Patching and Verifying Patches

From Extension Collaborative Wiki

Contents 1 External Links 2 Free Windows Patching Solution 2.1 Description 2.2 Download 2.3 Usage 3 Microsoft Baseline Security Analyzer 3.1 Description 3.2 Download 3.3 Usage

External Links

Free Windows Patching Solution

Description

Microsoft���s Windows Server Update Services (WSUS) will deploy patches to Windows clients. This improves the rate at which patches are successfully applied as well as reducing bandwidth usage to microsoft.com. It is extremely easy to setup and configure.

Download

Download Windows Server Update Services

Usage

It is possible to edit the registry for non-AD machines but very simple using AD. The AD settings can be found under Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update in the Group Policy Editor. You'll want to set Automatic Updates even if you do not run your own WSUS server.

The two most important settings in this section are the ���Configure Automatic Updates��� and the ���Specify Intranet Microsoft Update Service Location��� settings. For best results, choose ���4- Auto download and schedule the installation,��� set the install day to ���0-Every day��� and the scheduled install time to sometime in the early morning.

Set the service location to http://yoursusserver.yourdomain and if you use a statistics server enter that address as well.

Use ���Allow immediate installation��� of patches and force computers to restart immediately after installation. Otherwise users will skip patching altogether.

== Microsoft Security Center == Windows XP The ���Security Center��� displays the status of crucial services like Firewall, Patch Updates, and Anti-Virus Software periodically during login.

To enable the ���Security Center��� for all AD clients simply ���Enable��� the setting ���Turn On Security Center.��� This setting can be found under Computer Configuration -> Administrative Templates -> Windows Components -> Security Center in the Group Policy Editor.

Microsoft Baseline Security Analyzer

Description

MBSA is an easy-to-use tool designed for the IT professional that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. Unfortunately, ver 2.0 of MBSA is troublesome to use on a large network. The older versions are much more useful without considerable tweaks.

Download

Microsoft Security Baseline Analyzer

Usage

You'll need an account with admin privileges on the machines to be scanned.

Use "RunAs" to start MSBA as a privileged user.

Select a range of IP addresses under you management.

Start...then wish you hadn't run this tool.