Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 DEPLOYING AN UPDATE MANAGEMENT INFRASTRUCTURE Chapter 6.

Published byScott Stanley Modified over 8 years ago

Similar presentations

Presentation on theme: "11 DEPLOYING AN UPDATE MANAGEMENT INFRASTRUCTURE Chapter 6."— Presentation transcript:

1 11 DEPLOYING AN UPDATE MANAGEMENT INFRASTRUCTURE Chapter 6

2 Chapter 6: Deploying an Update Management Infrastructure2 SECURITY CONFIGURATION AND ANALYSIS  Applies security templates to the local computer  Compares the computer’s current security configuration to a baseline stored as a security template  Applies security templates to the local computer  Compares the computer’s current security configuration to a baseline stored as a security template

3 Chapter 6: Deploying an Update Management Infrastructure3 ANALYZING A COMPUTER  Create (or open) a database  Import a security template  Perform the analysis  Create (or open) a database  Import a security template  Perform the analysis

4 Chapter 6: Deploying an Update Management Infrastructure4 VIEWING THE ANALYSIS

5 Chapter 6: Deploying an Update Management Infrastructure5 CHANGING SECURITY SETTINGS  Apply the database settings to the computer  Modify the database settings  Create a new template  Modify the computer’s settings manually  Apply the database settings to the computer  Modify the database settings  Create a new template  Modify the computer’s settings manually

6 Chapter 6: Deploying an Update Management Infrastructure6 USING MICROSOFT BASELINE SECURITY ANALYZER  Scans one or multiple computers  Detects missing updates  Scans one or multiple computers  Detects missing updates

7 Chapter 6: Deploying an Update Management Infrastructure7 USING MICROSOFT BASELINE SECURITY ANALYZER (CONTINUED)  Detects security vulnerabilities  Includes graphical and command-line interfaces  Detects security vulnerabilities  Includes graphical and command-line interfaces

8 Chapter 6: Deploying an Update Management Infrastructure8 MBSA SCANNING CRITERIA  The registry key installed by the update  The version numbers of the files installed by the update  The checksum of the update (only if MBSA is running from the command line)  The registry key installed by the update  The version numbers of the files installed by the update  The checksum of the update (only if MBSA is running from the command line)

9 Chapter 6: Deploying an Update Management Infrastructure9 MBSA RESULTS

10 Chapter 6: Deploying an Update Management Infrastructure10 MBSA RESULTS (CONTINUED)  Green check mark  Check passed. All required updates have been installed or no issue was found in this particular feature.  Red X  Critical check failed. Typically indicates that an important update is missing or that configuration of a feature is required.  Green check mark  Check passed. All required updates have been installed or no issue was found in this particular feature.  Red X  Critical check failed. Typically indicates that an important update is missing or that configuration of a feature is required.

11 Chapter 6: Deploying an Update Management Infrastructure11 MBSA RESULTS (CONTINUED)  Yellow X  Noncritical check failed/warning message. In most cases, means that reconfiguration of a specific feature is recommended, but not imperative.  Blue asterisk  Best practice check. Indicates that the current configuration does not conform to the recommended best practice.  Yellow X  Noncritical check failed/warning message. In most cases, means that reconfiguration of a specific feature is recommended, but not imperative.  Blue asterisk  Best practice check. Indicates that the current configuration does not conform to the recommended best practice.

12 Chapter 6: Deploying an Update Management Infrastructure12 MBSA RESULTS (CONTINUED)  Blue i in a white circle  Provides information about the computer being scanned.  Blue i in a white circle  Provides information about the computer being scanned.

13 Chapter 6: Deploying an Update Management Infrastructure13 USING MBSACLI.EXE  Operates in two modes:  MBSA mode  Provides similar functionality to that of the graphical MBSA console.  HFNetChk mode  Provides backward compatibility with earlier versions of the tool.  Operates in two modes:  MBSA mode  Provides similar functionality to that of the graphical MBSA console.  HFNetChk mode  Provides backward compatibility with earlier versions of the tool.

