• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Network Admins: Please give me a hand

J

justcrash

Member
Hello all, thank you for stopping by and taking the time to read this. My work is kind of forcing me into a network admin type position and though I LOVE to learn new things (and learn quickly) I also understand I am not really a network admin (at least compared to the guys I've worked with before... I am practically a n00b. I know enough to know I don't know a lot... lol). So if what I am about to ask is a stupid question, please forgive me.

I need to be able to force out windows updates, symantec updates and force clients to log off or reboot in the middle of the night. I have no idea where to start. We are using Active Directory on Windows Server 2003 and all of our clients have XP Pro SP 3 on them. How do I do this?

Any help you guys can offer would be greatly appreciated. 🙁
 
You're looking at 2 group policy settings and learning to use the Symantec console. That's about all I can give you.
 
Originally posted by: justcrash
I have no idea where to start.
Click to expand...
we have people who's full time positions are WSUS and Symantec. sorry to be blunt, but the best advice i can give is to tell your employer you're not qualified for the position before things break even more. learning on production systems is a no no.

sounds like you need to approach them and request training. its hard to fathom that a company would even ask an unqualified individual to manage the security posture of end-workstations.
 
Is there nobody at your company that you can work with for while? As others have noted, if you have the sole responsibility for this stuff, then you urgently need to get some formal training. I see Servers all the time that are managed by folks who don't know/care about them and the result is dangerous for security and data health.

I just visited a new client where it became obvious that their Windows SBS 2003 Server hadn't been successfully backed up since it was installed in 2006. The "SuperAntiSpyware" software they'd installed on it indicated that both a Root Kit and a Trojan had been installed on the Server at one point.

One hint when you create Group Policies:
DO NOT modify a Windows Default Group Policy.
Create a NEW Group Policy and name it so you know it's one that you created. That way, if something goes awry, you can simply disable your little creation to get back to where you started, rather than trying to remember all the changes you made to one of the existing Group Policies.
 
I agree with the other guys here. Dude, if you get in over your head and make a mistake they are still likely to blame you even though you told them you weren't comfortable. The stuff they are asking you to do is pretty important. Without training or experience, I wouldn't want to be put in the position of your companies computer security. This stuff isn't really even net admin type stuff its systems stuff with a big hunk of security slapped on top. You haven't given us a whole lot of background on your job/company, so maybe I am being overly cautious.

Originally posted by: justcrash
I know enough to know I don't know a lot... lol). So if what I am about to ask is a stupid question, please forgive me.
Click to expand...
I think it is good you have that attitude. I would request formal training like RebateMonger suggested.
 
Originally posted by: Boobs McGee
I agree with the other guys here. Dude, if you get in over your head and make a mistake they are still likely to blame you even though you told them you weren't comfortable. The stuff they are asking you to do is pretty important. Without training or experience, I wouldn't want to be put in the position of your companies computer security. This stuff isn't really even net admin type stuff its systems stuff with a big hunk of security slapped on top. You haven't given us a whole lot of background on your job/company, so maybe I am being overly cautious.

Originally posted by: justcrash
I know enough to know I don't know a lot... lol). So if what I am about to ask is a stupid question, please forgive me.
Click to expand...
I think it is good you have that attitude. I would request formal training like RebateMonger suggested.
Click to expand...

You guys are all absolutely right, of course. I work for a small school district (I just started this month) and there are three of us, two with any real experience (myself and my boss) in IT. So we are kind of "Jacks of all trades" so to speak. I just see that we are having to manually update every machine in the district (which is quite a bit) and I was just looking at possible solutions. I am in the process of buying and reading some books to educate myself, as we have no "education budget" (ironic, no? 😉 ), but I thought I would check with the experts here. I appreciate everyone's response. 🙂
 
Get the training, at the very least learn Active Directory since its been implemented already and a lot of what you want/need to do will be done in AD. Here at work we use Patchlink to push out some Microsoft updates and patches, and patches for our proprietary apps.
 
WSUS is really quite easy to implement.

