Security Basics mailing list archives

Re: Windows SUS

From: Dave Schaefer <dpschaef () oaklandcc edu>
Date: 8 May 2004 03:11:44 -0000

In-Reply-To: <20040430211855.35154.qmail () web12823 mail yahoo com>

Is there any chance I can get a copy of this code?  I work for an educational instatution that doesn't want their 
computers rebooting while students are working on them.  Please let me know.  Thanks.

-Dave

In-Reply-To: <A02305CA08B0D143A752591768A7858A1B6554@prserver.prproducts.local>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii


Once SUS is properly configured (and approval has been
granted to various necessary patches), the GPO is the
only thing that must be configured to point the
workstations to the proper local SUS server.

The only factor we had to worry about in my
organization is the reboot issue:

1) If certain patches required rebooting, users get 5
minutes before it automatically reboots their
computers.  This would be okay if users weren't in any
critical applications and happened to walk away from
their computers during the reboot process

2) If a user never reboots his/her computer (e.g.,
just leaves it logged on and "locked" overnight), the
machine never refreshes and hence, is not deemed
prepared for the next set of updates that come down
from the SUS server

We alleviated this problem by configuring SUS so
workstations do not automatically reboot after patches
are applied, using the SHUTDOWN.EXE command from the
Windows Server Resource Kit, and writing a batch file
that automatically reboots any computer that happened
to be left in "locked" mode overnight.  This seems to
keep users from becoming agitated from any
disruptions...

- Lee


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

RE: Windows SUS, (continued)
- RE: Windows SUS Philip Wagenaar (May 03)
- RE: Windows SUS Lee Seidman (May 03)
- RE: Windows SUS Raoul Armfield (May 03)
- RE: Windows SUS Alvin Packard (May 03)
- RE: Windows SUS Hagen, Eric (May 04)
  - RE: Windows SUS Derek Schaible (May 04)
  - RE: Windows SUS hartmann (May 06)
    - Re: Windows SUS Ansgar -59cobalt- Wiechers (May 10)
- Windows SUS Sistemas Aurensis-Sys Sec (May 07)
- RE: Windows SUS Sullivan, Glenn (May 07)
- Re: Windows SUS Dave Schaefer (May 07)
  - Policy tools n30 (May 10)
    - Re: Policy tools Brad Arlt (May 10)
- Windows SUS Guillome Main (May 07)
  - Re: Windows SUS Paul Kurczaba (May 10)
  - RE: Windows SUS Philip Wagenaar (May 10)
- Re: Windows SUS Lee Seidman (May 10)
  - RE: Windows SUS Raoul Armfield (May 10)
- RE: Windows SUS Lee Seidman (May 10)
  - Windows 2kserver with XP clients - Policies Ivan Carlos (May 12)
    - RE: Windows 2kserver with XP clients - Policies Philip Wagenaar (May 13)

(Thread continues...)