Re: Desktop patch management?

[Eoghan Casey <eco () CORPUS-DELICTI COM>]

Brian,

Good point. Although you can reconfigure systems that are not in the domain to obtain updates from a local SUS server, you cannot automatically require them to do so. Somehow you need to reconfigure each system because you cannot apply a group policy to them. 

I would like to learn more about the specifics of how you have been getting users to reconfigure their systems. Would you be willing to share the script that you use? 

Also, have you had any difficulties meeting the different needs of different groups? For instance, system administrators who will blame you for deploying a patch that disables something on their server? Do you require users to click on an informed consent page before reconfiguring their systems?

Have you considered requiring all Windows systems on your network to be configured to obtain patches in this manner? If so, how?

Thank you for the clarification,

Eoghan Casey
203-645-2774

On Friday, September 12, 2003, at 02:37  PM, Brian K. Dore' wrote:

> Eoghan said:
>
>  
>
> >Automatic delivery of patches using a local SUS server requires systems to be in a domain.
>
> I have to point out that this is not correct.  An SUS server provides the update catalog and patches via anonymous HTTP connections.   The windows update client is configured to use an SUS server by setting registry entries. (can be a simple .reg file, a script, etc.)  We have a large number of non-domain based clients updating from our servers.
>
>  
>
> Brian Doré
>
> Office of Information Systems
>
> UniversityofLouisianaatLafayette 
>
>