Patch Management - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Lounge » Patch Management

Page 1 of 2

1

Topic Options

#114530 - 2004-02-21 09:09 PM Patch Management
Richie19Rich77 Richie19Rich77 Seasoned Scripter Registered: 2002-08-16 Posts: 624 Loc: London, England	Hi All This is a question to all KiXters, 1. How does your company deal with updating client and servers with the latest patches? 2. How do you roll these patches out ? 3. How do you know what client has the patch installed ? Thanks all Rich
Top

#114531 - 2004-02-21 09:11 PM Re: Patch Management
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11631 Loc: CA	SMS and AD GPO
Top

#114532 - 2004-02-21 09:18 PM Re: Patch Management
ShaneEP ShaneEP MM club member Registered: 2002-11-29 Posts: 2127 Loc: Tulsa, OK	Quote: 1. How does your company deal with updating client and servers with the latest patches? We currently roll out all critical patches using kix scripting (of course). The server are all done manualy. All the different depts in IS are responsible for their own servers (citrix,sql,web,etc...) and there is usually one person that keeps track of progress. Quote: 2. How do you roll these patches out ? Using kixtart scripts...Every location has their own login script so we can roll them out a few sites at a time. That way if there any unexpected problems we can still keep it under control rather tham pushing them out company wide all at once. All the patches are applied at login with a nice little splash screen telling the user a patch is being applied and that their computer will reboot once it finishes. Quote: 3. How do you know what client has the patch installed ? I always use the registry key to verify patch isntallation. The MS articles almost always give you a key to check for. If not you can always use getfileversion, as in the case of the MDAC update. Ive also written a kixforms app that allows you to scan an entire subnet (local or remote) and it will report all unpatched and patched systems.
Top

#114533 - 2004-02-21 09:19 PM Re: Patch Management
ShaneEP ShaneEP MM club member Registered: 2002-11-29 Posts: 2127 Loc: Tulsa, OK	We are also considering using SMS in the future. Just depends on if we can get the cost approved by upper mgmt or not.
Top

#114534 - 2004-02-21 09:35 PM Re: Patch Management
krabourn krabourn Hey THIS is FUN Registered: 2000-12-11 Posts: 244 Loc: San Antonio, Texas, USA	We use SMS to keep the clients(about 150,000) and SMS servers up to date. The servers are handled differently. They usually write batch files. They do not know much about scripting but think they do. I tried to help them once, but found out it wasn't worth the trouble. we have McAfee automatically updating itself. _________________________ Kelly
Top

#114535 - 2004-02-21 09:48 PM Re: Patch Management
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	SMS except for servers which I hand-job. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#114536 - 2004-02-21 10:28 PM Re: Patch Management
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11631 Loc: CA	150,000 Desktops in Texas. Only company I can think of that size is HP/Compaq and they run 3 SMS Admins for all their desktops around the World I was told. What Company you work at there Krabourn?
Top

#114537 - 2004-02-22 12:06 AM Re: Patch Management
Radimus Radimus Moderator Registered: 2000-01-06 Posts: 5187 Loc: Tampa, FL	I am working on a kix service to install patches... domain service acct has admin on desktops but not servers. controlled by a ini file on each distro server that contains the [reg key / file version] to test for to determine patch install eligibility. It is actually much simpler than I though it would be... the hardest part was getting net admin to approve a domain user acct that has admin on every desktop _________________________ How to ask questions the smart way <-----------> Before you ask
Top

#114538 - 2004-02-22 01:15 AM Re: Patch Management
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	well, as I see it, it's not domain user account as it's service account. _________________________ ! download KiXnet
Top

#114539 - 2004-02-22 02:20 AM Re: Patch Management
Radimus Radimus Moderator Registered: 2000-01-06 Posts: 5187 Loc: Tampa, FL	yes... but it needs network perms so it can access the patches... the typical svc acct is local only _________________________ How to ask questions the smart way <-----------> Before you ask
Top

