On Wed, 23 Jun 2004 19:33:09 -0600, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > well in some scenarios it is not advisable to let windows update run freely. > in our company only approved patches/fixes are installed because not every > patch that microsoft releases is *guaranteed* to work. > Yes, having windows update running freely on workstations is not advisable. (Got a first-hand taste of how it craps on one of my servers -- a domain controller to boot -- which barfed errors after installing a service pack from the net.) What I do in my network is have *dedicated* machines (one for each OS: XP, 2000, 98SE) download all patches from Windows Update in a given schedule, then have those patches made available through the LAN in shared directories. That way, I have control over what patches to apply to the workstations. It's a bit tedious, though -- but it's gotta be done. We also get discs of cumulative patches and updates from MS, like the one containing security updates from Jan to May2004. It was given free, I think, in one of their gigs.
What you probably want to do is block it through your firewall, AND through ACLs in squid. HTH. -- Ian Dexter R. Marquez http://iandexter.co.nr -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
