Delivering Windows OS Updates at Yale with SUS EDUCAUSE Security Professionals Workshop May 17, 2004 Washington DC Ken Hoover, Systems Programmer

Slides:



Advertisements
Similar presentations
Auditing Microsoft Active Directory
Advertisements

A Successful Help Desk Process for all IT Support
What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.
Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.
© Copyright Computer Lab Solutions All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.
Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Design & Development Scott Battaglia Application Developer Enterprise Systems and Services Rutgers, the State University of New Jersey
Copyright Sylvia Maxwell and Michael White, This work is the intellectual property of the author. Permission is granted for this material to be shared.
Seeing the Forest and the Acorns in the Decision Tree Sandy Burke Computing Center HelpDesk Manager Copyright Sandy Burke, This work is the intellectual.
Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.
Patch Management –Pedro Carrasquilla –Sean Garrett –Jeni Li Arizona State University East Information Technology October 2, 2003 By Presented to WNUG/CCC.
Office of the Vice President Copyright Notice Copyright Greg Hedrick, Matthew Wirges This work is the intellectual property of the author. Permission.
Deploying Tools for Cleaning Personal Information University of Pennsylvania School of Arts and Sciences Justin C. Klein Keane Sr. Information Security.
Copyright Steve Brandt This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Copyright Statement © Jason Rhode and Carol Scheidenhelm This work is the intellectual property of the authors. Permission is granted for this material.
Copyright Dong Chen, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Copyright Anthony K. Holden, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
1 EDUCAUSE 2002 IT Support Community Training Model University of Colorado at Boulder.
Unraveling Web Development PRESENTERS: Bob Nakles and Paras Kaul, George Mason University.
Western Illinois University - Electronic Student Services Copyright Statement Copyright Western Illinois University – Electronic Student Services 2001.
Mobile Computing and Security Authenticated Network Access (ANA) Jon Peters Associate Director Dave Packham Manager of Network Engineering NetCom University.
University of California, Irvine Security Access Management at UC Irvine: Adding Decentralization and Ending Paper Mark Askren, Assistant Vice Chancellor.
Jeff McKinney Exchange to Mirapoint Migration January 11, 2006 Securing Exchange to Mirapoint Jeff McKinney University of Maryland Dept of Electrical.
Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, This work is the intellectual.
Patch management using Microsoft Software Update Service 1.0 SP1 Chris Hughes, Systems Architect Warrington College of Business
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
Baylor University and Xythos EduCause Southwest 2007 Dr. Sandra Bennett Program Manager Online Teaching and Learning System Copyright Sandra Bennett 2007.
Marywood University, Scranton, PA Small Staff– Big Demands : Computer Training and User Support in Higher Education Kay McClintock, M.S. Coordinator of.
Sharing MU's SharePoint Experience 2005 Midwest Regional Conference Innovative Use of Technology: Getting IT Done Wednesday, March 23, 2005.
Best Practices For Using Technology To Deliver Instructional Support Services Dr. Steven G. Sachs Northern Virginia Community College Copyright Steven.
Group Policy in Microsoft Windows Active Directory.
Module 16: Software Maintenance Using Windows Server Update Services.
1 No More Paper, No More Stamps: Targeted myWSU Communications Lavon R. Frazier April 27, 2005 Copyright Lavon R. Frazier, This work is the intellectual.
Page 1 Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for.
Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.
Information Technology Services 1 Copyright Copyright Marc Wallman and Theresa Semmens, This work is the intellectual property of the authors. Permission.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
IT:Network:Microsoft Server 2 Chapter 27 WINDOWS SERVER UPDATE SERVICES.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
Title: Developing a Multimedia Tutorial Style Guide to Expand Student Training Author: Suzie Medders, Student Training Coordinator Educational Technology.
Discussion Panelists: Justin C. Klein Keane Sr. Information Security Specialist University of Pennsylvania Jonathan Hanny Application Security Specialist.
Web-based Knowledge Sharing Tools The Case of Drylands Resources Knowledge & Practice Network -- Botswana, Kenya and Mali Pauline W. Maingi, Kimetrica.
The Real At Risk E-Content: University Web Resources EDUCAUSE Joanne Kaczmarek University of Illinois at Urbana-Champaign Taylor Surface OCLC October 12,
Copyright Copyright University of Washington This work is the intellectual property of the author. Permission is granted for this material to be.
1 Professor Emeritus Ray Schroeder Director of Technology-Enhanced Learning University of Illinois at Springfield Copyright Ray Schroeder, This work.
Security Access Management at UCI – Slaying the Paper Forms Dragon Mark Askren, Assistant Vice Chancellor Valerie Jones, Project Lead Jennifer Lane, Help.
Copyright © 2003, The University of Texas at Austin. This work is the intellectual property of the author. Permission is granted for this material to be.
Copyright David A. Cox This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
(C) , CyberLearning Labs, Inc. Introduction to ANGEL EDUCAUSE Midwest Regional Conference March 26, 2003 Christopher Clapp
Microsoft Management Seminar Series SMS 2003 Change Management.
Integration is Critical for Success Curriculum Course Delivery Ongoing Support Instructor & Learner.
11 IMPLEMENTING AND MANAGING SOFTWARE UPDATE SERVICES Chapter 7.
EDUCAUSE 2003 Copyright Toshiyuki Urata 2003 This work is the intellectual property of the author. Permission is granted for this material to be shared.
WebISO, Single Sign-On & Authorization General Overview Shelley Henderson Project Manager, Grid Software USC Information Services Copyright.
Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.
© 2009 Pittsburgh Supercomputing Center Server Virtualization and Security Kevin Sullivan Copyright Kevin Sullivan, Pittsburgh Supercomputing.
Copyright Michael White and Sylvia Maxwell, This work is the intellectual property of the author. Permission is granted for this material to be shared.
© Scottsdale Community College Leveraging the Power of E-Learning Taking your course to a higher level Presented by Sidne Tate Director, Instructional.
Jill Forrester and David Kelly| October 20, 2011
Federated Identity Management at Virginia Tech
Julian Hooker Assistant Managing Director Educause Southwest
Defining an IT Workflow, from Request to Support
Copyright Notice Copyright Bob Bailey This work is the intellectual property of the author. Permission is granted for this material to be shared.
Project for OnLine Instructional Support (POLIS)
myIS.neu.edu – presentation screen shots accompany:
Signet Privilege Management
An App A Day Copyright Tina Oestreich and Brian Yuhnke This work is the intellectual property of the author. Permission is granted for this material.
Signet Privilege Management
Bad News Messages: How Much and How Often?
Presentation transcript:

