Re: Microsoft Strategic Technology Protection Program
From: Robert Moir (robert.moir@NTLWORLD.COM)Date: 10/03/01
- Previous message: Alan Finn: "Folders created by Mac clients override inherited NTFS permission s"
- In reply to: Ryan Russell: "Re: Microsoft Strategic Technology Protection Program"
- Next in thread: Tony Chow: "Re: Microsoft Strategic Technology Protection Program"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <000001c14c50$319c3520$0100a8c0@bartman> Date: Wed, 3 Oct 2001 22:13:04 +0100 From: Robert Moir <robert.moir@NTLWORLD.COM> Subject: Re: Microsoft Strategic Technology Protection Program To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
> How about what was discussed at the NTBugtraq 1st annual
> party, which is a way to patch the install images? You know,
> be able to apply the service pack and hotfixes to the i386
> install directory, so that when you do a new install, there
> is no opportunity to foget to apply the service pack? So
> that when i add a new service to my install, I don't have to
> re-apply the service pack or hotfixes. That's one of the big
> problems with cleaning up a large enterprise. You can do a
> massive sweep of your company making sure you've got all the
> patches installed, and the next day someone does an install
> of NT, or adds dial up networking, and now you've got a
> vulnerable box again.
The problem is that with NT 4 it is trivial enough to patch your install
with a service pack from the point of view of updating the files in the
i386 folder but there's no inbuilt mechanism for integrating changes to
registry settings and these can be just as important. You can insist on
scripted installs that include running the service pack update program
as appropriate but of course this assumes all your people doing the
installs are competent admins who can get with the program. If that were
so then no one would have heard of nimda or code red or whatever anyway
given how long the patches were out for the holes each of these exploit
Of course microsoft would suggest we upgrade to XP on the desktop and
W2K server, for now, in the server room, both of which support exactly
this sort of "slipstreaming". Right, like an otherwise content NT 4
based shop can justify upgrading server platforms to W2K server just to
get this sort of functionality. And even if you can, what about
hotfixes.
-- Robert Moir, Microsoft Backoffice MVP http://www.robertmoir.co.uk============================================================================ Delivery co-sponsored by Trend Micro, Inc. ============================================================================ BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000 Earn 5% rebate on licenses purchased for Trend Micro ScanMail for Microsoft Exchange 2000 between October 1 and November 16. ScanMail ensures 100% scanning of inbound and outbound traffic and provides remote software management. For program details or to download your 30-day FREE evaluation copy: http://www.antivirus.com/banners/tracking.asp?si=53&BI;=245&UL;=http://www.ant ivirus.com/smex2000_rebate
- Previous message: Alan Finn: "Folders created by Mac clients override inherited NTFS permission s"
- In reply to: Ryan Russell: "Re: Microsoft Strategic Technology Protection Program"
- Next in thread: Tony Chow: "Re: Microsoft Strategic Technology Protection Program"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
