Educause Security Discussion mailing list archives

Re: Desktop patch management?

From: "Brian K. Dore'" <bkd () LOUISIANA EDU>
Date: Fri, 12 Sep 2003 17:44:20 -0500

Eoghan said:

I would like to learn more about the specifics of how you have been getting

users to reconfigure their systems.

For computers that aren't managed through Group Policy the easiest way is to
create a .reg file with the appropriate settings and stick it on a web site
for administrators/users to click on.  (I do use a domain/group policy for
the machines I manage.)

Would you be willing to share the script that you use?


The .reg file our support people use is at:
http://update.louisiana.edu/install/wu.reg 
Please make sure to change the settings as appropriate to you before using
it; in particular pointing clients to your own SUS server, not ours. :^)

Also, have you had any difficulties meeting the different needs of

different groups?

We do change the update time to different times for people who prefer not to
leave their machine on or don't want the patches to self install right after
they start up their machine.  We've actually had people complain about their
computer rebooting automatically to install the patch at 3:00am while they
were trying to work, but most of the users don't even know it happens.

For instance, system administrators who will blame you for deploying a

patch that disables something on their server?

Currently we don't have any servers using automatic SUS updates.  We still
do them manually.  No official policy, just how we do it.

Do you require users to click on an informed consent page before

reconfiguring their systems?

At this point in our deployment all systems are university owned so this
hasn't been a problem.

Have you considered requiring all Windows systems on your network to be

configured to obtain patches in this manner?

If so, how?


No, we don't require this.  Windows systems administration here is currently
very decentralized and different departments have their own way of managing
things.  

Brian Doré
Office of Information Systems
University of Louisiana at Lafayette  

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Desktop patch management? Craig W. Drake (Sep 12)
- <Possible follow-ups>
- Desktop patch management? Craig W. Drake (Sep 12)
- Re: Desktop patch management? Omar Herrera (Sep 12)
- Re: Desktop patch management? Eoghan Casey (Sep 12)
- Re: Desktop patch management? Ariel Silverstone (Sep 12)
- Re: Desktop patch management? LaSandra DeLeon (Sep 12)
- Re: Desktop patch management? Ariel Silverstone (Sep 12)
- Re: Desktop patch management? Brian K. Dore' (Sep 12)
- Re: Desktop patch management? Eoghan Casey (Sep 12)
- Re: Desktop patch management? Clyde Hoadley (Sep 12)
- Re: Desktop patch management? Brian K. Dore' (Sep 12)
- Re: Desktop patch management? Dan Roberts (Sep 12)
- Re: Desktop patch management? Melissa Guenther (Sep 13)
- Re: Desktop patch management? Craig W. Drake (Sep 16)
- Desktop patch management? Smith, Barry (Sep 30)
- Re: Desktop patch management? Craig W. Drake (Sep 30)
- Re: Desktop patch management? Christian Grewell (Sep 30)
- Re: Desktop patch management? Marty Hoag (Sep 30)