RE: WSUS/Reboot

From: Kim Lvheim Pedersen (kipe98ab_at_hotmail.com)
Date: 06/20/05

  • Next message: Peter Rodger: "Disclaimer on Active/active clustered exchange servers" 
    To: Mike.Carney@bentley.com, r.balk@nl.intrum.com, focus-ms@securityfocus.com
Date: Mon, 20 Jun 2005 11:07:28 +0200

    Hi Ronald,

    I agree. We have been through the same procedure and the attitude from the
    company is positive as they understand that we maintain a secure
    environment.

    We have defined who are the server-owners. They get a limited time-frame to
    run the actual patch install. If they do not run the install, we run it
    without further warning and reboot the server withing the maintenance window
    (we do not allow updates to be posthoned more than a few days).

    Rgds,
    Kim...

    >From: <Mike.Carney@bentley.com>
    >To: <r.balk@nl.intrum.com>, <focus-ms@securityfocus.com>
    >Subject: RE: WSUS/Reboot
    >Date: Fri, 17 Jun 2005 10:35:11 -0400
    >
    >Hi Ronald,
    >
    >Your probably going to hate this answer but I'm going through the same
    >process here myself.
    >
    >The best way to keep yourself and the company as a whole covered as far
    >as down time is sit down with the business side of the company and
    >determine what your maintenance windows are. From there you can develop
    >a list of servers and there availability to be patched and rebooted.
    >
    >It really needs to become a policy rather than a technical question.
    >For example,
    >
    >You will go to management and say when can this set of servers be
    >rebooted(make sure they know this means downtime), you list the server
    >names and in there they will see your e-mail and database servers. To
    >which they will respond "these can't be down" and you will have to
    >explain that this is possible but it will cost a ton of money to cluster
    >the servers they have said "can't be down" and if they don't patch the
    >servers they can become infected or hacked and the company will have an
    >extended period of down time due to a virus taking out the server or the
    >other(perhaps scarier scenario) is that the company would have to go to
    >their customers and explain why there data was stolen.
    >
    >At this point the business side will either pony up the money to cluster
    >the systems or they will work with you to find the different windows
    >during the month/week that you are able to patch the servers and reboot
    >them.
    >
    >You should also work in here the emergency patching that may need to
    >occur if a large virus outbreak occurs.
    >
    >Anyway, good luck on this, it is a lengthy process that you have to go
    >through, but in the end you will be able to have a good idea when things
    >can be patched and rebooted and have ammo if anything bad were to
    >happen.
    >
    >Thanks,
    >
    >Mike
    >
    >Msoft Doc:
    >http://www.microsoft.com/downloads/details.aspx?FamilyID=227ad5a5-676f-4
    >f00-bc7a-3c7058f1f327&DisplayLang=en
    >
    >-----Original Message-----
    >From: Ronald Balk [mailto:r.balk@nl.intrum.com]
    >Sent: Friday, June 17, 2005 5:31 AM
    >To: focus-ms@securityfocus.com
    >Subject: WSUS/Reboot
    >
    >
    >Hiya all,
    >
    >We have been testing with this new WSUS from MS.
    >All seems fine -;)
    >My question is how to handle the server reboots after a installed
    >security patch which requires a reboot.
    >We hold about 150 servers, mixed Exchange, reverse proxy, Sql etc.etc.
    >Whats the best way to manage this ?
    >
    >Thanks
    >Ronald Balk
    >
    >------------------------------------------------------------------------
    >---
    >------------------------------------------------------------------------
    >---
    >
    >
    >---------------------------------------------------------------------------
    >---------------------------------------------------------------------------
    >

    _________________________________________________________________
    Få alle de nye og sjove ikoner med MSN Messenger http://messenger.msn.dk/

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Peter Rodger: "Disclaimer on Active/active clustered exchange servers"

    Relevant Pages

    • Multiple problems with Win2003 SP2
      ... servers servers running Win2003 R2, but on a further two 32-bit member ... reboot = No, reboot required = No ... Content Install Installation Failure: Windows failed to install the ...
      (microsoft.public.windows.server.general)
    • Re: Multiple problems with Win2003 SP2
      ... servers servers running Win2003 R2, but on a further two 32-bit member ... reboot = No, reboot required = No ... Content Install Installation Failure: Windows failed to install the ...
      (microsoft.public.windows.server.general)
    • Re: Cannot RDP to Win2003 Server after 1st reboot
      ... and install updates on these servers, ... finishes after the first reboot, ... RDP fails after ...
      (microsoft.public.windows.terminal_services)
    • Re: So is anybody having fun with Win Xp?
      ... lets call a spade a spade here, I just bought a new mactel, and I LOVE ... The only time I ever needed to reboot the XP machine, ... software install needed it to. ... on Dell Poweredge rackmount servers. ...
      (comp.sys.mac.system)
    • Re: JCIFS18_15_5D
      ... a Cisco wireless network where we searched for the PC names but did ... remember that the issued went away after we rebooted the servers. ... that this is a naming convention used by some OS or service. ... And ofcourse you should reboot the servers after installing ...
      (microsoft.public.windows.server.general)