Re: Microsoft SUS on Apache?

From: John Tracy (tracy_at_kepler.covenant.edu)
Date: 01/12/04

  • Next message: R. DuFresne: "Re: Auditing / Logging"
    Date: Mon, 12 Jan 2004 15:41:34 -0500
    To: jburzenski@americanhm.com, security-basics@securityfocus.com
    
    

    Hi Jason,
          I would seriously doubt that this would work well. When you use
    Software Update Services, it's not identical to using
    http://windowsupdate.microsoft.com. First, you don't open up
    http://localsusserver in a web browser and start your updates. The SUS
    server is a mirror of the patches available at Windowsupdate, but the
    way that end users actually get the patches installed is different.
          The best way to deliver the patches to the end users is to setup a
    Group Policy which tells domain member machines to get their Windows
    update from http://localsusserver. Then the clients automatically detect
    (and/or download and/or install) when new updates are available. The end
    user never sees the familiar website--it's handed by the Windows Update
    client, which is installed automatically with SP3 in Windows 2k, and I
    believe by default with Windows XP (SUS doesn't provide patches for OS's
    older than Windows 2000). The Windows Update client software is the only
    way that client machines can get updates from an SUS server that I'm
    aware of.
          If you're running a network of domain member machines that are
    primary Windows 2000 and above, with a Windows domain controller, this
    is wonderful software. It might be worth the cost of an additional
    server license if you consider the cost savings in manhours (of course
    if the software was written better to begin with, that would be an
    entirely different story).
          The primary audience for SUS seems to be corporate LANs that are
    fairly homogeneous anyway--and would likely have a Windows server that
    is already licensed sitting around, and hence the ability to throw an
    extra service on it.

    Hope this helps... feel free to throw any questions/thoughts/flames my way.

    John Tracy

    > Does anyone have any experience trying to get SUS running on an open source
    > web server?
    >
    > I haven't looked at the license agreement for SUS but I would imagine there
    > is language in there making this illegal or restricted. Anyone read it over
    > recently who can comment on this?
    >
    > Justifying the cost for SUS (free) is easy until you realize you have to pay
    > for a Microsoft Server license to run it.

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------


  • Next message: R. DuFresne: "Re: Auditing / Logging"

    Relevant Pages

    • RE: Deploying Microsoft patches
      ... Try SUS from M$. ... windows update server for your organization. ... You can't use SUS to deploy your own updates (you can use this tool to ...
      (Security-Basics)
    • SUS broken upon installing KB867460 (.NET Framework 1.1 SP1)
      ... Windows Server 2003 Standard ... Via Windows Update site, updated only one update, KB867460 ... Now, trying to access SUSAdmin website, ... Spoke with MS tech support. ...
      (NT-Bugtraq)
    • Re: Upgrading from SUS to WSUS
      ... About those policies for WSUS, ... How to install Windows Server Update Services on SBS 2003: ... Well i never got SUS to actually update my ... > Config, then Admin, Temp, ten Windows Components, and Windows Update. ...
      (microsoft.public.windows.server.sbs)
    • Pervasive SQL 9.0 performance issue on a Terminal Services server with Windows 2003
      ... Windows desktop (Historically this has been Windows NT - we have ... server license on the server with a 6 user license. ... Was it really necessary to go to the server license (it was at quite ... log off all 42 Terminal service sessions and then kill the Perviase ...
      (comp.databases.btrieve)
    • Re: SUS Group Policy
      ... I would suggest that you take a look at the Softwareupdatesvcs NG as there ... This is the homepage for SUS. ... it on a server of your choice. ... > running under a Windows 2000 Active Directory. ...
      (microsoft.public.win2000.active_directory)