service patch over 90 machines...help

  • Thread starter Thread starter jack
  • Start date Start date
J

jack

Hi,

I just started on a new job and they have about 90 workstation running
either XP PRO or 98. Reallizing none of these machines are updated with
service patches what is the best way to determine the following:

1) Remotly seeing what patches has been apply.
2) How to deploy the missing patches? The most cost effective way.

Thanks in advance

Jack
 
Please review the Guide to Security Patch Management at
http://www.microsoft.com/technet/tr...et/security/topics/patch/secpatch/default.asp.

----

The Microsoft Guide to Security Patch Management provides concise
information, prescriptive techniques, tools, and templates to help
organizations cost-effectively maintain a secure and reliable Microsoft
environment through the proactive assessment of vulnerabilities and the
application of security patches and appropriate countermeasures.

Note: This guide provides information on the maintenance of multiple
computers within an organization. If you are responsible for the security
and maintenance of your own computer (such as a home user), please keep your
computer secure by following Microsoft Security and Privacy Basics.

------


--
Malik Pradhan
Windows SE
Microsoft Corp.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
If you don't have an automated software distribution mechanism (SMS,
Tivoli, Radia, or sometihng like those products) for your XP machines
you might consider creating a kit of all the applicable post-SPx patches
(for whatever value of -x- your organization is currently stndardized
on), and applying the complete kit to every machine.

This mechanism will result in redundant re-installations of some
hotfixes, but it will give you some confidence that all of the hotfixes
have been applied to every machine.

If your organization does not already have such a policy, talk to your
management about establishing a *corporate* policy about keeping all
computers up to a "reasonable" level of security, with explicit
statement that noncompliance with the policy may result in adverse
action against the offender. The definition of "reasonable" will depend
on the details of the organization, but the days of
everybody-trusts-everybody is no longer a viable alternative. If your
management has any sense you'll be seen as being a Valuable Employee
(tm) who is being PROACTIVE (good buzzword for your annual review) about
security.

Also, in a business environment, by using a centrally-distributed update
kit and not using Windows Update, you have an opportunity to test the
new hotfixes against your organization's corporate applications, and you
don't risk having Microsoft re-issue a slightly tweaked version of a
hotfix without bothering to announce the change.

<soapbox>
If your organization has any pretense of having network security, get
rid of your Win98 machines. The DOS-based versions of Windows (95, 98,
98SE, ME) have a security model best described as "a block of Swiss
cheese".
</soapbox>

Joe Morris
 
Back
Top