Sure there is, but how do you get 1000 employees to install it?
Some of our locations are many states away, I'm not flying to NY just to patch 5 machines.
There is no way for you to just download the patch to a ftp server on your lan or anything like that?
Then just systematicly go to all of them and install the package
I'm not flying to NY just to patch 5 machines.
Maybe you could check out a show while you're there
Originally posted by: Nothinman
There is no way for you to just download the patch to a ftp server on your lan or anything like that?
Sure there is, but how do you get 1000 employees to install it?
Then just systematicly go to all of them and install the package
Some of our locations are many states away, I'm not flying to NY just to patch 5 machines.
So what? do you realy have nobody at all that is at least somewhat responsible for keeping those computers running? Can't you just e-mail Bob the secratery and give him a link to the microsoft update website?
Doesn't MS provide terminal services so you can do that remotely?
I got shipped to Princeton last year because my boss didn't want to even check out why a server was down; they had had a power surge and it turned out all I needed to do was run chkdsk...ain't that a b!tch?
Depends on if you like to travel or not, I guess =)
Originally posted by: Nothinman
This patch was out for a month and yet still banks and government agencies were still affected. This indicates the places were we would assume the highest amount of security measures would be used realy failed to even follow fundamental aspects of computer security. So they would be screwed irregardless which OS they use.
Consider how difficult it is to keep all the companie's workstations up to date. You can't let them just use WU because for a company of any size that would kill your Internet connection periodically as 500+ machines try to download patches from WU. You can probably use AD GPOs to push updates, but most places are still in the beginning to middle of their AD migration if one is happening at all. And I believe MS SUS requires AD and only works on servers currently, which makes it borderline useless. With a host of Linux boxes it would be simple to write a script to scp an RPM over and install it remotely.
Thats why you should use, Software Update Service. With that only one computer needs to contact windowsupdate and then it spreads to all workstations.
Originally posted by: Nothinman
Thats why you should use, Software Update Service. With that only one computer needs to contact windowsupdate and then it spreads to all workstations.
I know about SUS, but I shouldn't need another server for something that should be easily scriptable. Anyway I'm not directly involved with that decision, but I know SUS is one of the things being looked at.
Originally posted by: Nothinman
http://arstechnica.infopop.net/OpenTopic/page?a=tpc&s=50009562&f=12009443&m=8050987085
Now I'm glad I don't use SUS =)