King, Michael wrote:
> We have on occasion (but not this year) removed Hotfixes from the
> required list.
>
> In our normal course of events, we copy the rule. We do not run
> directly off the cisco provided rules. It's just a matter of removeing
> the Check from the rule.
>
> If you use the Cisco rules, just copy it, and update your
> requirements-rule mapping to use the copy.
>
> What we have seen occasionally is that somehow the update will fail, so
> the registry does not get updated, but the DLL would have been replaced
> (the patches usually replace DLL's) So windows update detects the
> correct DLL, but the registry for Cisco is wrong.
>
>> -----Original Message-----
>> From: Perfigo SecureSmart and CleanMachines Discussion List
>> [mailto:[log in to unmask]] On Behalf Of Jason Ozaeta
>> Sent: Monday, September 12, 2005 7:44 PM
>> To: [log in to unmask]
>> Subject: Specific Windows Update failures
>>
>> Has anyone experienced an issue with specific Windows updates
>> with Clean Access? We've seen a similar topic about a problem
>> like this, and someone said it was a problem with Windows
>> Update. The resolution was to just install the individual
>> update from Microsoft's site. However, we are experiencing
>> lots of users experiencing the issue. As a result, we've had
>> to stretch our tech support staff to the limit, installing
>> individual updates on each user's computer. This is proving
>> to be a serious issue on our side, as the number of users
>> with the problem increases. Has anyone seen anything about
>> the Windows Update problem?
>>
>> Specificaly, the Clean Access agent finds a Windows update
>> that is not on the system, therefore giving the user
>> temporary access. However, the user goes to Windows Update,
>> but Windows Update reports that no critical updates are
>> needed. Like the similar post said, downloading the specific
>> update manually works, but this requires too much time on our
>> part to fix, as well as defeats the purpose of our login system.
>>
>> We're not sure if this is a coincidence, but the users
>> failing this Windows Update check are commonly missing the
>> KB873333 hotfix. We've researched this hotfix to find any
>> compatibility issues, but have not found any.
>>
>> Does anyone have any other advice or insight to this problem?
>>
>> Jason Ozaeta
>> ResNet Student Assistant
>> Working for Jeff Porter
>> Cal Poly
>>
A word of warning!
If you modify the Cisco provided Windows Update checks make sure that
you review them often. I was using a modified version of the Cisco rules
and after a while our users began having problems. It turns out that
some of the updates I was checking for were no longer available. The
updates had been replaced or modified by Microsoft causing the checks to
fail. Cisco had stopped checking for them but I had not. This caused a
problem with over a dozen computers in the dorms.
so if you do modify the Cisco rules make sure you review your rules
every week or two to ensure they still work. Otherwise you may find
yourself in a situation where you are checking for something Microsoft
no longer provides through windows update. Or you may be missing
important checks that are not in your rules leaving some machines
unpatched.
Cisco has done an excellent job keeping the rules up to date and I have
not had to modify the rules for months. We currently have over 800
students using Clean Access in our residence halls and have had only a
few dozen experience problems with missing patches that windows update
did not install. Most of the time we just walk them through how to
download the patch while we are on the phone with them.
--
Aaron Havens
Network Technician
Computing and Telecommunications
Northeastern State University
610 N. Grand
Suite 318
Tahlequah, OK 74464
http://netnotes.nsuok.edu/~havensa/
918-456-5511 Ext. 5813
|