Delivering Windows OS Updates at Yale with SUS EDUCAUSE Security Professionals Workshop May 17, 2004 Washington DC Ken Hoover, Systems Programmer Copyright Ken Hoover This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Background and Numbers  ~18,000 hosts, est. 75% WinTel (~13.5K)  Mature Active Directory ~49K users, ~12K computers, OU’s ~49K users, ~12K computers, OU’s  Many semi-independent IT groups  We needed a solution that: Was open to all managed systems Was open to all managed systems Had a convincing case for adoption Had a convincing case for adoption Accommodated all levels admin ability Accommodated all levels admin ability Easy to implement at the client level Easy to implement at the client level Didn’t look like a takeover to departmental IT Didn’t look like a takeover to departmental IT … and cheap. … and cheap.

A Look at SUS  Software Update Services (SUS) v1 One server can deliver updates to a large number of clients One server can deliver updates to a large number of clients Client settings managed with Group Policy Client settings managed with Group Policy  Boundary of administration for SUS is the server Clients associate with one server Clients associate with one server Admin approves updates Admin approves updates Servers can be linked Servers can be linked

How Yale Implemented SUS  First SUS server went online in October 2003  General scheme of operation: Yale FAQ posted on web Yale FAQ posted on web Sample GPO provided with functional settings Sample GPO provided with functional settings SUS admins compare test results on new updates before releasing them SUS admins compare test results on new updates before releasing them Notification of client support staff when updates are released Notification of client support staff when updates are released  Currently three dominant SUS servers run by large IT groups plus a few “local” ones.  The large servers together have approximately 5,900 clients.

More on Implementation…  Education/adoption push to department-level IT staff  Support groups may use an existing SUS server or set up their own If someone associates their system with a SUS server, they are implicitly agreeing to live with that server’s administrators’ judgment on releasing updates. If someone associates their system with a SUS server, they are implicitly agreeing to live with that server’s administrators’ judgment on releasing updates.  The reboot “problem” If updates are installed automatically, client systems may reboot automatically at the designated time. If updates are installed automatically, client systems may reboot automatically at the designated time. Information provided on how to have specified systems “opt out” of the SUS policy. Information provided on how to have specified systems “opt out” of the SUS policy.

SUS Limitations and Workarounds  Can not approve an update for subsets of client systems  No reporting of client activity, but information can be pulled from IIS logs… “SUS Client Status Checker” web site “SUS Client Status Checker” web site Configured to limit information “leakage” to outsidersConfigured to limit information “leakage” to outsiders amt-sus1.its.yale.edu/checkamt-sus1.its.yale.edu/check Another SUS Reporting Utility Another SUS Reporting Utility

SUS 2.0  In beta, currently named “Windows Update Services”  Better tracking, reporting and forced-uninstall capability  Delivery of many more kinds of updates All Windows OS’s (incl. Datacenter) All Windows OS’s (incl. Datacenter) Exchange, SQL Server, Office XP and Office 2003 Exchange, SQL Server, Office XP and Office 2003 Service Packs, SDK’s, Tools, Feature Packs Service Packs, SDK’s, Tools, Feature Packs Drivers Drivers  Updates can be targeted to groups of systems  Can’t delegate authority over part of the SUS client base to an “untrusted” admin

Closing Ken Hoover Yale Q&A web page (for Yale departmental IT) wss.yale.edu/win2k/sus-information.html “SUS Client Status Checker”: amt-sus1.its.yale.edu/check Useful SUS information, tools and resources

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.