RE: HFNetChk Pro vs. other means to push out updates
From: Eric (ews@tellurian.net)Date: 03/20/02
- Previous message: Hunter Ely: "HP Jet Direct for the Web"
- Maybe in reply to: Ta Trung T: "RE: HFNetChk Pro vs. other means to push out updates"
- Next in thread: Brett Oliphant: "Re: HFNetChk Pro vs. other means to push out updates"
- Next in thread: Paul Hemstock: "RE: HFNetChk Pro vs. other means to push out updates"
- Reply: Brett Oliphant: "Re: HFNetChk Pro vs. other means to push out updates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 19 Mar 2002 22:28:40 -0800 To: Colin Stefani <cstefani@tideworks.com>, "'emann@questinc.org'" <emann@questinc.org>, focus-ms@securityfocus.com From: Eric <ews@tellurian.net>
I'm giving a public webcast presentation on HFNetChk on April 9th.
(http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com/servicedesks/webcasts/wc040902/wcblurb040902.asp)
(above URL is wrapped)
Among other items, we will discuss how hfnetchk always verifies the
existence of patches via fileversions and checksums. The presentation will
also include a discussion of the next version of the XML schema and hfnetchk.
In order to assist with performing a quick scan, the default action will
first try to determine if the patch may have been applied by looking for
the presence of a patch specific registry key. If this key is not found,
we assume the patch was not applied and label it as not found. If the key
is present, we verify the patch really is installed by checking the
fileversions and checksums of all involved files. In any case, we don't
rely on the presence of a registry key alone to state that a patch has not
been applied. (this has been the default behavior since the first version
of hfnetchk)
If you are concerned that registry keys may not have been written, or have
been overwritten, etc. you can disable the reg checks altogether so that
existence or absence of the patch is verified solely by the checksum and
file version assessment. Use the -z switch as documented in KB article
Q303215. This feature has also been available since the first release of
the tool.
FIY - SMS ships the same version of hfnetchk - an SMS add-on pack includes
the files necessary to automate the hfnetchk scan, file download, and patch
installation.
At 09:44 AM 3/19/2002 -0800, Colin Stefani wrote:
>One product we use for patch distribution is PatchLink (www.patchlink.com),
>which has been good. It's an agent based product that is licensed on a per
>machine/node basis. We use it for all our servers and then use SMS for
>sending out to the workstations, since our workstations are fairly
>standardized the patches are all the same but our servers are different from
>each other in many cases.
>
>Patchlink takes some tweaking, but the company is helpful and willing to
>work with you. It's a commercial product, so it does cost money to use, but
>we felt it did a better job than HFNetChk in terms of looking at
>applications in addition to OS patches as well as the fact is allowed for
>silent distribution and automated reboots. It also performs check summing
>and version checking of files in addition to registry entries, which at the
>time of our evaluation hfnetchk didn't do (or do well) and was something we
>wanted and felt made a patch product more complete.
<snip>
- Previous message: Hunter Ely: "HP Jet Direct for the Web"
- Maybe in reply to: Ta Trung T: "RE: HFNetChk Pro vs. other means to push out updates"
- Next in thread: Brett Oliphant: "Re: HFNetChk Pro vs. other means to push out updates"
- Next in thread: Paul Hemstock: "RE: HFNetChk Pro vs. other means to push out updates"
- Reply: Brett Oliphant: "Re: HFNetChk Pro vs. other means to push out updates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