#114540 - 2004-02-22 02:58 AM Re: Patch Management
Kdyer Kdyer KiX Supporter Registered: 2001-01-03 Posts: 6241 Loc: Tigard, OR	Servers: HFNetChkPro. Workstations: Altiris. Kent _________________________ Utilize these resources: UDFs (Full List) KiXtart FAQ & How to's
Top

#114541 - 2004-02-22 02:15 PM Re: Patch Management
Co Co MM club member Registered: 2000-11-20 Posts: 1342 Loc: NL	First the patches are tested. After the test is OK we roll them out: Clients -> SUS Server Server -> Kixtart script which uses JT.exe to start rollout after working hours and after a finished backup. RAS -> only critical patches by loginscript. Edited by Co (2004-02-22 02:16 PM) _________________________ Co
Top

#114542 - 2004-02-22 02:50 PM Re: Patch Management
krabourn krabourn Hey THIS is FUN Registered: 2000-12-11 Posts: 244 Loc: San Antonio, Texas, USA	I work for SBC. That count is for the US only and I doubt is totally correct, because there some self support groups out there. There probably about 35,000 in Texas. According to Microsoft, the only SMS shop bigger than SBC is Toys R Us. I never expected a toy store to be bigger. We have more SMS Admins than three. Of course saying you are an SMS Admin in SBC does not necessarily mean what you think. We have several groups. Remote Control - Everybody that does desktop support Advertisements - Can do everything but change site settings and add/change packages Packages - Can do everything but change site settings SMS Admin - Can do everything The number of people in each group gets less as the you go down the list. Personally, I think we have too many in the Advertisemnets group, but I think that is about to change. Sending out advertisements is not what takes a long time. It is the possible remediation. _________________________ Kelly
Top

#114543 - 2004-02-23 05:27 PM Re: Patch Management
Learic Learic Fresh Scripter Registered: 2004-02-16 Posts: 12	Quote: yes... but it needs network perms so it can access the patches... the typical svc acct is local only So could you give me an example of how to install a patch locally with a system service account? I know this is a far fetched idea, but how would one go about calling the system service account to install anything? It has to be possible but I don't know enough about using the sytem account to accomplish these types of things!
Top

#114544 - 2004-02-23 05:50 PM Re: Patch Management
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	You can't use the SYSTEM account for this. _________________________ There are two types of vessels, submarines and targets.
Top

#114545 - 2004-02-23 06:31 PM Re: Patch Management
Radimus Radimus Moderator Registered: 2000-01-06 Posts: 5187 Loc: Tampa, FL	the system account has local admin and can install patches and such, but it has no network perms so it is incapable of dl'ing the patch. you have to use a diferent method to det the patch to the machine, but once it is there it can install. Search for Remote Execution Manager as an example of using the system account remotely _________________________ How to ask questions the smart way <-----------> Before you ask
Top

#114546 - 2004-02-23 07:12 PM Re: Patch Management
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	Yes, it does have local admin privs. However, how do you start a process (e.g. an update) under the local SYSTEM account? _________________________ There are two types of vessels, submarines and targets.
Top

#114547 - 2004-02-23 07:55 PM Re: Patch Management
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	jens, what about AT as an example? any service that runs under it, will do. _________________________ ! download KiXnet
Top

#114548 - 2004-02-23 09:51 PM Re: Patch Management
Learic Learic Fresh Scripter Registered: 2004-02-16 Posts: 12	Quote: Yes, it does have local admin privs. However, how do you start a process (e.g. an update) under the local SYSTEM account? This is what I am questioning. If the file already resides on the workstation, how do you initiate an install process under the local system account. Since the file is already there, network access which isn't given to this account doesn't matter...
Top

#114549 - 2004-02-23 10:02 PM Re: Patch Management
Co Co MM club member Registered: 2000-11-20 Posts: 1342 Loc: NL	AT Edited by Co (2004-02-23 10:21 PM) _________________________ Co
Top

Page 1 of 2

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Who's Online

1 registered (Allen) and 363 anonymous users online.

Newest Members

Sir_Barrington, batdk82, StuTheCoder, M_Moore, BeeEm
17886 Registered Users

Generated in 0.141 seconds in which 0.109 seconds were spent on a total of 13 queries. Zlib compression enabled.

click tracking