You can actually disabled the ability to use Windows Update. The site
tells you this has been disabled and to contact your technical support.
I do this in student labs just in case. But I actually don't mind if a
user goes to Windows Update and gets up to date before my SUS server
kicks in. 6 in one, half a dozen in the other, in my opinion (in our
environment). In fact, we have several users that like to know when a
SUS patch is coming out so they can update manually. That way, if they
have processes that need to run overnight, they can be sure they will
run.

Chris 

-----Original Message-----
From: Rod Trent [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 26, 2003 10:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS failure rate

There are still a myriad of ways to get to the  Windows Update website.
If you venture out to Microsoft.com for very long (or any other
technical site), there will be links to Windows Update. 

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chris Lynch
Sent: Friday, September 26, 2003 11:33 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS failure rate

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

And this is why you should disable all links to Windows Update on your
client workstations via a GPO.
 
Chris Lynch
Senior Network Engineer
Axcent Solutions, Inc.
 
 
*Opinions expressed here does not necessarily reflect what the company
views
are.*

________________________________

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rod Trent
Sent: Friday, September 26, 2003 6:26 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS failure rate


Another issue is if the end-user manually visits the Windows Update
website and installs their own updates from there.  This can throw SUS
for a loop.

________________________________

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of England,
Christopher M
Sent: Friday, September 26, 2003 9:21 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS failure rate


We have seen this occasionally, but usually it is due to some
extenuating circumstance. Like if we had turned off the SUS GPO to do
some testing (we only have one SUS server setup right now, with multiple
GPOs) the clients revert back to their previous Automatic Update
settings. If they have it set to Download but Prompt me, they can ignore
those. Therefore SUS will think they are good, but they are really not.
Similarly, if they turn their computers off continually during the time
you have SUS set to run (like ours is 3 AM every day), they may have
downloaded the patches earlier (we find sometime in the afternoon or
late evening it prepares this), but if the computer is off, it never
runs. And if it prompts them the next morning, they can choose to
ignore.
 
Ok, enough rambling. But what it comes down to is a bit of planning on
our end (the sysadmins) as well as a bit of user education. The latter
is the part that has been most troublesome for us. I guess "leave your
computer on (but logged off) all the time" does not mean anything to
anyone. :)
 
Chris
- ---------------------------------------------------------
Christopher England
Server Administrator
MCSA, Server+, Network+, A+
College Information Technology Office
Indiana University 


________________________________

From: Greg Felzer [mailto:[EMAIL PROTECTED]
Sent: Friday, September 26, 2003 8:08 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] SUS failure rate



I was wondering what kind of failure rate you have all been seeing
having SUS install patches.

 

We are preparing a lab test to get hard numbers.  We have seen failures
where SUS repeatedly tries to install the same patch on each connect and
where SUS claims the patch is installed but scanning with HFnetCHKPro
shows that the patch is not installed.

 

Greg Felzer
MCSE NT4, MCSE 2000, CCA, CCNA, CNA
Senior Systems Engineer
Center for Computing and Information Technology Medical University of
South Carolina 


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBP3RcMm9fg+xq5T3MEQJc6wCg7/feMrBKLPr8CvvLNHU6/fUwgh0AoJD8
aL14bIClFTQahy421exDOxdN
=vMf6
-----END PGP SIGNATURE-----


List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to