Avoiding re-boots with Microsoft updates

[tonykblen]

Hi,

I am sure this is a burning issue with many admins. Is there a way of applying patches without having to re-boot the servers. With all the recent viruses and holes beinf found in Windows, it is really difficult to squezze in the almost daily updates from MS.

Cheers and thanks,
Tony.

Tony Kennedy BSc. B.I.S.,
MCSA Cand.

A good start is half the work.
Every start is difficult .
-Two Gaelic proverbs

 

[Claudek]

You need the reboots to update system files (if required). You can cut down the number of reboots by using Qchain and applying all the hotfixes in one hit and then rebooting rather then reboots after each applied patch(where neccessary).


Claudius (What certifications??)

http://www.iteq.com.au

 

[tonykblen]

Hi Claudek,

I don't have a problem with using the QChain. With the proliferation of viruses though, sometimes it is necessary to apply some patches immediately. Also on QChain, does it allow deployment of fixes in a multi-OS environment. The network I part-time administer is running Win 98 and 2000.

Thanks for your reply,

Tony.


Tony Kennedy BSc. B.I.S.,
MCSA Cand.

A good start is half the work.
Every start is difficult .
-Two Gaelic proverbs

 

[Jontmke]

Yes qchain can run for either 98 or 2000 but you would have to run two different ones (usually). Many times the patches are OS specific.
As for having to reboot, the way to do it is to be proactive. Apply the patches when they come out, don't wait until someone writes a virus to exploit it. I'm not criticizing, just preaching. For example the blast virus fix was out for over a month before it came out.
Also, if you have a good firewall and antivirus package most of these attacks would not get to your server even if was not patched. Our system was only hit a little and that was because someone brought it in with a laptop. Using the blast virus again as an example, if your firewall was blocking port 135 then it could not get in that way.

On another note: I have not done it but isn't SMS used to deploy patches on a network? I understand a client runs upon login and queries the server for new deployments.

Jon

There is much pleasure to be gained from useless knowledge. (Bertrand Russell)

 

[tonykblen]

Hi Jon,

I agree about being pro-active. What I found happened with Blaster was that some of the PC's did not download the patch for blaster e.g. some had not been turned on for a while with people being away, people constantly ignoring downloads and like you external PC's being connected. etc. Our firewall is allowing extremely limited access as we don't run a website etc here.

I would like to know about SMS as running two different Qchain.exe sounds just ridiculous. Microsoft should at least develop the capability to deploy service packs and patches from one location.

Thanks for your reply Jon,

Tony.

Tony Kennedy BSc. B.I.S.,
MCSA Cand.

A good start is half the work.
Every start is difficult .
-Two Gaelic proverbs

 

[Jontmke]

Actually I mispoke, it is SUS or Software Update Services. In my next place I will have this running, just to save the time and energy.

Jon

There is much pleasure to be gained from useless knowledge. (Bertrand Russell)