Chapter 14: Implementing, Managing, and Troubleshooting Patch Management Infrastructure (2.0)

It’s commonly known among developers that no software product is released without bugs. Millions of lines of code compiled into different programs that interact in a complex and unique way can result in problems that were unseen by Microsoft at the time of a product’s release. To paraphrase a quote from a NASA engineer during the development of the lunar module for the Apollo project, writing and running such complex software is similar to coordinating a room full of dancers, each moving to a song that only they can hear. Problems are inevitable. To deal with problems that appear after a product’s release, Microsoft has an aggressive strategy of releasing hotfixes and service packs. Vital skills for systems administrators are knowing how to trial deploy these updates, how to assess their relevance to your existing network environment, how to check whether or not a system is as patched as it should be, and finally, knowing the different options in rolling out those updates.

Testing Skills and Suggested Practices

The skills that you need to successfully master the Managing and Implementing Disaster Recovery objective domain on Exam 70-299: Implementing and Administering Security in a Microsoft Windows Server 2003 Network include:

• Manual installation of hotfixes.

  • Practice 1: Use Windows Update to locate a hotfix that your Microsoft Windows Server 2003 system requires but is not yet installed. Manually download this hotfix to the c:\temp folder. From the command prompt run hotfix.exe /help (where hotfix.exe is the hotfix name) to bring up all of the installation options.

  • Practice 2: Manually install the hotfix that you downloaded in Practice 1. Reboot your server if necessary. Check in the Add/Remove programs control panel that the hotfix has installed. From the command prompt, use the appropriate switches (discover them by using the Help switch) to uninstall this hotfix. Do not uninstall using Add/Remove programs. Reboot the server if necessary. Return to Add/Remove programs to verify that the hotfix has been removed.

• Using the Microsoft Baseline Security Analyzer (MBSA) tool.

  • Practice 1: Download and install the MBSA tool from the Microsoft Web site. Using the GUI, run a single scan against each of the computers on your local network. Locate computers that have security patches that must be applied using the MBSA tool. Download the relevant patches from the Microsoft Web site. Install the patches on the systems that require them.

  • Practice 2: From the command prompt, use the MBSA command-line tool to scan the range of IP addresses on your LAN that you scanned individually in Practice 1. If you have installed the patches correctly you should now see a text-based report informing you that these patches have been successfully applied.

• Working with service packs.

  • Practice 1: Download Microsoft Windows XP Service Pack 1a from the Microsoft Web site. Use the command xpsp1a_en_x86.exe –x to extract the service pack to a suitable location. Locate the file update.msi.

  • Practice 2: Use the update.msi file to create a software installation package in a Group Policy object (GPO) that will deploy Windows XP Service Pack 1a to a new organizational unit (OU). Take note of extra installation options such as Uninstall This Application When It Falls Out Of The Scope Of Management found in the Deployment tab of the service pack software deployment properties.