Educause Security Discussion mailing list archives
Re: Auto-update versus "going green"
From: "Koerber, Jeff" <jkoerber () TOWSON EDU>
Date: Thu, 14 Oct 2010 13:44:38 -0400
I set the BIOS on all of my computers to power up at a certain time when updates are scheduled to run. One hour later, I have Ghost Console run a script that deletes profiles, defrags and shuts down the computers. Students turn on the computers as they use them. During summer only a fraction of my computers are turned on at any time. I also use Ghost Console to run a task five minutes before closing that gives a 5 minute countdown and shuts down the computers. If you do this, I would have a shortcut under Program Files where your staff can runas and abort the shutdown. I would also have a Ghost Console task that you can run on demand to abort (shutdown -a) the shutdown in case you forget to change the schedule :) You could use the Windows Scheduler instead of Ghost Console, but that makes it more difficult to change the schedule. Jeff Koerber Supervisor, Student Computing Services Lab and Service Desk Office of Technology Services Towson University -----Shutdown Script----- shutdown -s -f -t 300 -c "The lab is closing and this computer will shut down when the timer reaches zero. You can move this box out of the way and save your work now." -----End of File----- -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SCHALIP, MICHAEL Sent: Friday, October 08, 2010 11:45 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Auto-update versus "going green" ....And, you can script the DeepFreeze thaw/freeze within the same job.....we are working on doing this exact thing with Altiris/DeepFreeze. You'll have to work with your networking folks - they like to block WoL, so you can minimize their concerns by only allowing WoL from your patching servers. That way - no other systems on the network can issue WoL calls.... M -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks Sent: Friday, October 08, 2010 9:42 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Auto-update versus "going green" On Fri, 08 Oct 2010 11:17:55 EDT, Jeff Kell said:
We are running into issues with our NAC policy enforcement with machines that are set for some power-save / power-off profiles and consequently not auto-updating themselves. When they are turned on for use, they are missing patches and out-of-compliance, and can run into remediation/quarantine.
This sounds like a job for 'wake-on-LAN' if your BIOS and network card support it. Poke each machine at oh-dark-thirty, have it wake up, look for updates, and go back to sleep. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Current thread:
- Auto-update versus "going green" Jeff Kell (Oct 08)
- Re: Auto-update versus "going green" Valdis Kletnieks (Oct 08)
- Re: Auto-update versus "going green" SCHALIP, MICHAEL (Oct 08)
- Re: Auto-update versus "going green" Koerber, Jeff (Oct 14)
- Re: Auto-update versus "going green" Parker, Ron (Oct 08)
- Re: Auto-update versus "going green" Alan Amesbury (Oct 14)
- Re: Auto-update versus "going green" Todd Clementz (Oct 14)
- Re: Auto-update versus "going green" SCHALIP, MICHAEL (Oct 08)
- Re: Auto-update versus "going green" Jeff Kell (Oct 08)
- Re: Auto-update versus "going green" SCHALIP, MICHAEL (Oct 08)
- Re: Auto-update versus "going green" Valdis Kletnieks (Oct 08)