> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List 
> [mailto:[log in to unmask]] On Behalf Of Aaron Havens
 
> A word of warning!
> so if you do modify the Cisco rules make sure you review your 
> rules every week or two to ensure they still work. Otherwise 
> you may find yourself in a situation where you are checking 
> for something Microsoft no longer provides through windows 
> update. Or you may be missing important checks that are not 
> in your rules leaving some machines unpatched.


Very true.  We went to this policy because we got burned by a few
updates appearing in the middle of classes.  Literally, at the start of
class, peoples laptops were fine,  in the middle of class, when the
computer was required, they didn't pass the checks.

We decided to make it a much more manual process, but we control the
updates.   Typically, we run two  week behind Microsoft's "Super
Tuesday".  One week till our Server team approves the patches on
SUS/WSUS, and one week after that to require it on CCA.

You are correct that we constantly monitor for failure's for patches
that are no longer there. 

> 
> Cisco has done an excellent job keeping the rules up to date 
> and I have not had to modify the rules for months. We 
> currently have over 800 students using Clean Access in our 
> residence halls and have had only a few dozen experience 
> problems with missing patches that windows update did not 
> install. Most of the time we just walk them through how to 
> download the patch while we are on the phone with them.
> 
>

We have 2300 students, and we're up to around 15 or so.  We've only had
3 or 4 that can't run the agent, on the side, we'll probably reload the
OS for them, if they can't do it themselves.  (Officially, that's out of
our purvey, but if it's only 3 or 4, we think we can handle it)