Re: Patch push programs for Win2K domain world?
From: Mr. Schnibitz (schnibitz@microsoft.com)
Date: 07/30/02
- Next message: fasyl: "Re: annoying change of the Administrative Tools icons"
- Previous message: Gary Morris: "Re: annoying change of the Administrative Tools icons"
- In reply to: Scott Ehrlich: "Patch push programs for Win2K domain world?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Mr. Schnibitz" <schnibitz@microsoft.com> Date: Tue, 30 Jul 2002 14:10:06 -0700
Hi Scott,
Here are a couple of things I have done. SUS does work, and no, you can't
install it on a domain controller, but you can install it on other servers
in your environment . . . I have done this, and it runs just fine. I have
also heard that if you install it on a normal server, and then promote it to
a DC, it will also work (but is definitely NOT supported). Policies tell
clients when to check for updates, and they do.
Another thing I have done before this though, is I created Windows Installer
files for patches and service packs of all kinds (which was no small task).
Microsoft recommends against this, but they themselves do it with SP2, and 1
(I believe). You can then install those patches using group policy and
Intellimirror. This does a fantastic job of keeping servers up to date, and
also drastically reduces the time it takes to BUILD an updated computer. I
have actually done both methods, and they work quite well. The second
method requires a little more work though. Send me mail, and I will be
happy to forward any docs/resources I have including patches I created.
"Scott Ehrlich" <scott@ai.mit.edu> wrote in message
news:#BhkHnzNCHA.1636@tkmsftngp12...
> Hello to all:
>
> I am testing a Win2K domain environment (Win2K Domain Controller, Win2K
Pro
> PC, XP Pro PC) and am trying to find a reliable security/patch program to
> query the server itself along with domain hosts for needed patches to
push.
>
> Our environment will become a 1 - 3 domain controller world with around
50+
> hosts, with room to grow. We also have many other operating systems and a
> whole variety of hardware.
>
> St. Bernard's UpdateExpert (latest eval version) was a good prospect when
I
> first tried it, but has been an annoyance for the following summarized
> reasons:
>
> - Cannot find a reliable way to query a host or the controller itself for
> needed patches. I only want a list of current patches/fixes, not a
complete
> database which can be confusing to muddle through
>
> - If I select a group of patches
>
> - I may first be warned that the patches need to be downloaded.
> If I don't have enough disk space on the partition, I need to go
into
> the registry to change download location, reboot, and redownload.
>
> - I may be locked into a screen which warns that some patches will
> require a reboot no matter what. What happened to qchain?
>
> - Some patches for Office 2000 asked me for an account and path where the
> Office 2000 files were, and prompted me multiple times. I had selected
the OS
> tab. Why did I get prompted for Office stuff?
>
> - When scheduled for deployment, it sometimes took UE a few hours to push
the
> patch (or more) to a host, wait for the host to shutdown, reboot, and
continue
> to push patches until all were installed. There seemed to be no easy way
to
> shut down the process once it began.
>
>
> Before I rediscovered OE after several months, I wrote a simple .cmd
script to
> push patches to a host and ended it with qchain, which was very fast
(about 5
> minutes max) and worked wonderfully. Only problem was, I had no simply
way
> to only push what a host needed. It was all or nothing.
>
> I thought SUS from Microsoft might be helpful, but it doesn't install on
> domain controllers.
>
> I tried the eval of hfnetchk from Shavlik but it insisted on downloading a
> hotfix according to Shavlik's naming scheme and placing it in a particular
> directory. If I downloaded said hotfixes myself and place them in the
> directory hfnetchk was looking, I still got complaints of non existent
> hotfixes. I thus emailed Shavlik of this problem, and they simply said
it
> was like chasing a moving target; that the problem would be addressed in
the
> next release.
>
> I tried Altiris a while back, but wasn't impressed. Their web page these
days
> looks like it is more cumbersome and costly than we'd be willing to pay.
>
> Is there anything out there, or some decently easy way to script a method
to
> only push what is needed to a queried host or set of hosts, including the
> domain controller?
>
> I don't want to rely on Windowsupdate, as that can miss stuff. I also
want
> to be able to test patches/fixes before they go public. I also want to be
> able to push fixes immediately if something nasty occurs - especially the
> ability to remotely connect and configure something if something really
bad
> hits so I can push out a fix overnight while I'm at home.
>
> Thanks for ANY leads/advice/stories/etc.
>
> Scott, MIT AI Lab
- Next message: fasyl: "Re: annoying change of the Administrative Tools icons"
- Previous message: Gary Morris: "Re: annoying change of the Administrative Tools icons"
- In reply to: Scott Ehrlich: "Patch push programs for Win2K domain world?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
