Educause Security Discussion mailing list archives

Re: Automated Patching and Updates?

From: "Craig W. Drake" <c-drake () NEIU EDU>
Date: Thu, 25 Sep 2003 08:31:35 -0500

We are using SUS server here with NO DOMAIN.  It works well.  The only
problem is getting the initial configuration of the SUS client out to
all of the workstations.  Since we have no domain, we can't use Group
Policy for that.  What we have done is use our Novell logon scripts to
push a .reg file to all of the users which log on to our NDS directory.
Not all of our users log in, so this is not a complete solution, but it
did work for a large number of our systems. 

-Craig


Craig W. Drake
Windows NT/2000 Server Administrator
Networking and Distributed Services
Northeastern Illinois University




-----Original Message-----
From: Howell, Paul [mailto:grue () UMICH EDU] 
Sent: Thursday, September 25, 2003 7:42 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Automated Patching and Updates?


Hi,

Are all of your workstations in the same domain as the SUS server?

Have you tried to update workstations in a different domain?

Thanks,

< paul

-----Original Message-----
From: Ron Parker [mailto:rparker () BRAZOSPORT EDU]
Sent: Thursday, September 25, 2003 8:36 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Automated Patching and Updates?

In answer to your questions below:

1) We're using Microsoft's Software Update Service (SUS) to push 
patches out to our XP desktops from our own update server. This is 
just a glorified version of the Windows update service built into XP
but it lets
us have some control over what gets pushed and when. We use a
group policy
to force the patch installation and a reboot if necessary.
Unfortunately,
a large part of our campus is still on Windows 98 so this
doesn't help us
as much it could. We are accelerating our push to convert
completely to
XP. This also doesn't work in our labs where we use Deep
Freeze to revert
the machines back to their initial state when they reboot.

2) We aren't really looking at anything else at the moment.

3) The above solution works for XP and Windows 2000 but not Windows 
98.

--
Ron Parker, Director of Information Technology, Brazosport College
Voice: (979) 230-3480             FAX: (979) 230-3111
http://www.brazosport.edu

On Thu, 25 Sep 2003, Sadler, Connie wrote:

Given all of the recent worm activity, etc., it seems

timely to gather

some information from you folks regarding what you are

already doing -

or planning to do - in terms of pushing updates and patches

out to your

user communities in a way that is not too "intrusive". We

all work in

diverse environments where many of our users are also sensitive to 
having someone else "touch" their machines. Yet it seems a

losing battle

to continue to manually update workstations in some areas

when they are

being automatically attacked in very sophisticated ways.

Can you folks please share with us:

1)  What you are already doing now - in terms of pushing or

automating

patching or updates?

2)  What you are evaluating or looking at for doing this

kind of thing -

and in what areas of your environment?

3)  What technologies you are familiar with and what platforms the 
solutions support?

Thanks much! I am willing to summarize the input I receive if I get 
enough good feedback...

Connie J. Sadler, CM, CISSP, CISM
Director, IT Security, Brown University
Box 1885, Providence, RI 02912
Connie_Sadler () Brown edu
PGP Fingerprint: 452A C178 1450 9CE1 3AC1  CC12 956F 2C55 DB94 A9C7
Office: 401-863-7266

**********
Participation and subscription information for this

EDUCAUSE Discussion Group discussion list can be found at

http://www.educause.edu/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Automated Patching and Updates? Sadler, Connie (Sep 25)
- <Possible follow-ups>
- Re: Automated Patching and Updates? Ron Parker (Sep 25)
- Re: Automated Patching and Updates? Howell, Paul (Sep 25)
- Re: Automated Patching and Updates? Craig W. Drake (Sep 25)
- Re: Automated Patching and Updates? Ron Parker (Sep 25)
- Re: Automated Patching and Updates? Tavakoli, Rooz (Sep 25)
- Re: Automated Patching and Updates? Bradford B. Saul (Sep 25)
- Re: Automated Patching and Updates? Wehner, Paul (wehnerpl) (Sep 25)
- Re: Automated Patching and Updates? Bradford B. Saul (Sep 25)
- Re: Automated Patching and Updates? Craig W. Drake (Sep 25)
- Re: Automated Patching and Updates? Christian Grewell (Sep 25)
- Re: Automated Patching and Updates? Beechey, Jim (Sep 25)
- Re: Automated Patching and Updates? Joanne Murray (Sep 25)
- Re: Automated Patching and Updates? Ariel Silverstone (Sep 25)

(Thread continues...)