Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pushing Patches Across a Wide Area Windows Network?

Posted by Cliff on from the dealing-with-the-vendor-imposed-patching-cycle dept.

meridian-gh asks: "Microsoft is releasing new patches and updates for their products continually. For those of us who have to deal with large, geographically diverse windows-based networks, managing patches can be a nightmare. You cannot trust the users to do it. Tools such as SMS and HFNetCHK Pro are neat, but incredibly expensive. Most free programs I have seen don't support Windows 98, which many of us are forced to deal with. My question is, how do you deal with the remote deployment of patches in a efficient (and cheap) manner?"

7 of 70 comments (clear)

  1. Sorry, but Windows is an expensive investment by bmetzler · · Score: 4, Insightful

    If you are going to pop the money for all those Windows licenses, licenses for SMS, or Zenworks or something isn't going to kill you. Or shouldn't if you budget properly. It's all part of the TCO. If the TCO of Windows is too high, perhaps it's time to look at something with a lower TCO.

    -Brent

    1. Re:Sorry, but Windows is an expensive investment by ConceptJunkie · · Score: 4, Insightful

      I have a hard time sympathizing with management who would willingly use Windows 98, especially in the year 2003. Windows 98 was nothing but pain for me (I ran it on the kids' computer for a couple years). I switched it to XP Home and all my problems went away.

      Expense notwithstanding, the first thing I would do is upgrade to a _business_ operating system, i.e., Windows 2000. Windows 98 is oging to be dead soon anyway from what I understand. Microsoft is dead-ending their old software really agressively these days (of course, the same will be true for Windows 2000, which is a shame).

      After that, there are tons of solutions available.

      I know it's not realistic to expect PHB's to upgrade the OS, but in the next year or two it's going to be mandatory if you want continued support.

      --
      You are in a maze of twisty little passages, all alike.
  2. Re:apt-get update virus for Windows 98 by adamy · · Score: 2, Insightful

    Can't you do something in autoexec.bat for just the win98 boxes. Last I checked, it still gets executed at startup, and most people reboot fairly frequently.

    --
    Open Source Identity Management: FreeIPA.org
  3. Can't help much but by jsse · · Score: 2, Insightful

    I can tell you my experience.

    1) Seeing that applying patches is inevitable when security vulnerablities surface a couple of time every couple of days, management finally accepted to evaluate the necessity of a security assessment for their vast network of Windows boxens.
    2) The report revealed that enomous amount of money has to be spent for software distribution system(aka SAM, software Assessment Management), management resorted to rely on human intervention - have a very handful of us to go around the organization to apply patches
    3) The problem is, by the time we finished patching less than one-half of the boxens, new patches/vulnerabilities fixes released. There is 1000+ users we are talking about...
    4) Having seen too much human resources has to be spent on apply patches, they get down to the basic and distribute patches files by email and CD and requires individual user to apply the patches.
    5) as normal users do not understand the need of apply patches, or do not understand the whole thing about the patching things, end up only less than 20% of the boxens have applied the patches in time and new system vulnerabilities break-out every two week
    6) Management sees the necessity to perform a new security assessment
    7) Goto step 2)

    Now management blames us for spending too much money to maintain organization network. They don't seem to remember it was them who believe Windows has low maintenance cost.

  4. Support by gnixdep · · Score: 2, Insightful

    Before you invest too much time and money into a solution, I'd check to see if Microsoft is going to continue providing patches for you to apply. Last I heard, Win95, Win98, and NT4 were all on the chopping block for continued support. Another solution you could examine is Terminal Services. If you only have one system, keeping it patched is pretty straightforward. Or Citrix, if you need things like local disk access and printing. Using NT Workstation, or Windows 2000 Workstation, you can do that sort of thing with Group Policies, or Novell ZENWorks, which will do that and much more. Home-user OS's don't have support for this sort of thing natively, because they're not designed for this sort of application.

  5. Re:Wrong problem... by styrotech · · Score: 3, Insightful

    It's kind of like asking: My Hyundai Excell keeps breaking down and it won't haul 6 tons of gravel - what can I do to make it work?

    The real sloution, ditch the Hyundai and get a Terex

    That truck looks waaay overkill for 6 tons of gravel - and it wouldn't help at all if you needed to haul it on a public road.

    Seems a bit like recommending Solaris, Irix or AIX as a general purpose desktop OS.

  6. CD image by TheSHAD0W · · Score: 3, Insightful

    First off -- you should be running two tiers of systems; one where a default set of applications are installed, and users' installs aren't guaranteed to stick; and one where a user assumes responsibility of his own machine and has to figure out his own problems.

    Now your job is greatly simplified. Use a utility that overwrites the boot partition on a machine with the image stored on a CD. (Let users store their data files in a second partition.) Update the OS to the current level, and make an image CD using it. Then get a flunky to go to each machine and re-image it. (Do this after hours when the place is empty.)

    Presto. You're updated.