Re: WSUS/Reboot

From: Martin Mewes (mm_at_mewes.tv)
Date: 06/27/05

  • Next message: Susan Bradley: "Re: WSUS/Reboot"
    To: focus-ms@securityfocus.com
    Date: Mon, 27 Jun 2005 19:20:45 +0200
    
    

    Hello,

    "Depp, Dennis M." <deppdm@ornl.gov> wrote :
    > So why aren't the patches smart enough to stop and restart the
    > necessary services? IMHO there is a big difference in bouncing a
    > service and bouncing the entire box. For starters there is a big
    > time differece. It takes much longer to bounce a box than to bounce a
    > service. During a server bounce, there is a much greater chance of
    > something else going wrong. Ever have a box reboot with an error
    > "Key board not found, Press F1 to continue."?

    Good catch ;-)

    > -----Original Message-----
    > From: David LeBlanc [mailto:dleblanc@mindspring.com]
    > Sent: Saturday, June 25, 2005 5:53 PM
    > To: 'Martin Mewes'; focus-ms@securityfocus.com
    > Subject: RE: WSUS/Reboot
    [...]
    > Reducing reboots is something that I know is a priority for
    > Microsoft, and you're right - having systems rebooting all the time is
    > a problem, even if they're just desktops. I think you'll see
    > improvement on this over time, and one of the new features of WSUS I
    > notice is immediate application of patches that don't need reboots.

    Obviously I noticed that WSUS does not respect the settings I set.
    In my test area I configured that patches are installed "behind the
    scenes" and the machine shall not be rebooted as they are turned off by
    the users every evening.

    If the logged on user is a non-admin (default) he/she is presented a
    dialog box to make sure to click on OK to reboot the machine not having
    the chance clicking on CANCEL which is greyed out.

    This is by far not what I want. I want WSUS to install updates during
    the shutdown of a machine without begging the user for clicking on OK.

    > However, they way that you get this system uptime on most *nix
    > systems is to drop the service in question, apply patches and restart
    > the service.

    The problem is that sometimes you do not know which services to stop in
    order to just be able to restart a service instead of restarting the
    complete machine.

    - Way back I fell over that Outlook did not work anymore because I
    de-installed Outlook Express which still does not do any sense to me.
    - Or why do I need to reboot the machine if I apply a patch for Internet
    Explorer even if I do not have one single window open (reason is that
    parts of the Internet Explorer are being used by the Windows Explorer).
    - Windows seems not to be able to just unload dll's "on the fly",
    install a new one and load that one again.

    Please prove me wrong or right about that latter.

    bis dahin/kind regards

    Martin Mewes

    -- 
    Richtiges Zitieren in Mailinglisten und Newsgroups
    -> http://www.afaik.de/usenet/faq/zitieren/
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Susan Bradley: "Re: WSUS/Reboot"

    Relevant Pages

    • RE: WSUS/Reboot
      ... So why aren't the patches smart enough to stop and restart the necessary ... bouncing the entire box. ... Ever have a box reboot with an error "Key board not found, ...
      (Focus-Microsoft)
    • Re: SUM Question
      ... SMS and the patches both have ways to surpress the reboot and you can ... reboot, have the patch NOT reboot the system but have SMS reboot it with a 5 ... Forcing the system to restart w/o an user input is a BAD thing as they can ...
      (microsoft.public.sms.admin)
    • Server Reboots after Logging Off RDP
      ... I noticed that if patches had been installed on the server and are waiting ... for a reboot (asking "restart now or restart later") and I logoff the server, ... the server will reboot on it's own. ...
      (microsoft.public.windows.server.sbs)
    • Re: Windows Server 2003 install security updates with no restart
      ... I am trying to find a solution to install security updates on Server ... 2003 without having to restart the server to fully apply the updates. ... Early on MS had a policy to design patches to be "reboot proof". ...
      (microsoft.public.windows.server.general)
    • Windows XP home edition
      ... >Can you access safe mode via the BIOS? ... >To prevent resets interupting the downloading of patches ... >Turn off Automatic Reboot, if you haven't already. ... >virus forum.Even if you elect to reformat,please report ...
      (microsoft.public.windowsxp.security_admin)