RE: patching servers...

We use a combo if VNCScan ( and Altiris
( to deploy patches to any software that is not
covered by the Microsoft SUS services.

The vncscan lets us remotely connect to do things manually when Altiris
fails and it also lets us remotely execute scripts on the remote

I guess that the more tools that you have in your tool box, the better.

- Steve

-----Original Message-----
From: Duncan [mailto:irish_celtic@xxxxxxxxx]
Sent: Wednesday, January 11, 2006 11:20 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Re: patching servers...

We're starting to use Symantec LiveState Recovery Adv.
Server. It allows you to take a snapshot in time of the server, just
prior to applying security updates and service packs. If you have VSS,
it can even backup the VSS-enabled databases without taking them
They also support V-to-P and P-to-V. Very nice for integrating with
VMWare and/or Virtual Server.

There's an online forum,, that is dedicated to
Symantec products. So, if you'll like to discuss this particular
solution more, I'd suggest starting a thread there.

Good luck

--- StefanDorn@xxxxxxxxxxx wrote:

> If you have any spare hardware for it, setting up a small test
> environment can help, especially if you are running any custom
> software on your servers. That way, you have another layer of
> protection against the
> update(s) you are installing blowing your production servers out of
> the water. The initial cost of setting up a test server should pay for

> itself shortly by saving you a few "oh, crap" moments each year.
> As far as testing the patches on a test system goes, you just want to
> run a server through all possible scenarios. Run everything that you
> expect to work on a regular basis, test any services that the server
> provides to end users, and so on.. checking your event log and any
> application specific logs for errors is probably the easiest route for

> that.
> And of course, always read release notes for any known issues or
> conflicts introduced by a patch.
> Stefan Dorn
> Murad Talukdar <talukdar_m@xxxxxxxxxx> wrote on
> 01-09-2006 11:06:22 PM:
> > Hi all,
> > I wanted to get a few ideas of what people do to
> test their systems once
> > they have applied a patch/hotfix.
> >
> > Currently I pull one of the hotswap drives that
> has the OS mirrored on
> it
> > and then let it run with the patch applied for a
> few days/week before
> > letting it rebuild.
> > In that time I will check things like event
> logs/performance and do some
> > general 'listening' for any issues.
> > Does anyone have a more scientific method? What do
> you keep an eye on?
> Also,
> > Do you actually ever check whether the
> vulnerability(for example) that
> the
> > patch was designed to thwart has actually been
> plugged?
> > In the last two years I've only had one instance
> of a patch causing an
> OS to
> > fail--and then just removing and then reapplying
> the patch seemed to
> work
> > just fine. However, I don't want to get
> complacent.
> >
> > Kind Regards
> > Murad Talukdar
> >
> >
> >
> >
> >
> >
> >
> >
> >
> PRIVACY NOTICE: This e-mail message, including any attachments, is for

> the sole use of the intended recipient(s) and may contain business
> confidential and privileged information. Any unauthorized review,
> use, disclosure or distribution is prohibited. If this e-mail was not

> intended for you, please notify the sender by reply e-mail that you
> received this in error. Destroy all copies of the original message
> and attachments.

Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around