RE: MS Software Update Service
From: Brad Judy (judy@colorado.edu)
Date: 02/20/03
- Previous message: ATarasul@SpencerStuart.com: "RE: Restricting CmdExec Rights to Sysadmin"
- In reply to: Starks, Brad: "MS Software Update Service"
- Next in thread: m0use: "RE: MS Software Update Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Brad Judy" <judy@colorado.edu> To: "'Starks, Brad'" <BStarks@co.marin.ca.us>, <focus-ms@securityfocus.com> Date: Thu, 20 Feb 2003 13:11:14 -0700
I've been playing with SUS for a while, but not using it in production.
There was a discussion on the topic recently on another list where
various solutions including SUS, SMS, and third-party tools were
discussed. Overall there seemed to be no ideal tool and different
environments were better suited to different tools.
There are some definite pros and cons for SUS. The most notable pro, of
course, is the price. It is a free (outside of Windows Server licenses)
solution for allowing clients to grab critical updates from a local,
approved list.
There are several cons:
-Limited scope of patches (critical updates to IE and OS only)
-Scheduled pull topology (can't push out an urgent patch)
-Poor logging (minimal server-side logging and some client-side logging)
Overall it's something to consider, but not nearly the same as the
third-party solutions you mentioned. Those allow for a much broader
range of patches to be applied and are generally push based. Personally
I found Hfnetchk Pro to be the most appealing of the tools I tried, but
the minimum license size of 50 systems was not appealing to someone who
maintains only a handful of infrastructure servers.
For our distributed environment the current version of SMS is not
manageable due to its need for domain admin level access. I am hopeful
that the next version will have more potential for environments like
mine.
Brad Judy
Information Technology Services
University of Colorado at Boulder
> -----Original Message-----
> From: Starks, Brad [mailto:BStarks@co.marin.ca.us]
> Sent: Wednesday, February 19, 2003 5:43 PM
> To: 'focus-ms@securityfocus.com'
> Subject: MS Software Update Service
>
>
> Hi everyone,
>
> Microsoft's Software Update Service has been out for awhile
> (they've recently released a service pack for it, too) and I
> was curious as to what folks think about it. If you're using
> this technology, are you happy with it? How well does it suit
> your needs? Is it comparable to other solutions like Update
> Expert, Hfnetchk Pro, Net Octopus, etc.?
>
> In addition, has anyone used the Feature Pack for SMS that
> contains the SUS (as well as all kinds of additional)
> components? How does that compare to the standard SUS?
>
> Thanks in advance,
>
> Brad Starks
> IST Security Team
> County of Marin
>
- Next message: Romulo M. Cholewa: "RES: MS Software Update Service [LIN-L1FFC14]"
- Previous message: ATarasul@SpencerStuart.com: "RE: Restricting CmdExec Rights to Sysadmin"
- In reply to: Starks, Brad: "MS Software Update Service"
- Next in thread: m0use: "RE: MS Software Update Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
