Subject: | |
From: | |
Reply To: | |
Date: | Fri, 22 Jun 2007 13:47:12 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Mike,
Microsoft's official way to check if a machine is patched is the
Microsoft Baseline Security Analyzer at
http://www.microsoft.com/technet/security/tools/mbsahome.mspx, not the
Windows Update site
I have been trying to get our techs to use this before CCA gets the
blame.
Bruce Osborne
Liberty University
-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Mike Diggins
Sent: Friday, June 22, 2007 1:44 PM
To: [log in to unmask]
Subject: [CLEANACCESS] Windows Updates - Again
Without doubt, the single biggest problem we face with Clean Access is
it
disagreeing with Microsoft Update, as to the patch level of a Windows
computer. MS Update says it's all patched, Clean Access says otherwise.
It's a real burden on our support staff (and me - because they complain
to
me).
One of our Technical Staff suggested part of the problem might be
'rollup'
updates from Microsoft, where a number of patches are packaged into one
update. He suggested that the registry might not be updated in the same
way applying an individual patch does. My question is - do the Clean
Access rule sets supplied by Cisco take this into consideration? I've
never been able to explain why re-installing the SUPPOSEDLY missing
patch,
updates the missing registry entries and fixes the issue.
-Mike
|
|
|