Download
patch management using microsoft software update service 1 0 sp1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Patch management using Microsoft Software Update Service 1.0 SP1 PowerPoint Presentation
Download Presentation
Patch management using Microsoft Software Update Service 1.0 SP1

Patch management using Microsoft Software Update Service 1.0 SP1

190 Views Download Presentation
Download Presentation

Patch management using Microsoft Software Update Service 1.0 SP1

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Patch management using Microsoft Software Update Service 1.0 SP1 Chris Hughes, Systems Architect Warrington College of Business Hughescj@ufl.edu

  2. Overview • What is Software Update Services • Local copy of Windows Update • Allows testing of patches prior to deployment • Integrated with Automatic Updates feature of Windows 2000/XP

  3. Server Requirements • Windows Server 2000 Server SP2 or Greater • Windows Server 2003 • Pentium III 733Mhz • 512MB RAM • 10GB+ HDD

  4. Client Requirements • Windows 2000 SP2 with Automatic Updates Patch Installed • Windows 2000 SP3 or Greater • Windows XP with Automatic Updates Patch Installed • Windows XP SP1 • Windows Server 2003

  5. Server Operations

  6. Server Operations • Synchronization with Windows Update • Scheduled Synchronization

  7. Server Operations

  8. Client Options • NoAutoRebootWithLoggedOnUsers • Give option to reboot if a user is logged in. • NoAutoUpdate • Enable or Disable Auto-Update Installation • AUOptions • Notify User of patches available for download • Notify User of patches available for install • Automatic download and installation

  9. Client Options • ScheduledInstallDay • The days which the installation should occur • ScheduledInstallTime • The hour which the scheduled installs should launch • RescheduleWaitTime • Time delay after reboot when machine is off during scheduled install time

  10. Client Options • UseWUServer • Sets the machine to user Windows Update or a Local Software Update Server • WUServer • Software Update Server URL • WUStatusServer • Statistic Server for Software Update Services

  11. Settings via the registry HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU • NoAutoRebootWithLoggedOnUsers • Set this to 1 if you want the logged on users to choose whether or not to reboot their system • Registry value type: REG_DWORD • NoAutoUpdate • 0 = Automatic Updates is enabled (default) • 1 = Automatic Updates is disabled. • Registry Value Type: REG_DWORD • AUOptions • 2 = notify of download and installation • 3 = automatically download and notify of installation • 4 = automatic download and scheduled installation. • All options notify the local administrator. • Registry Value Type: REG_DWORD

  12. Settings via the registry HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU • ScheduledInstallDay • 0 = Every day • 1 through 7 = the days of the week from Sunday (1) to Saturday (7). • Registry Value Type: REG_DWORD • ScheduledInstallTime • The time of day in 24-hour format (0-23). • Registry value type: REG_DWORD • RescheduleWaitTime • Time in minutes (1-60) • Registry value type: REG_DWORD

  13. Settings via the registry HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU • UseWUServer • Set this to 1 to enable Automatic Updates to use the server running Software Update Services as specified in WUServer below. • Registry Value Type: Reg_DWORD HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate • WUServer • Sets the SUS server by HTTP name (for example, http://IntranetSUS). • Registry Value Type: Reg_SZ • WUStatusServer • Sets the SUS statistics server by HTTP name (for example, http://IntranetSUS). • Registry Value Type: Reg_SZ

  14. Settings via Group Policy

  15. Limitations • Problems with administrators being able to cancel installations and reboots • Unable to push a patch out NOW! Patching are pulled from the server by the client every 17-22 hours. • Machines with problems installing patches • Windows Service Packs and Critical Patches only • Limited reporting

  16. SUS-Install.VBS • This is a script written by the SUS product team at Microsoft. • Resets a client’s settings and schedules an install time • Verifies that the Automatic Update Client download patched and scheduled the install

  17. Client Side Troubleshooting • Not enough disk space • Patches fail to download and do not install • Machine has been rebooted previously during Windows Update • Registry settings may be messed up • Administrators cancel installations • Disable access to Windows update via GPO or Registry. This forces the patch installaton.

  18. Server Side Reporting • Limited reporting is available in the product. • Logs are in the IIS log files for the SUS Server machine • http://www.susserver.com has some scripts to improved reporting

  19. New Features for SUS 2.0 • ETA 1H 2004 – Public Beta “soon” • Support for all Microsoft Products including Office, Exchange, and SQL. • Better reporting of patch status (Success, Failure with reason codes, Integration with Active Directory) • More options for dealing with patch installation with administrators logged in

  20. New Features for SUS 2.0 • Deployment of different patches to specific target machines. • Filtering using WMI • Managed machine database • SUS-Install.VBS built into server product

  21. More Information • Websites • Software Update Services Home Page http://go.microsoft.com/fwlink/?LinkId=6930 • http://www.SUSServer.Com • http://bear.cba.ufl.edu/SUS • Newsgroups • microsoft.public.softwareupdatesvcs • Email Addresses • Feedback - cwufdbk@microsoft.com • Product Manager - Jose Morris - a-jomorr@microsoft.com

  22. Any Questions?