I was wondering how other people go about doing this. We have around 500+ workstations that need security patches/updates etc for win2k professional/xp pro pushed to them automatically. We do not want to use msft's automatic updates because some of the patches msft releases tend to be buggy/incompatible with things and cause problems so they need to be tested first. What is the easiest/best way to go about doing this?? Thanks.
-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
Pushing windows2k/xp updates to clients in large network environment...
- Thread starter mobogasm
- Start date
LiLithTecH
Diamond Member
Depends on the particular network setup.
If it is configure with AD, then a RIS Server is the way to go
(though it is not easy to configure as a rule).
If the update or patch is an .msi file then you can apply a
software installation policy for that file in the group policy for
your organisational unit defined in AD.
Or a nice Third Party alternative.
HFNetChk Pro 4.0
Remember, build that LAB and test, test, test.....
If it is configure with AD, then a RIS Server is the way to go
(though it is not easy to configure as a rule).
If the update or patch is an .msi file then you can apply a
software installation policy for that file in the group policy for
your organisational unit defined in AD.
Or a nice Third Party alternative.
HFNetChk Pro 4.0
Remember, build that LAB and test, test, test.....
it is a mixed Novell/AD environment right now. WIll be pure AD in about 3 months. MSI's are not an option for the most part. I'm looking at Microsoft's SUS and Microsoft's SMS server right now. Any other suggestions. I'll take a look at that link you posted. Thanks for the suggestion.
MedicBob
Diamond Member
I second SUS... Software Update Services from MS. It is free, but still in beta. I use it at home for 6 computers and it is very simple to use/set-up.
It only works with 2000/XP though. I use Domain group policy to automatically update any 2000/XP box joining my domain(internal), but you can configure local group policy to point at a SUS server also.
It only works with 2000/XP though. I use Domain group policy to automatically update any 2000/XP box joining my domain(internal), but you can configure local group policy to point at a SUS server also.
SaigonK
Diamond Member
SUS sucks for me.
I am Novell AD and I dont push policies to the desktops via AD, so I cant use it.
I was hoping they would set it up so that you could point your clients to an internal website and run the updates like you would at windowsupdate.com but no go.
I am just going to use ZenWorks4, much better product anyway.
I am Novell AD and I dont push policies to the desktops via AD, so I cant use it.
I was hoping they would set it up so that you could point your clients to an internal website and run the updates like you would at windowsupdate.com but no go.
I am just going to use ZenWorks4, much better product anyway.
MetroRider
Senior member
have you thought about using a program called LanGUARD made by gfi?
this program gives some pretty good detail about your network and the services, ports, and other useful info. one key feature to it is that it can detect what patches are installed on computers in your network, and will also let you deploy and install service/security patches as you see fit. Go to their website for more info, and download the trial and give it a shot.
GFI LANguard Network Security Scanner (N.S.S.)
good luck! 🙂
this program gives some pretty good detail about your network and the services, ports, and other useful info. one key feature to it is that it can detect what patches are installed on computers in your network, and will also let you deploy and install service/security patches as you see fit. Go to their website for more info, and download the trial and give it a shot.
GFI LANguard Network Security Scanner (N.S.S.)
good luck! 🙂
SUS does not require Group Policy. You only have to add some keys and values to registry on the machines you want to update. We don't have AD yet at work so I simply wrote a script that made the change to all the machines remotely. All the registry changes are in the deployment paper.
There's talk about this in v2 of it. I don't forsee it happening since it's not really a requested feature though. Most administrators like to push the updates out automatically rather than have the clients update their machines manually.
This is in a total different class than SUS. To compare the 2 of them is unfair. Compare Zenworks 4 to SMS 2.0 or SMS 2003 instead.
Thanks for all the info guys. Keep the comments coming.
Doesn't SMS server allow you to do the "local windows update site" thing. From what I have read about it, it does, but that is not what we're looking for. Looks like SUS is for us but we need to push service packs and office updates. Hopefully they'll get v2 out with those features ASAP, but considering it's a free product I doubt that. I'm actually suprised they have SUS for free and don't make people buy SMS server.
Doesn't SMS server allow you to do the "local windows update site" thing. From what I have read about it, it does, but that is not what we're looking for. Looks like SUS is for us but we need to push service packs and office updates. Hopefully they'll get v2 out with those features ASAP, but considering it's a free product I doubt that. I'm actually suprised they have SUS for free and don't make people buy SMS server.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
-
-