Educause Security Discussion mailing list archives
Re: Experiences with automaticWindows Updates
From: "Hahn, Jacob" <jhahn () MONTANA EDU>
Date: Fri, 11 Jun 2004 08:18:48 -0600
We have deployed a solution that uses a Software Update Services (SUS) to help in the approval of patches before releasing them to our computing environment. This SUS server is then tied to a group policy that has all the clients polling the server nightly for update. The testing of patches on our core university applications, prior to release to the campus, helps reassure management that the patches are safe for our environment. "Sometimes it will work fine, but often it will fail to download the updates, or download them but not install them" This may be related to BITSadmin (Background Intelligent Transfer Service), the mechanism for allowing trickle downloads instead of all at once. This is true when you use a SUS server, but you may wish to check and see if BITSadmin is running as a service. Stopping it may improve your chances of getting updates daily. As an aside, BITSadmin can defer your updating process to the next day if it fails multiple times, for example the server or the network may be busy. Jacob Hahn Montana State University Bozeman, MT Information Technology Center Windows Systems Admin -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jeff Giacobbe Sent: Friday, June 11, 2004 7:53 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Experiences with automaticWindows Updates Greetings, Our campus is in the final stages of developing a standard Windows XP image to be deployed on all University owned PC desktops and laptops. Our standard image is based on XP Pro, Service Pack 1 with all of the latest patches. So far the only real functional problem we have run into is inconsistent results when trying to automate Windows Update to run once a day. Sometimes it will work fine, but often it will fail to download the updates, or download them but not install them. Initially we attempted to run Windows Update as a scheduled task, but found it would only work if an Admin was logged in (the vast majority of our users will be logging into their machines as PowerUser with added group rights of Backup Operator and Network Config Operator.) Currently, we have configured the Windows Updates as a System Properties task that is running the "AUTOMATIC WINDOWS UPDATE CLIENT" (ie, wuauclt.exe) which runs once per day at noon and (usually, but not always) downloads and installs updates regardless of who is logged on. Has anyone else had problems getting automated Windows Updates to work reliably? Any tips for configuring this beast to work as advertised? ;-) We done a little bit of trolling on Google and found a number of people reported bad experiences with the whole process, but others that have it working fine. Thanks in advance, Jeff Giacobbe Director of Systems, Security, and Networking Montclair State University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Experiences with automaticWindows Updates Jeff Giacobbe (Jun 11)
- <Possible follow-ups>
- Re: Experiences with automaticWindows Updates Hahn, Jacob (Jun 11)
- Re: Experiences with automaticWindows Updates Barros, Jacob (Jun 11)
- Re: Experiences with automaticWindows Updates Michael_Maloney (Jun 11)