Patch Management Nightmare ...

[Icharus]

I take care of a small NT network, but just keeping up with all the MS and application updates and patches is a nightmare. I started using the MS Baseline Security Aalyzer, and it helps, but it's still a pain and does not identify all the problems.

What do you people do to keep up with it all?

[SpongeBob]

The best update manager for both client and servers. Put it on one server.. and it will push updates to other computers.. even in the best order to correctly patch ALL bugs and reduce reboots!!


Update Expert

[Icharus]

Thanks for the reply SpngeBob,

I have heard good things about UpdateExpert, and it's cost seems reasonable. The ability to push the patches to the workstations is great. MBSA does an OK job at finding missing MS patches but does'nt provide a way to distribute them. I've been using Windows Update but it is not a reliable way to keep the systems up-to-date.

It just really bothers me that I have to pay for a solution to fix potential problems with the software I already own, and I think it would be a hard sell to my boss.

We are planning an upgrade to W2K, after that I should be able to use the Microsoft Software Update Services. Anybody have any experience with this?

[SpongeBob]

yes... it is .. uh... ok....

on workstations.. YOU MUSTT BE AND ADMIN!!

so unless your users hav admin level access to there computers.. then sure.. turn it on.

(some patches you dont need admin level... but you'll get tons of calls when they get cryptic errors and popups asking for them to contact there admin for help for others.)

on servers it dont matter.. cause only admins log into them anyway.

Oh ya.. that brings me to my next Bad point.. for servers... YOU MUST BE LOGGED IN!! UGH.

I dont know about you.. but I dont stay logged into my servers. Shoot... my Print server.. i log into it.. once every 3 months.... maybe.

For security on the workstation... regualr updates are a must!
(after all, who cares if IE is patched every second on a server that no one logs into or "surfs" the web on)

Application / Services need to be patched ASAP on server, not workstations unless it is cauding a conflict or error.

So you have 2 different "platforms" with different requirements, that you cant satisify with out putting out money or lots of time. Think of all the down time installing SP3 on 2k!! (takes 15 mins from a CD-Rom or 35mins from the web - I have a T1- UGH... user down time = $$) Oh and dont even get me started on XP sp1 - OMG!!! (or ther new "Express" version... hahaha... took even longer)

When yo add that up and reboots of servers... either you work 80 hour weeks (overtime??) or the user sit around every day for 30 mins. How much is THAT costing your boss??!!

Updateexpert you can set up "Profiles" for updates... so it will update more frequlently IE type stuff on users and Services type stuff on servers.

Then on Fri. afternoon... have all user leave computers on over weekend... and do a MASS update... all patches for ALL computers.

Update Expert - once it DL's the patch once.. it SAVES it. and creates it own database. so it save you bandwidth too!! DL sp3 once and push it to infinate computers. Add a computer later... boom... no DL'ing.. you have all the patches.

Update Expert even list current "bugs / features" that there are no patches for that M$ says are comming soon... to help keep you informed of what dangers are lurking.

Very nice for the price!!! If you have as big a problem as you described... it should be an easy sell. and you boss would be dumb not to get it or a similar product.

(And no I dont sell any computer hardware or software, just a happy user of it.)