RE: WSUS/Reboot
Mike.Carney_at_bentley.com
Date: 06/17/05
- Previous message: Paul: "Re: IE in Kiosk mode"
- Maybe in reply to: Ronald Balk: "WSUS/Reboot"
- Next in thread: David LeBlanc: "RE: WSUS/Reboot"
- Reply: David LeBlanc: "RE: WSUS/Reboot"
- Reply: Kim Lvheim Pedersen: "RE: WSUS/Reboot"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 17 Jun 2005 10:35:11 -0400 To: <r.balk@nl.intrum.com>, <focus-ms@securityfocus.com>
Hi Ronald,
Your probably going to hate this answer but I'm going through the same
process here myself.
The best way to keep yourself and the company as a whole covered as far
as down time is sit down with the business side of the company and
determine what your maintenance windows are. From there you can develop
a list of servers and there availability to be patched and rebooted.
It really needs to become a policy rather than a technical question.
For example,
You will go to management and say when can this set of servers be
rebooted(make sure they know this means downtime), you list the server
names and in there they will see your e-mail and database servers. To
which they will respond "these can't be down" and you will have to
explain that this is possible but it will cost a ton of money to cluster
the servers they have said "can't be down" and if they don't patch the
servers they can become infected or hacked and the company will have an
extended period of down time due to a virus taking out the server or the
other(perhaps scarier scenario) is that the company would have to go to
their customers and explain why there data was stolen.
At this point the business side will either pony up the money to cluster
the systems or they will work with you to find the different windows
during the month/week that you are able to patch the servers and reboot
them.
You should also work in here the emergency patching that may need to
occur if a large virus outbreak occurs.
Anyway, good luck on this, it is a lengthy process that you have to go
through, but in the end you will be able to have a good idea when things
can be patched and rebooted and have ammo if anything bad were to
happen.
Thanks,
Mike
Msoft Doc:
http://www.microsoft.com/downloads/details.aspx?FamilyID=227ad5a5-676f-4
f00-bc7a-3c7058f1f327&DisplayLang=en
-----Original Message-----
From: Ronald Balk [mailto:r.balk@nl.intrum.com]
Sent: Friday, June 17, 2005 5:31 AM
To: focus-ms@securityfocus.com
Subject: WSUS/Reboot
Hiya all,
We have been testing with this new WSUS from MS.
All seems fine -;)
My question is how to handle the server reboots after a installed
security patch which requires a reboot.
We hold about 150 servers, mixed Exchange, reverse proxy, Sql etc.etc.
Whats the best way to manage this ?
Thanks
Ronald Balk
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Paul: "Re: IE in Kiosk mode"
- Maybe in reply to: Ronald Balk: "WSUS/Reboot"
- Next in thread: David LeBlanc: "RE: WSUS/Reboot"
- Reply: David LeBlanc: "RE: WSUS/Reboot"
- Reply: Kim Lvheim Pedersen: "RE: WSUS/Reboot"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
