Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.

Slides:

Advertisements

Similar presentations

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

Advertisements

SUS Feature Pack for SMS Michel Jouvin LAL / IN2P3

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

WSUS Presented by: Nada Abdullah Ahmed.

Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.

NREL is a national laboratory of the U.S. Department of Energy Office of Energy Efficiency and Renewable Energy operated by the Alliance for Sustainable.

Patch Management –Pedro Carrasquilla –Sean Garrett –Jeni Li Arizona State University East Information Technology October 2, 2003 By Presented to WNUG/CCC.

WSUS Windows Update Services

Microsoft Windows Server 2008 Software Deployment Chris Rutherford EKU Technology: CEN/CET.

Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

Microsoft Security Resources. URL’s for this talk All URL’s mentioned in this talk can be found here: All URL’s mentioned in this talk can be found here:

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

Week 12 - Lesson 19: Configuring and Managing Updates

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

Maintaining and Updating Windows Server 2008

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

A Tour of System Center Configuration Manager Adam Duffy Edina Public Schools.

How To Keep Up With Security Patches Eric Schultze Security Strategies Microsoft.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Microsoft ® Application Virtualization 4.5 Infrastructure Planning and Design Series.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.

IT:Network:Microsoft Applications

SUS Services ECE Computer Facilities. SUS Services Software Update Services Microsoft Security And Critical Update Service Microsoft Security And Critical.

Module 16: Software Maintenance Using Windows Server Update Services.

16.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.

Active Directory: OU Administration December 17th, pm Daniels 407.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.

SOE and Application Delivery Gwenael Moreau, Abbotsleigh.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

Microsoft Installer Technologies and patch management approaches.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 12: Deploying and Managing Software with Group Policy.

Security Overview for Microsoft Infrastructures Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security.

Section 2: Using Group Policy Management Tools Local vs. Domain Policies Editing Local Policies Managing Domain Policies Understanding Group Policy Refresh.

The Microsoft Baseline Security Analyzer A practical look….

11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.

Windows OS and Application Management Chris Brew Rutherford Appleton Laboratory J-Lab, HEPiX/HEPNT 30/10/2000.

SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

Migration from Software Update Services to Windows Server Update Services Jeff Alexander IT Pro Evangelist Microsoft Australia Scott Korman WSUS MVP SEC316.

1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies.

Planning a Group Policy Management and Implementation Strategy Lesson 10.

Implementing Group Policy. Overview What is Group Policy Introduction to Group Policy Group Policy Structure How Group Policy Settings Are Applied in.

30/10/2000 Software Installation and Maintenance at LAL - JLab 2000 Software Installation and Maintenance at LAL Michel Jouvin LAL, Orsay

Raj Natarajan National Technology Specialist Microsoft Australia.

4. Managing the Desktop Thomas Lee Chief Technologist – QA plc.

NT4 SP4 Security Jack Schmidt - Fermilab

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.

Microsoft Management Seminar Series SMS 2003 Change Management.

1 Group Policies (Week 11, Monday 3/19/2007) © Abdou Illia, Spring 2007.

Company Confidential 1 A Course on Planning A Group Policy Management And Implementation Strategy Prepared for: *Stars* New Horizons Certified Professional.

11 PLANNING A GROUP POLICY MANAGEMENT AND IMPLEMENTATION STRATEGY Chapter 10.

11 IMPLEMENTING AND MANAGING SOFTWARE UPDATE SERVICES Chapter 7.

Operating System Hardening. Vulnerabilities Unique vulnerabilities for: – Different operating systems – Different vendors – Client and server systems.

Unit 9 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/17/2016 Instructor: Williams Obinkyereh.

Maintaining and Updating Windows Server 2008 Lesson 8.

Introduction to Group Policy Lesson 7. Group Policy Group Policy is a method of controlling settings across your network. – Group Policy consists of user.

11 DEPLOYING AN UPDATE MANAGEMENT INFRASTRUCTURE Chapter 6.

Lesson 19: Configuring and Managing Updates

Chapter 9 MANAGING SOFTWARE.

Unit 9 NT1330 Client-Server Networking II Date: 8/9/2016

Presentation transcript:

Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota

Microsoft SUS Server Hotfix and Service Pack Management

Why SUS Server Allows us to control which updates are applied and when Ease of management through group policy Other options SMS and MbsaFU

The BAD news Clients stop looking for updates pending reboot SUS Server requires IIS Little control over what is downloaded Not supported by NT4, 9x clients Requires SP3 on 2k clients

Our Experience Reliable and easy to manage Transparent to end users (fairly) Doesn’t install non-critical updates, office updates or service packs (until recently) Client logging only in IIS logs Dedicated server recommended

MS Baseline Security Analyzer MS security reporting

Why Microsoft Baseline Security Analyzer Freely available Microsoft Baseline Security Analyzer v1.1.1 Full “featured” but easy to use Command line interface scriptable Verifies patches and configuration

The Bad News Reports are “noisy” False positives (or are they…)

Our Experience Easy to use Detailed reports Third party follow up tool available

Group Policy

Why Group Policy Policies easy to apply, enforce, and change Leverages AD layout and all the thought and planning that went into your domain Unavoidable

The Bad News (in general) Can be very confusing (nearly limitless options) Reporting tools are not good (2003 tools improved and available) Not well documented

More Bad News (software) Requires msi packages (some software is reluctant to be packaged) Non intuitive AND badly documented Software policy ONLY updated on reboot RELENTLESS

Our Experience Steep learning curve Easy to use once configured Greatest thing since sliced bread (for its intended purpose)

Group Policy for SUS Management Easy to use Prevents users from changing settings Full features require admin template from sp1 version of SUS

Learning from our mistakes Treat “production” GPO’s with care Document and test all policy changes Keep it as simple as possible It is easier to manage a lot of GPO’s than a lot of policy changes in a GPO Plan your OU structure carefully “Not Defined” is NOT default

The End susdeployment.asp grouppolwp.asp rbppaper.asp Microsoft Baseline Security Analyzer v1.1.1 Group Policy Management Console (2003 XP) Software Update Services Server 1.0 with Service Pack 1