Having AutoUpdate on to download ONLY, isn't too horrible of an idea but, never have it install automatically. You want to do the install (which includes a reboot) when you have an appropriate maintenance window not, just whenever MS decides to push you a patch
Now, yes... B/twn the time the patch was released and you install the patch you are open to this exploit but, you also have to know that there usually is a decent week (sometimes even longer) window b/twn the time the vulnerability is discovered (NTbugtraq, FullDiscloure, etc) and a patch is even created. There is nothing you can do to mitigate that window so waiting a few hours till your server is less busy (early morning, etc) to actually apply the patch isn't that big of a deal. Now, what you should be doing anyhow is have a firewall. Running windows without a firewall is akin running naked through a paint ball game... You have to have some protection. If your only running a web service on the box only have 80 open (not including your RDP ports so you can admin the box). For a standard HL server you need to only have open TCP7002 (WON Auth) TCP6003 (Won Server) UDP27010 (WON Master List) UDP27015 (Normal Server) UDP270xx (Any other port your running on) TCP3784 (Ventrillo, if I recall correctly) On Wed, 15 Sep 2004 12:28:56 -0400, Napier, Kevin <[EMAIL PROTECTED]> wrote: > 99% disagree. I dont want to get into a big debate about it, but many admin > like myself would prefer to know exactly what end up getting installed on > our systems. So I would suggest disabling it and apply patches as needed or > selectively run it once or twice a month. The last thing I want is somewhat > unknown changes being made to my system. > > (now if you run 1000 servers it's a differnt issue, and SUS\SMS is still the > way to go) > > > -----Original Message----- > From: List Keeper [mailto:[EMAIL PROTECTED] > Sent: Wednesday, September 15, 2004 11:37 AM > To: [EMAIL PROTECTED] > Subject: Re: [hlds] Win2k3 services > > > I won't speak for the services, but I will say that you *must* make sure you > setup Automatic Updates to check *daily*. That's critical so you stay up to > date and lessen the likelihood of your server being compromised. In the > morning is a good time to have it check for them, like at 5AM in the > server's time zone. > > > ----- Original Message ----- > > From: "Mason Cutner" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Wednesday, September 15, 2004 09:33 AM > > Subject: [hlds] Win2k3 services > > > -- > > > [ Picked text/plain from multipart/alternative ] > > > I have just got a new box and have windows 2003 server on it. What > services do I need and which ones are not needed for running game servers? > server specs > > > Dual Xeon 3.0GHZ 533FSB > > > 2 gigs ram > > > 1 scsi 36.4 15k rpm > > > > > > sorry if this sound noobish. > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