14 Chapter 6: Deploying an Update Management Infrastructure14 SECURING THE OPERATING SYSTEM INSTALLATION PROCESS  Disconnect the computer from the network  Build a separate installation network  Integrate updates into the installation  Disconnect the computer from the network  Build a separate installation network  Integrate updates into the installation

15 Chapter 6: Deploying an Update Management Infrastructure15 BUILDING AN INSTALLATION NETWORK FOR MULTIPLE COMPUTERS

16 Chapter 6: Deploying an Update Management Infrastructure16 BUILDING AN INSTALLATION NETWORK FOR ONE COMPUTER

17 Chapter 6: Deploying an Update Management Infrastructure17 SLIPSTREAMING A SERVICE PACK  Copy the entire Microsoft Windows installation CD to a distribution folder  Run the service pack’s network installation executable file, using the following syntax: servicepackname.exe –s:pathname  Copy the entire Microsoft Windows installation CD to a distribution folder  Run the service pack’s network installation executable file, using the following syntax: servicepackname.exe –s:pathname

18 Chapter 6: Deploying an Update Management Infrastructure18 INTEGRATING UPDATES  Copy the Windows installation CD to a distribution folder  Open the Dosnet.inf file and add the [OptionalSrcDirs] and svcpack lines  Create a folder called Svcpack under \I386, and copy into it those update packages that you want to integrate  Rename each of the update packages with an 8.3 file name  Extract each of the update packages to a temporary folder  Copy the Windows installation CD to a distribution folder  Open the Dosnet.inf file and add the [OptionalSrcDirs] and svcpack lines  Create a folder called Svcpack under \I386, and copy into it those update packages that you want to integrate  Rename each of the update packages with an 8.3 file name  Extract each of the update packages to a temporary folder

19 Chapter 6: Deploying an Update Management Infrastructure19 INTEGRATING UPDATES (CONTINUED)  For each update, copy the catalog file, KB######.cat, to the \I386\svcpack folder  Copy the binary files for each update to \I386  In Dosnet.inf, add each binary file to the [Files] section.  Create a new Svcpack.inf text file in the \I386 folder, listing the catalog and binary files for the updates  For each update, copy the catalog file, KB######.cat, to the \I386\svcpack folder  Copy the binary files for each update to \I386  In Dosnet.inf, add each binary file to the [Files] section.  Create a new Svcpack.inf text file in the \I386 folder, listing the catalog and binary files for the updates

20 Chapter 6: Deploying an Update Management Infrastructure20 APPLYING UPDATES WITH ANSWER FILES  [GuiRunOnce] "server\updates\update1.exe /Z /M" "server\updates\update2.exe /Z /M" "server\updates\update3.exe /Z /M"

21 Chapter 6: Deploying an Update Management Infrastructure21 MANUALLY APPLYING UPDATES /passive Performs unattended installation while displaying progress bar Performs unattended installation, but no progress bar displayed Prevents computer from automatically restarting Stores backed up files in specified folder New Parameter Description /norestart /n Saves disk space by not backing up files that are replaced /quiet /forcerestart Forces applications to close without saving files before restarting /D folder

22 Chapter 6: Deploying an Update Management Infrastructure22 MANUALLY APPLYING UPDATES (CONTINUED) /o Causes service pack to overwrite OEM-supplied files Lists installed updates in dialog box Uninstalls previously installed update Extracts installation files to specified folder New Parameter Description /uninstall /er Enables extended return codes /l /S folder Slipstreams the service pack into installation files located in specified folder /x [folder] Displays help information /help or /h

23 Chapter 6: Deploying an Update Management Infrastructure23 USING WINDOWS UPDATE

24 Chapter 6: Deploying an Update Management Infrastructure24 USING SUS  Install IIS  Install SUS  Configure SUS Server  Synchronize SUS Server  Approve Updates  Configure Automatic Updates clients  Install IIS  Install SUS  Configure SUS Server  Synchronize SUS Server  Approve Updates  Configure Automatic Updates clients

