Best Practices

Previous page
Table of content
Next page

Best Practices

  • If you manually install multiple security updates on target computers, use the QChain tool.

    Doing so ensures that the most current version of any DLL or executable is retained. If the OS is either Windows XP or Windows 2000 with Service Pack 3 or later, QChain is not required because the QChain functionality is built in.

  • You must be a member of the local Administrators group of the computer to install any detected updates.

    The Windows Update Web site requires that you have this membership.

  • Configure the Automatic Updates client to implement the desired installation method.

    By doing so, you ensure that your organization s updates are downloaded and installed regularly.

  • Windows Update is appropriate only for scanning a single computer or a small group of computers.

    The scan can only be performed against the current computer.

  • MBSA allows for the diagnosis of security update status only.

    It does not provide any distribution methods.

  • Use the command-line version of MBSA to script security update reporting.

    The Mbsacli.exe tool allows you to create scripts that scan a single computer, an IP range, or an entire domain for security update status.

  • SUS can be used only to distribute security updates, not service packs.

    You must use methods such as Microsoft SMS, scripts, or Group Policy to automatically distribute service packs.

  • Use the SMS Software Update Services Feature Pack to deploy software patches to a subset of computers on your network.

    Only the SMS Software Update Services Feature Pack allows you to define specific targets for software patch deployment, allowing you to pick and choose targets for patch deployment.

  • Both SUS and the SMS Software Update Services Feature Pack provide reporting on the status of software patch deployment.

    Because of the data stored in SMS inventory, the SMS Software Update Services Feature Pack can produce more detailed reports.

  • SUS can only support up to 15,000 client computers.

    If you must support more than 5000 computers, consider using the SMS Software Update Services Feature Pack or other third-party security update deployment software.


Previous page
Table of content
Next page
Microsoft Windows Security Resource Kit
Microsoft Windows Security Resource Kit
ISBN: 0735621748
EAN: 2147483647
Year: 2003
Pages: 189
Authors: Ben Smith, Brian Komar
BUY ON AMAZON
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Inside Network Security Assessment: Guarding Your IT Infrastructure
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy