Patch push programs for Win2K domain world?
From: Scott Ehrlich (scott@ai.mit.edu)
Date: 07/29/02
- Next message: Mollie Peck: "Re: Use of NetUser API"
- Previous message: Robert Moir: "Re: FTP ACL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: scott@ai.mit.edu (Scott Ehrlich) Date: Mon, 29 Jul 2002 19:45:20 GMT
Hello to all:
I am testing a Win2K domain environment (Win2K Domain Controller, Win2K Pro
PC, XP Pro PC) and am trying to find a reliable security/patch program to
query the server itself along with domain hosts for needed patches to push.
Our environment will become a 1 - 3 domain controller world with around 50+
hosts, with room to grow. We also have many other operating systems and a
whole variety of hardware.
St. Bernard's UpdateExpert (latest eval version) was a good prospect when I
first tried it, but has been an annoyance for the following summarized
reasons:
- Cannot find a reliable way to query a host or the controller itself for
needed patches. I only want a list of current patches/fixes, not a complete
database which can be confusing to muddle through
- If I select a group of patches
- I may first be warned that the patches need to be downloaded.
If I don't have enough disk space on the partition, I need to go into
the registry to change download location, reboot, and redownload.
- I may be locked into a screen which warns that some patches will
require a reboot no matter what. What happened to qchain?
- Some patches for Office 2000 asked me for an account and path where the
Office 2000 files were, and prompted me multiple times. I had selected the OS
tab. Why did I get prompted for Office stuff?
- When scheduled for deployment, it sometimes took UE a few hours to push the
patch (or more) to a host, wait for the host to shutdown, reboot, and continue
to push patches until all were installed. There seemed to be no easy way to
shut down the process once it began.
Before I rediscovered OE after several months, I wrote a simple .cmd script to
push patches to a host and ended it with qchain, which was very fast (about 5
minutes max) and worked wonderfully. Only problem was, I had no simply way
to only push what a host needed. It was all or nothing.
I thought SUS from Microsoft might be helpful, but it doesn't install on
domain controllers.
I tried the eval of hfnetchk from Shavlik but it insisted on downloading a
hotfix according to Shavlik's naming scheme and placing it in a particular
directory. If I downloaded said hotfixes myself and place them in the
directory hfnetchk was looking, I still got complaints of non existent
hotfixes. I thus emailed Shavlik of this problem, and they simply said it
was like chasing a moving target; that the problem would be addressed in the
next release.
I tried Altiris a while back, but wasn't impressed. Their web page these days
looks like it is more cumbersome and costly than we'd be willing to pay.
Is there anything out there, or some decently easy way to script a method to
only push what is needed to a queried host or set of hosts, including the
domain controller?
I don't want to rely on Windowsupdate, as that can miss stuff. I also want
to be able to test patches/fixes before they go public. I also want to be
able to push fixes immediately if something nasty occurs - especially the
ability to remotely connect and configure something if something really bad
hits so I can push out a fix overnight while I'm at home.
Thanks for ANY leads/advice/stories/etc.
Scott, MIT AI Lab
- Next message: Mollie Peck: "Re: Use of NetUser API"
- Previous message: Robert Moir: "Re: FTP ACL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