25 Chapter 6: Deploying an Update Management Infrastructure25 CONFIGURING SUS OPTIONS  Select a proxy server configuration  Specify the name your clients use to locate this update server  Select which server to synchronize content from  Select how you want to handle new versions of previously approved updates  Select where you want to store updates  Synchronize installation packages only for these locales  Select a proxy server configuration  Specify the name your clients use to locate this update server  Select which server to synchronize content from  Select how you want to handle new versions of previously approved updates  Select where you want to store updates  Synchronize installation packages only for these locales

26 Chapter 6: Deploying an Update Management Infrastructure26 SYNCHRONIZING SUS

27 Chapter 6: Deploying an Update Management Infrastructure27 APPROVING UPDATES

28 Chapter 6: Deploying an Update Management Infrastructure28 USING THE AUTOMATIC UPDATES CLIENT  Manually configure the client from the Control Panel  Use group policies to configure the client for a group of computers  Manually modify the registry settings associated with the client  Manually configure the client from the Control Panel  Use group policies to configure the client for a group of computers  Manually modify the registry settings associated with the client

29 Chapter 6: Deploying an Update Management Infrastructure29 MANUALLY CONFIGURING AUTOMATIC UPDATES

30 Chapter 6: Deploying an Update Management Infrastructure30 CONFIGURING AUTOMATIC UPDATES WITH GROUP POLICIES

31 Chapter 6: Deploying an Update Management Infrastructure31 SUMMARY  The graphical MBSA console is the most efficient way to scan computers for the presence of updates. You can configure MBSA to scan a single computer, a range of IP addresses, or all computers contained within a domain.  Mbsacli.exe provides a scriptable, schedulable, command-line interface to MBSA’s scanning functionality. Mbsacli.exe functions in two modes: standard MBSA mode and the backward-compatible HFNetChk mode.  The graphical MBSA console is the most efficient way to scan computers for the presence of updates. You can configure MBSA to scan a single computer, a range of IP addresses, or all computers contained within a domain.  Mbsacli.exe provides a scriptable, schedulable, command-line interface to MBSA’s scanning functionality. Mbsacli.exe functions in two modes: standard MBSA mode and the backward-compatible HFNetChk mode.

32 Chapter 6: Deploying an Update Management Infrastructure32 SUMMARY (CONTINUED)  Computers should not be connected to the Internet, or even to a private network with other hosts, until after the operating system and all updates have been installed.  Computers can be built while connected to the network if you create an isolated network segment with a minimal number of trusted computers that have been scanned for worms, viruses, and other malicious software.  Computers should not be connected to the Internet, or even to a private network with other hosts, until after the operating system and all updates have been installed.  Computers can be built while connected to the network if you create an isolated network segment with a minimal number of trusted computers that have been scanned for worms, viruses, and other malicious software.

33 Chapter 6: Deploying an Update Management Infrastructure33 SUMMARY (CONTINUED)  Microsoft updates support a standard set of command-line parameters to simplify the deployment of updates by using scripts.  SUS requires that IIS be installed on the local computer and that the Web site be configured to use the default port 80.  The Automatic Updates client can be configured in three ways:  Manually with the System Properties dialog box, automatically with group policies, or directly from the local system registry.  Microsoft updates support a standard set of command-line parameters to simplify the deployment of updates by using scripts.  SUS requires that IIS be installed on the local computer and that the Web site be configured to use the default port 80.  The Automatic Updates client can be configured in three ways:  Manually with the System Properties dialog box, automatically with group policies, or directly from the local system registry.

Download ppt "11 DEPLOYING AN UPDATE MANAGEMENT INFRASTRUCTURE Chapter 6."

Similar presentations

WSUS Windows Update Services

WSUS Windows Update Services
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.

1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.
1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.

1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
14.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.

11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.

1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.
1 Chapter Overview Installing New Hardware Installing Updates Managing Client Access Licenses Troubleshooting Boot Problems.

1 Chapter Overview Installing New Hardware Installing Updates Managing Client Access Licenses Troubleshooting Boot Problems.
Maintaining Windows Server 2008 File Services

Maintaining Windows Server 2008 File Services

Similar presentations

Ads by Google