Deploying Security Patches

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Are current enviroment is that we have one main location and eight branch
location. We do not allow automate updates on any computer for security
reasons. We unfortuantly can not deploy SUS to update the computers. The IT
staff has to go to every branch about once a month and run windows update
manualy as well as here at the main hq. Our network is very slow. We are
trying to work on upgrading th espeed. Can you see any alternative to
downloading them at every station. This can take some time due to the slow
network especialy across the links back to HQ. We do this about once a month
if possible.

George
 
Sorry George. I don't have an answer for your question. But I do have a
question for you.

I was considering setting up automatic updates on my computers. What would
be a security reason not to do this?

Millie
 
Security reason not to do would be that you don't want users to be able to
download and install programs unless an admin. approves them. O fcourse w/o
automatic updates you will have to manually update each machine like we do.
An alternative you coud setup a SUS on a sever running IIS and then you would
be able to setup each machine to point to the SUS server as the automatic
update point not the internet. Done through GPO's. This way you can
approve which updates you want to install and only approved updates would be
installe don client machines. A reason would be if bandwidth is a issue. If
every user has access to use automatic updates they all are going out to the
internet to update their machines using up bandwidth. Plus they need to have
the right to download and install. Security issue possibility.

George
 
Back
Top