Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group...
-
Upload
clifton-perkins -
Category
Documents
-
view
215 -
download
0
Transcript of Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group...
![Page 1: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/1.jpg)
Managing Windows Software & Updates
SUS Server
MS Baseline Security Analyzer
Software and Group PolicyPaul “The Yellow Dart” Peterson
University of Minnesota
![Page 2: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/2.jpg)
Microsoft SUS Server
Hotfix and Service Pack Management
![Page 3: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/3.jpg)
Why SUS Server Allows us to control which updates are
applied and when Ease of management through group policy Other options SMS and MbsaFU
![Page 4: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/4.jpg)
![Page 5: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/5.jpg)
![Page 6: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/6.jpg)
The BAD news Clients stop looking for updates pending
reboot SUS Server requires IIS Little control over what is downloaded Not supported by NT4, 9x clients Requires SP3 on 2k clients
![Page 7: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/7.jpg)
Our Experience Reliable and easy to manage Transparent to end users (fairly) Doesn’t install non-critical updates, office
updates or service packs (until recently) Client logging only in IIS logs Dedicated server recommended
![Page 8: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/8.jpg)
MS Baseline Security Analyzer
MS security reporting
![Page 9: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/9.jpg)
Why Microsoft Baseline Security Analyzer
Freely available
http://www.microsoft.com/downloads
Microsoft Baseline Security Analyzer v1.1.1 Full “featured” but easy to use Command line interface scriptable Verifies patches and configuration
![Page 10: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/10.jpg)
![Page 11: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/11.jpg)
![Page 12: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/12.jpg)
![Page 13: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/13.jpg)
![Page 14: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/14.jpg)
![Page 15: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/15.jpg)
The Bad News Reports are “noisy” False positives (or are they…)
![Page 16: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/16.jpg)
Our Experience Easy to use Detailed reports Third party follow up tool available
![Page 17: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/17.jpg)
Group Policy
![Page 18: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/18.jpg)
Why Group Policy Policies easy to apply, enforce, and change Leverages AD layout and all the thought
and planning that went into your domain Unavoidable
![Page 19: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/19.jpg)
![Page 20: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/20.jpg)
![Page 21: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/21.jpg)
![Page 22: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/22.jpg)
![Page 23: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/23.jpg)
The Bad News (in general) Can be very confusing (nearly limitless
options) Reporting tools are not good
(2003 tools improved and available) Not well documented
![Page 24: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/24.jpg)
More Bad News (software) Requires msi packages (some software is
reluctant to be packaged) Non intuitive AND badly documented Software policy ONLY updated on reboot RELENTLESS
![Page 25: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/25.jpg)
Our Experience Steep learning curve Easy to use once configured Greatest thing since sliced bread (for its
intended purpose)
![Page 26: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/26.jpg)
Group Policy for SUS Management
Easy to use Prevents users from changing settings Full features require admin template from
sp1 version of SUS
![Page 27: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/27.jpg)
![Page 28: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/28.jpg)
![Page 29: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/29.jpg)
![Page 30: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/30.jpg)
![Page 31: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/31.jpg)
Learning from our mistakes Treat “production” GPO’s with care Document and test all policy changes Keep it as simple as possible It is easier to manage a lot of GPO’s than a
lot of policy changes in a GPO Plan your OU structure carefully “Not Defined” is NOT default
![Page 32: Managing Windows Software & Updates SUS Server MS Baseline Security Analyzer Software and Group Policy Paul “The Yellow Dart” Peterson University of Minnesota.](https://reader036.fdocuments.in/reader036/viewer/2022062802/56649ee15503460f94bf24c7/html5/thumbnails/32.jpg)
The End http://www.microsoft.com/windows2000/windowsupdate/sus/
susdeployment.asp http://www.microsoft.com/windows2000/techinfo/howitworks/
management/grouppolwp.asp http://www.microsoft.com/windows2000/techinfo/howitworks/management/
rbppaper.asp http://www.microsoft.com/downloads Microsoft Baseline Security Analyzer v1.1.1
Group Policy Management Console (2003 XP)
Software Update Services Server 1.0 with Service Pack 1