A very gross overview is:

1. Pick a server you want to host WSUS. Its not horribly demanding so it can easily be added to just about any server, just make sure you can give it 20-30+ Gb of space to store updates.

2. Download, install, and configure WSUS. Again really simple the install may request that you install additional components like IIS, but it lays it all out for you. The configuration is really easy to. You just select the products that you want WSUS to update as well as other categories like office or driver updates. It will download a catalog of all the updates that are available and then you go though them and approve them for install or decline them. (for instance we declined the setup for IE7).

3. Configure the PCs. All done thorough GP and not too difficult. Pretty much all the related settings are in Comp Config-> Admin Templates -> Windows Components -> Windows Update. There you configure things like how often do the PC look for new updates, what time do they apply the updates, can users reschedule the updates, can they abort a shutdown. This is also where you tell it to point your server (Specify intranet MS update service location). You can make it a bit more complected by enabling client based targeting but you would need to weigh the pros and cons to see if you would want to implement that.

4. Manage WSUS. Continue to review and approve new updates as they come out. Take some time to review the reports and see if there are any PCs that are having trouble installing any updates.

Truely the hardest part is probably going to be the GP part if you or other coworkers are not terribly familiar with them. Each setting has a description just be sure to read them carefully and you should be good. Also, if you havnt already install the Group Policy Management Console on your 2003 boxes, it makes working with GPOs soooo much better. I have never had any dealing with WSUS (though I may have a bit more technical prowess) and I got it installed, setup and running in a day.

 
Originally posted by: TheKub
WSUS is really quite easy to implement.

A very gross overview is:

1. Pick a server you want to host WSUS. Its not horribly demanding so it can easily be added to just about any server, just make sure you can give it 20-30+ Gb of space to store updates.

2. Download, install, and configure WSUS. Again really simple the install may request that you install additional components like IIS, but it lays it all out for you. The configuration is really easy to. You just select the products that you want WSUS to update as well as other categories like office or driver updates. It will download a catalog of all the updates that are available and then you go though them and approve them for install or decline them. (for instance we declined the setup for IE7).

3. Configure the PCs. All done thorough GP and not too difficult. Pretty much all the related settings are in Comp Config-> Admin Templates -> Windows Components -> Windows Update. There you configure things like how often do the PC look for new updates, what time do they apply the updates, can users reschedule the updates, can they abort a shutdown. This is also where you tell it to point your server (Specify intranet MS update service location). You can make it a bit more complected by enabling client based targeting but you would need to weigh the pros and cons to see if you would want to implement that.

4. Manage WSUS. Continue to review and approve new updates as they come out. Take some time to review the reports and see if there are any PCs that are having trouble installing any updates.

Truely the hardest part is probably going to be the GP part if you or other coworkers are not terribly familiar with them. Each setting has a description just be sure to read them carefully and you should be good. Also, if you havnt already install the Group Policy Management Console on your 2003 boxes, it makes working with GPOs soooo much better. I have never had any dealing with WSUS (though I may have a bit more technical prowess) and I got it installed, setup and running in a day.
Click to expand...


Wow, thank you!!! Is this the WSUS client you were talking about?

http://technet.microsoft.com/en-us/wsus/default.aspx ?
 
Originally posted by: justcrash
Around 500. Is that an issue? I will enable them now. 🙂
Click to expand...

Nope, our WSUS is on a secondary DC and supports ~600 no sweat. You just mentioned a school district and I know school districts with 25,000 PCs. If it were that case (you would have more than 3 people) you would need multiple servers to push them out or a more complex staged roll out procedure.
 
Another thing to find out is whether the stations you are needing to push updates out to will be on or not when you want to do said updates; if not, I suggest you find whether they support Wake On Lan (WOL) and if so, make sure that it is enabled, as well as enabling it on your switch/router equipment.

As 1 of of 5 in my department(library) we leverage WSUS to keep up to date 300+ workstations across 1 main service center and 18 branch locations. WSUS is an excellent product for what it does. 🙂
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top