LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

September 2005

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS September 2005

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Specific Windows Update failures
From:	"Flagg, Martin D." <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Tue, 13 Sep 2005 09:58:00 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (58 lines)

You can avoid the issue of updates happening in the "middle of class" by
requiring re-certification once a week Monday morning at 4AM.  Our
students are now used to this and the helpdesk is fully staffed on
Monday in case of problems.  I think manually doing the updates is
great, but until I have a problem, I think I will let Cisco do my work.


-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of King, Michael
Sent: Tuesday, September 13, 2005 9:54 AM
To: [log in to unmask]
Subject: Re: Specific Windows Update failures

 > -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List 
> [mailto:[log in to unmask]] On Behalf Of Aaron Havens
 
> A word of warning!
> so if you do modify the Cisco rules make sure you review your rules 
> every week or two to ensure they still work. Otherwise you may find 
> yourself in a situation where you are checking for something Microsoft

> no longer provides through windows update. Or you may be missing 
> important checks that are not in your rules leaving some machines 
> unpatched.


Very true.  We went to this policy because we got burned by a few
updates appearing in the middle of classes.  Literally, at the start of
class, peoples laptops were fine,  in the middle of class, when the
computer was required, they didn't pass the checks.

We decided to make it a much more manual process, but we control the
updates.   Typically, we run two  week behind Microsoft's "Super
Tuesday".  One week till our Server team approves the patches on
SUS/WSUS, and one week after that to require it on CCA.

You are correct that we constantly monitor for failure's for patches
that are no longer there. 

> 
> Cisco has done an excellent job keeping the rules up to date and I 
> have not had to modify the rules for months. We currently have over 
> 800 students using Clean Access in our residence halls and have had 
> only a few dozen experience problems with missing patches that windows

> update did not install. Most of the time we just walk them through how

> to download the patch while we are on the phone with them.
> 
>

We have 2300 students, and we're up to around 15 or so.  We've only had
3 or 4 that can't run the agent, on the side, we'll probably reload the
OS for them, if they can't do it themselves.  (Officially, that's out of
our purvey, but if it's only 3 or 4, we think we can handle it)

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU