Educause Security Discussion mailing list archives
Re: [EXTERNAL] Re: [SECURITY] Remote domain joined computer updates
From: John Virden <john.virden () MIAMIOH EDU>
Date: Thu, 27 Aug 2020 17:09:54 -0400
Hello Blake. From our Windows Team: "Because we use Microsoft Endpoint Configuration Manager aka MECM (it used to be named System Center Configuration Manager aka SCCM) we deploy and manage Windows updates through it. With this, we deployed a Cloud Management Gateway to manage internet based clients. If they are using MECM this can be a cost effective way to do it possibly. Our Azure bill runs around $120 per month for this, and this setup allows you to enforce patching as you would with on campus clients, and you can direct these clients to download the updates directly from Microsoft." Happy to put you in touch with our team if interested. Thank you, John On Thu, Aug 27, 2020 at 4:17 PM Hart, Michael <mhart20 () msudenver edu> wrote:
MSUDenver used IBCM to make sure that devices don’t have to be on campus or connected to VPN to get updates. *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Blake Brown *Sent:* Thursday, August 27, 2020 1:41 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [EXTERNAL] Re: [SECURITY] Remote domain joined computer updates NOTICE: This email originated from outside the University. Please exercise caution when replying or opening links and attachments. Excellent tip... thanks! ------------------------------ *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Seymour, Patrick < 000000ddbd4dcc33-dmarc-request () LISTSERV EDUCAUSE EDU> *Sent:* Thursday, August 27, 2020 12:37 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU> *Subject:* Re: [SECURITY] Remote domain joined computer updates *External Email* A quick and cheap option, one that requires them to visit campus one more time, is to create a configuration item in MECM/SCCM. You can test the connection to the WSUS server, and if that fails, remove the WSUS registry entries. When the client comes back to campus, GPO will put the entries back. And then of course, they go home, the CI sees that the WSUS server is unreachable, and removes the entries again. Here’s a gist containing our detection and remediation scripts for this CI. https://gist.github.com/pseymour/150efeaec12a032c158579057a44c994 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgist.github.com%2Fpseymour%2F150efeaec12a032c158579057a44c994&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7Ca50b7844021f427aeee408d84ac13257%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637341540920154997&sdata=V5bj6RPfobYBDNjXd3808xEXAgU5ubxVfZQnsE3Q%2FJw%3D&reserved=0> --ps *Patrick S. Seymour* *|* Manager, Application Delivery Sinclair Community College *|* 444 West Third Street *|* Room 13-023Q (sometimes) *|* Dayton, OH 45402 937.512.2118 *|* patrick.seymour () sinclair edu *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Blake Brown *Sent:* Thursday, August 27, 2020 14:05 *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Remote domain joined computer updates Good afternoon, We have run into an issue with staff who are using domain joined Windows computers at home due to COVID who cannot get Windows/AV updates due to GPO's, these users are not VPN users. One option is to ask them to return periodically to the campus for updates but I think we all know how that will play out. We would like to minimize our VPN/DUO licensing cost if possible, so we are looking for alternatives to meet this need. How is your college handling this? Thanks, Blake Brown Infrastructure Manager ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7Ca50b7844021f427aeee408d84ac13257%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637341540920154997&sdata=jxKawVMdzFib7aCN%2F062rH%2FgPEKbJBckA33kSilTIqY%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7Ca50b7844021f427aeee408d84ac13257%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637341540920164992&sdata=8HifjDyaEUtRVp8Lf9rr2aLxX%2BtHt2I6ybtRWSxBylY%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7Ca50b7844021f427aeee408d84ac13257%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637341540920164992&sdata=8HifjDyaEUtRVp8Lf9rr2aLxX%2BtHt2I6ybtRWSxBylY%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
-- John Virden Assistant Vice President for Security, Compliance and Risk Management and CISO Miami University 325 Hoyt Hall Oxford, OH 45056 john.virden () miamioh edu O: 513-529-9252 | MiamiOH.edu ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Remote domain joined computer updates Blake Brown (Aug 27)
- Re: Remote domain joined computer updates Seymour, Patrick (Aug 27)
- Re: Remote domain joined computer updates Blake Brown (Aug 27)
- Re: [EXTERNAL] Re: [SECURITY] Remote domain joined computer updates Hart, Michael (Aug 27)
- Re: [EXTERNAL] Re: [SECURITY] Remote domain joined computer updates John Virden (Aug 27)
- Re: Remote domain joined computer updates Blake Brown (Aug 27)
- Re: Remote domain joined computer updates Seymour, Patrick (Aug 27)
- <Possible follow-ups>
- Re: Remote domain joined computer updates Eric Schewe (Aug 27)
- Re: Remote domain joined computer updates Blake Brown (Aug 27)