I would recommend to use tell the clients to use your SUS server by a Domain-Policy (i guess you have a domain when you speak of 3000+ clients). This what MS recommends in their guide and it just works without ugly hacks.
Greetings
Mark A. Lewis wrote:
You are both right.
Yes, if you attempt to impersonate the Windows update site it will not work.
Yes, you can redirect a request for windowsupdate.microsoft.com to sus.mydomain.com and let them use that for updates, so long as you don't try to impersonate the Windows Update site.
My suggestion would be to use SquidGuard to redirect these users to a
page explaining that they should use the SUS site instead. This will
work just fine.
-----Original Message-----
From: Serassio Guido [mailto:[EMAIL PROTECTED] Sent: Saturday, February 21, 2004 2:14 PM
To: Scott Phalen; [EMAIL PROTECTED]
Subject: RE: [squid-users] Redirecting Windows Update
Hi,
At 20.08 21/02/2004, Scott Phalen wrote:
My original question is dealing with SQUID. All I am asking here is can a URL be redirected?
I have been running MSUS for almost a year now. I TOO KNOW HOW IT
WORKS!
75% of my clients are configured to get updates from my two servers. The other 25% go directly to Microsoft.
Security Features in the Software Update Services solution
Software Update Services. A server running SUS can download packages
from either the public Microsoft Windows Update servers or from another
server running SUS. During any of these downloads, there is no server-to-server authentication carried out. All content downloaded by SUS is signed by Microsoft. SUS does not trust any content that is not signed or is incorrectly signed. Since SUS 1.0 Service Pack 1 supports only Windows critical updates and security rollups, all content is checked to see that it has a been correctly signed by Microsoft.
Automatic Updates client. The Automatic Updates client can download packages from either the public Windows Update site or from a server running SUS. Before installing any packages that have been downloaded, SUS checks to confirm that the package has been signed by Microsoft. If
the package is not correctly signed, it will not be installed.
Ok, You say that You know all, so You don't need any recommendations from me ... :-)
So, please try an let to know to the list if You are right.
Regards
Guido
- ======================================================== Guido Serassio Acme Consulting S.r.l. Via Gorizia, 69 10136 - Torino - ITALY Tel. : +39.011.3249426 Fax. : +39.011.3293665 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
