K
Karen Gallaghar
I've posted this before, and have received one response
in the peer version, but it doesn't really resolve my
issue, and I'm pretty sure my situation isn't unique.
With the blaster and its' relatives, it has become almost
impossible for me to build a new XP Pro workstation. I
work in a University supporting about 200 XP workstations
and 9 servers. Virtually pure MS products (two Linux
special java web servers). All other servers are Windows
2000 SP4, IIS 5 on two, SQL Server 2000 on two, and I
just upgraded to Active Directory in my own forest. All
my workstations are XP Pro, some are the Corporate
version, some are OEM versions (retail or academic), and
some are commercial versions donated by MS HR
recruiting. As a result, the machine and when it was
purchased, determines which CD I use when building, or
rebuilding a workstation to try to stay compliant with my
various licenses for the same product. As I am on a
college campus where our IT department doesn't "support
computers", each department/college either has their own
support, or several departments/colleges pool their
resources to hire their own support (my case, four
departments) or has no support and each user maintains
their own. While the Univerity does block ports from off
campus, and recently from the student residences, they do
not block within the campus buildings. Even if they did,
many units share the same building and subnets.
The result is there are currently always machines
unpatched which infect me before I can finish an
install. Last week I tried to create an MSI job that
contained all the patches (downloaded from the Windows
update catalog). I was infected before the patches were
finished, and thus I now have a great MSI for installing
blaster.... So I burned a CD with all the patches (from
Windows Update Catalog) on it, and tried installing with
a batch file. I don't know the order (just critical
patches, not drivers or recommended updates). I was
infected after completing the patching - which implies
that one patch overwrote the blaster patch, which was
included. I have to run 3 batches to complete patching,
as some patches don't recognize qchain, and thus need to
reboot, and there are two reboots required. My first
patch is all the qchainable patches, then two batches of
pre-qchain. Having spent parts of 5 days, and four
complete reinstalls, without success, I really need some
help.
I can't slipstream to create a fully patched install CD,
or I would have to do some 60 or so CD's to cover all
versions (and do it again later as new "blaster-like"
issues arise). I don't have the resources to create an
internal windows update server, and it wouldn't work with
so many infected machines currently on campus, for the
same reasons that windows update doesn't work. When the
university scans a machine and finds it vulnerable, they
block it from the internet (and thus from windows
update). Sadly, this doesn't block them from other
machines within the subnet.
What I really need is a rollup patch that applies all
patches up through blaster. Or an MSI job that would do
the same (that I'd create if I had the details of exact
order of patching). But I would settle (and beg you for)
a list of all required patches (currently 60, I believe)
that all of the flavors of XP Pro need, and the exact
order they should be installed to properly protect an XP
Pro installation. Then I can make my patch CD with
confidence, and maybe even build my MSI file.
I read the blaster conference teleconfence, and it didn't
address this type of situation, so I don't think you were
planning to release such a listing. Maybe you could have
it as a link on the windows update catalog?
Thanks in advance,
Karen Gallaghar
in the peer version, but it doesn't really resolve my
issue, and I'm pretty sure my situation isn't unique.
With the blaster and its' relatives, it has become almost
impossible for me to build a new XP Pro workstation. I
work in a University supporting about 200 XP workstations
and 9 servers. Virtually pure MS products (two Linux
special java web servers). All other servers are Windows
2000 SP4, IIS 5 on two, SQL Server 2000 on two, and I
just upgraded to Active Directory in my own forest. All
my workstations are XP Pro, some are the Corporate
version, some are OEM versions (retail or academic), and
some are commercial versions donated by MS HR
recruiting. As a result, the machine and when it was
purchased, determines which CD I use when building, or
rebuilding a workstation to try to stay compliant with my
various licenses for the same product. As I am on a
college campus where our IT department doesn't "support
computers", each department/college either has their own
support, or several departments/colleges pool their
resources to hire their own support (my case, four
departments) or has no support and each user maintains
their own. While the Univerity does block ports from off
campus, and recently from the student residences, they do
not block within the campus buildings. Even if they did,
many units share the same building and subnets.
The result is there are currently always machines
unpatched which infect me before I can finish an
install. Last week I tried to create an MSI job that
contained all the patches (downloaded from the Windows
update catalog). I was infected before the patches were
finished, and thus I now have a great MSI for installing
blaster.... So I burned a CD with all the patches (from
Windows Update Catalog) on it, and tried installing with
a batch file. I don't know the order (just critical
patches, not drivers or recommended updates). I was
infected after completing the patching - which implies
that one patch overwrote the blaster patch, which was
included. I have to run 3 batches to complete patching,
as some patches don't recognize qchain, and thus need to
reboot, and there are two reboots required. My first
patch is all the qchainable patches, then two batches of
pre-qchain. Having spent parts of 5 days, and four
complete reinstalls, without success, I really need some
help.
I can't slipstream to create a fully patched install CD,
or I would have to do some 60 or so CD's to cover all
versions (and do it again later as new "blaster-like"
issues arise). I don't have the resources to create an
internal windows update server, and it wouldn't work with
so many infected machines currently on campus, for the
same reasons that windows update doesn't work. When the
university scans a machine and finds it vulnerable, they
block it from the internet (and thus from windows
update). Sadly, this doesn't block them from other
machines within the subnet.
What I really need is a rollup patch that applies all
patches up through blaster. Or an MSI job that would do
the same (that I'd create if I had the details of exact
order of patching). But I would settle (and beg you for)
a list of all required patches (currently 60, I believe)
that all of the flavors of XP Pro need, and the exact
order they should be installed to properly protect an XP
Pro installation. Then I can make my patch CD with
confidence, and maybe even build my MSI file.
I read the blaster conference teleconfence, and it didn't
address this type of situation, so I don't think you were
planning to release such a listing. Maybe you could have
it as a link on the windows update catalog?
Thanks in advance,
Karen Gallaghar