Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: AW: SUS Help

From: Jane Han <janehan22 () yahoo com>
Date: Wed, 24 Sep 2003 13:43:32 -0700 (PDT)
Hi, all

Does anybody use SUS to deploy patches to
Active/active clustered exchange servers? 

Any concern? Since I usually install patch on one node
while failovering this node's virtual server resources
to another node.

Thanks,

Jane

--- "Yoo, Gene" <Gene.Yoo () calbar ca gov> wrote:

Hey Jane,

Since the SUS doesn't control your workstation
environment, you would just get a log saying that it
didn't complete or something like that.  For
managing 2000/XP, I would recommend using GPO.  We
primarily use SUS for our server farm for logging,
etc...

Gene Yoo
System Operations Manager

-----Original Message-----
From: Jane Han [mailto:janehan22 () yahoo com] 
Sent: Wednesday, September 17, 2003 7:21 AM
To: tim.warren () computerjobs com
Cc: security-basics () securityfocus com
Subject: Re: AW: SUS Help


Hi, all

If you set to automatic download and install at
3:00AM
option through group policy, what happen to
workstations that are shut down at 3:00AM?  In my
company, most people shut down their workstations. 
How will these workstations get all updated patches
from SUS server?

Thanks,


Jane



-----Original Message-----
From: Tim Warren
[mailto:tim.warren () computerjobs com]
Sent: Friday, September 12, 2003 8:18 AM
To: 'Markus Rossi';
security-basics () securityfocus com
Subject: RE: AW: SUS Help

The Sus App works extremely well, we have been

using

it with no I'll effects
for almost a year.  It was really meant for large
workstation installs and
we also use it for our testing servers, but not

the

web farm.  SUS has a
patch approval process by which the patch is
downloaded and waits for your
approval.  SUS by no means mitigates your
responsibility to stay on top of
patches and test them, it only helps roll them

out.

It also comes with a
multi-tier testing and approval design you can
implement if you so choose.
It's very flexible, has caused no errors and is

free

unlike RedHats version,
for which I subscribe because they have to earn
revenue anyway they can and
I don't want them going out of business or being
bought by IBM.  But, don't
use it or any other patching program on a

production

server, not that it
won't work, unless you're a gambler.

Tim W

-----Original Message-----
From: Markus Rossi
[mailto:securityfocus () familyrossi com]
Sent: Thursday, September 11, 2003 3:44 PM
To: security-basics () securityfocus com
Subject: Re: AW: SUS Help


Chris,

AFAIK HFNetChk should work with NT4 domains as

well

as AD. I've yet to
deploy it but it looks extremely promising. See
www.shavlik.com

Markus

Meidinger Chris wrote:


Hi guys,

i'm dealing with exactly the same problem, and i

can promise you there

is
*no* affordable option to automagically patch NT

boxes without scripting it

yourself. Which is what i will spend the next

week

doing.....


Cheers,

Chris

-----Ursprüngliche Nachricht-----
Von: Roger A. Grimes [mailto:rogerg () cox net]
Gesendet: Donnerstag, 11. September 2003 03:40
An: Gooch, Linnie;

security-basics () securityfocus com

Betreff: RE: SUS Help


It doesn't work in NT environments.  SUS must be

installed on a W2K or

Server 2003 server, and the client must run the

Automatic Updates

service (which doesn't run on NT).

There are few options available when patching an

NT

environment.  Even

Win98 has more patch mgmt options.

Roger





***********************************************************************

****
*Roger A. Grimes, Computer Security Consultant
*CPA, MCSE (NT/2000), CNE (3/4), A+
*email: rogerg () cox net
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus

Protection

for Windows by O'Reilly

*http://www.oreilly.com/catalog/malmobcode/
*Author of Apress's upcoming Honeypots for

Windows




***********************************************************************

****



-----Original Message-----
From: Gooch, Linnie [mailto:Linnie () wescom org]
Sent: Tuesday, September 09, 2003 8:28 PM
To: security-basics () securityfocus com
Subject: SUS Help


I've been reading everyone's input on SUS and I'm

trying to evaluate it

at my company. I want to know if anyone has

deployed it with an NT4

environment? We aren't moving to AD for another 3

months, but with the

blaster worm and other such vulnerabilities, I

want

to get it up and

running right away.

Here is what I'm looking for.

I'm reading the documentation for SUS, and it

talks

about setting the

registry on client machines, which is no problem,

but the documentation

is so unclear about what exactly I need to add to

the registry. I was

wondering if anyone knew exactly what registry

keys

needed to be added

or changed so I could test it right away.

Thanks guys. This list rocks!


Linnie Gooch, MCSE
Manager of Systems and Technology
Wescom Credit Union
(888) 493 7266 x 8801







**********************************************************************

This email and any files transmitted with it are

confidential and

intended solely for the use of the individual or

entity to whom they

are addressed. If you have received this email in

error, please delete

it immediately and advise the sender. WESCOM

CREDIT


=== message truncated ===


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: