Question About Patches

[NetworkAdmin123]

Hi,
I use SUS to administer critical updates to all my windows machines.
I'm wondering how they work it at MS. If a patch or hotfix is available on there site is it safe to say that my sus is also picking this up.

We are a small business but it's still time consuming to go around to 30 machines at different locations.

SUS is doing wonders but I wonder how you guys handle your patch management. I'm new the this and would like to hear your strategies to make sure the network is secure.

 

[aznluvsmc]

How did you get SUS to work? I've tested it in 2 different networks and haven't gotten it to work. I've heard stories of other people not being able to get it up an running. Mind you, both times, the network was not an AD network but from what I read it shouldn't matter.

_______________
Doing IT Right!

 

[NetworkAdmin123]

Mine is an AD network. I have 2 server and about 30 workstations. I installed it without any problems. My workstations are Win 2000 and XP Pro and my Servers are Win 2000 server. I followed the guide and never had any issues. My servers are domain controllers.

 

[FaiTHLeSS]

You need to run SUS in an AD enviroment really, you have to push a policy out from the server to change the windows automatic update settings. I think its possible to download the adm file from somewhere to get it to work in a non AD setup.

Another way to do updates is to use logon scripts or to get SMS from MS but that costs money unlike SUS or logon scripts. But you can do alot more with SMS, like push software and other data out to clients on your network. MS recommend SMS for large networks for patching and SUS for smaller networks.

 

[aznluvsmc]

With SUS, do the clients have to automatically query the server for updates at a specified time or can you run the Windows update manually whenever you want?



_______________
Doing IT Right!

 

[NetworkAdmin123]

You can run it manually. Without A GPO you'll have to configure each computer's registry to point to your server instead of MS's. You can do both though. Keep in mind though if you use windowsupdates.com you not using SUS.

BTW the new version of SUS called WUS will feature the ability to do all updates and office patches. Possible 3rd party software as well. Looking forward to that!

Anyone thoughts on my first post?

 

[yukon10]

Does SUS need to be installed on Server to make it work correctly?

 

[NetworkAdmin123]

yeah it really does.

 

[buddafish]

networkadmin123,

although it sounds like you know how sus works, per your first question: if you have set the syncronization schedule from the susadmin page, then your sus will fetch updates per that schedule. then you can review what sus downloaded from microsoft from the syncronization log... we have been enjoying sus for some time now. i love not going station to station or scripting chained hotfixes, ect. we have had a few instances where BITS was disabled and the client not contacting our sus.

scottie

 

[NetworkAdmin123]

scottie,
I am familiar with it but one begins to wonder if something might be to good to be true. But what you say helps

I get emails all the time making sure I have that hotfix for this latest virus or worm etc.

Just wanted to make sure I was receiving them as fast via SUS.

 

[buddafish]

networkadmin123,

did you set the sus to automatically push out any new fixes?
or review and manually mark for distribution...

i agree, it is almost too good to be true

scottie

 

[NetworkAdmin123]

I review and manually do it. I find sometimes MS likes to put patches out that do more harm than good