off-peak hours, for obvious reasons. HTH. Devin -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Sec Melis Sent: Friday, April 20, 2007 12:13 AM To: security-basics () securityfocus com Subject: Re: Patch Management Have you guys check your disk space used by WSUS? Surprisingly, my WSUS eats more than 26 GB space for last 2 years! Imagine, how many bandwidth resources was consumed during that time if it's distributed across, let's say 30 WSUS relays and 8000 clients for one medium company ...... Duh dear uncle Bill ...... Arif Jatmoko --------------------- Confidentiality note The information in this email and any attachment may contain confidential and proprietary information of VistaPrint and/or its affiliates and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you are hereby notified that any review, reliance or distribution by others or forwarding without express permission is strictly prohibited and may cause liability. In case you have received this message due to an error in transmission, please notify the sender immediately and delete this email and any attachment from your system. ---------------------
Current thread:
- RE: Patch Management, (continued)
- RE: Patch Management Chinnery, Paul (Apr 19)
- Re: Patch Management krymson (Apr 19)
- RE: Patch Management Nick Duda (Apr 19)
- RE: Patch Management Bill Higgins (Apr 19)
- RE: Patch Management Petter Bruland (Apr 20)
- RE: Patch Management Warren, John (Apr 20)
- RE: Patch Management Petter Bruland (Apr 20)
- Re: Patch Management visitnikhil (Apr 19)
- Re: Patch Management Sec Melis (Apr 19)
- Message not available
- Patch Management kevin fielder (Apr 20)
- RE: Patch Management Devin Rambo (Apr 20)
- RE: Patch Management Nick Duda (Apr 20)
- Re: Patch Management SecMelis (Apr 23)
- Re: Patch Management modversion (Apr 25)
- Re: Patch Management Sec Melis (Apr 19)