Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.

Published byClifton Perkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota."— Presentation transcript:

1 Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota

2 Microsoft SUS Server Hotfix and Service Pack Management

3 Why SUS Server Allows us to control which updates are applied and when Ease of management through group policy Other options SMS and MbsaFU

4

5

6 The BAD news Clients stop looking for updates pending reboot SUS Server requires IIS Little control over what is downloaded Not supported by NT4, 9x clients Requires SP3 on 2k clients

7 Our Experience Reliable and easy to manage Transparent to end users (fairly) Doesn’t install non-critical updates, office updates or service packs (until recently) Client logging only in IIS logs Dedicated server recommended

8 MS Baseline Security Analyzer MS security reporting

9 Why Microsoft Baseline Security Analyzer Freely available http://www.microsoft.com/downloads Microsoft Baseline Security Analyzer v1.1.1 Full “featured” but easy to use Command line interface scriptable Verifies patches and configuration

10

11

12

13

14

15 The Bad News Reports are “noisy” False positives (or are they…)

16 Our Experience Easy to use Detailed reports Third party follow up tool available

17 Group Policy

18 Why Group Policy Policies easy to apply, enforce, and change Leverages AD layout and all the thought and planning that went into your domain Unavoidable

19

20

21

22

23 The Bad News (in general) Can be very confusing (nearly limitless options) Reporting tools are not good (2003 tools improved and available) Not well documented

24 More Bad News (software) Requires msi packages (some software is reluctant to be packaged) Non intuitive AND badly documented Software policy ONLY updated on reboot RELENTLESS

25 Our Experience Steep learning curve Easy to use once configured Greatest thing since sliced bread (for its intended purpose)

26 Group Policy for SUS Management Easy to use Prevents users from changing settings Full features require admin template from sp1 version of SUS

27

28

29

30

31 Learning from our mistakes Treat “production” GPO’s with care Document and test all policy changes Keep it as simple as possible It is easier to manage a lot of GPO’s than a lot of policy changes in a GPO Plan your OU structure carefully “Not Defined” is NOT default

32 The End http://www.microsoft.com/windows2000/windowsupdate/sus/ susdeployment.asp http://www.microsoft.com/windows2000/techinfo/howitworks/management/ grouppolwp.asp http://www.microsoft.com/windows2000/techinfo/howitworks/management/ rbppaper.asp http://www.microsoft.com/downloads Microsoft Baseline Security Analyzer v1.1.1 Group Policy Management Console (2003 XP) Software Update Services Server 1.0 with Service Pack 1

Download ppt "Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota."

Similar presentations

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
SUS Feature Pack for SMS Michel Jouvin LAL / IN2P3

SUS Feature Pack for SMS Michel Jouvin LAL / IN2P3
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.

Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
NREL is a national laboratory of the U.S. Department of Energy Office of Energy Efficiency and Renewable Energy operated by the Alliance for Sustainable.

NREL is a national laboratory of the U.S. Department of Energy Office of Energy Efficiency and Renewable Energy operated by the Alliance for Sustainable.
Patch Management –Pedro Carrasquilla –Sean Garrett –Jeni Li Arizona State University East Information Technology October 2, 2003 By Presented to WNUG/CCC.

Patch Management –Pedro Carrasquilla –Sean Garrett –Jeni Li Arizona State University East Information Technology October 2, 2003 By Presented to WNUG/CCC.
WSUS Windows Update Services

WSUS Windows Update Services
Microsoft Windows Server 2008 Software Deployment Chris Rutherford EKU Technology: CEN/CET.

Microsoft Windows Server 2008 Software Deployment Chris Rutherford EKU Technology: CEN/CET.
Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter

Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Microsoft Security Resources. URL’s for this talk All URL’s mentioned in this talk can be found here: All URL’s mentioned in this talk can be found here:

Microsoft Security Resources. URL’s for this talk All URL’s mentioned in this talk can be found here: All URL’s mentioned in this talk can be found here:
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Week 12 - Lesson 19: Configuring and Managing Updates

Week 12 - Lesson 19: Configuring and Managing Updates
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008

Similar presentations

Ads by Google