RE: MS Software Update Service

From: Thane Walkup (twalkup@quorumreview.com)
Date: 02/24/03

  • Next message: Nicko Demeter: "RE: Monitor Services on Windows machines" 
    Date: Mon, 24 Feb 2003 13:22:48 -0800
From: "Thane Walkup" <twalkup@quorumreview.com>
To: <focus-ms@securityfocus.com>

    The most recent version of SUS has a few more options about patch
    rescheduling, for working around the issue of scheduled installation
    times.

    We have a number of users that work from home, and I am currently
    experimenting with self-patching via SUS. SUS does not download the
    patches at the scheduled time - instead, it pre-downloads the patches,
    stores them locally, then installs them when the scheduled time occurs,
    if you have set it for that option. Until we get SUS SP1 rolled out, I
    have been experimenting with the option of having the end users be
    notified to install the patches when they have been downloaded. The two
    users that I have been working with have been successful in triggering
    automatic updates, even though they do not have administrative
    privileges.

    -----Original Message-----
    From: Anonymous [mailto:cripto@ecn.org]
    Sent: Friday, February 21, 2003 12:48 PM
    To: focus-ms@securityfocus.com
    Subject: Re: MS Software Update Service

    The biggest problem that I have with SUS is that in the scenario
    described below (roll out patches at 3:00 am), laptop (which are
    presumable at users homes) and workstations (which are sometimes turned
    off at night) will never get updated. Even if you tell users to leave
    their machines on you have no guarentees.
    If a user doesn't have administrative privledge to their machine there
    are very few options for scheduling the install and reboot. Basicly you
    are forced to pick a time and make it happen. Which is better, at night
    when only workstation that have left on (or are in use) get the updates,
    or reboot in the middle of the business day (management loved this
    option)?
    I'd use SUS if the client simply checked at boot up to see if it missed
    a scheduled update and, if so, performed it then.

    Has anyone found a way around that?

    Regards

    Relevant Pages

    • RE: SuS updates
      ... In regards to this SuS topic, I am having several issues myself with my SuS ... Windows Updates, but they are not downloading or installing the updates. ... there are updates available for download or for install. ... reboot, but will not be able to postpone the reboot. ...
      (Focus-Microsoft)
    • Re: running patches as admin
      ... Note that the free version will only install critical updates and security ... SUS needs to be installed on a IIS server. ... installs operating system critical updates and security rollup packages. ...
      (microsoft.public.win2000.security)
    • Re: Not sure if this is the right place but
      ... Note that the free version will only install critical updates and security ... SUS needs to be installed on a IIS server. ... installs operating system critical updates and security rollup packages. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Deploying Crit Updates
      ... Note that the free version will only install critical updates and security ... SUS needs to be installed on a IIS server. ... a more comprehensive version of SUS is available that can download and install ...
      (microsoft.public.security)
    • Re: Scheduled Updates Reboots Machines
      ... > Updates are set to automatically download and then ... > rights so they are not prompted to install them after the ... > apparent problems until last week - The updates rebooted ... You could look at Microsoft Software Update Services (SUS). ...
      (microsoft.public.windowsxp.security_admin)