CLEANACCESS Archives

April 2009

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Windows Update Services Requirement
From:
"Prem Ananthakrishnan (prananth)" <[log in to unmask]>
Reply To:
Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:
Tue, 7 Apr 2009 15:32:17 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (166 lines) 
Mike,

My understanding is that you need the stub installed both to check as
well as update against WSUS. Please note that we will be eliminating the
additional stub requirement for non-admins in an upcoming NAC release. 

-Prem



-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Mike Diggins
Sent: Monday, April 06, 2009 12:22 PM
To: [log in to unmask]
Subject: Re: Windows Update Services Requirement

I'm not. I thought that was just to allow the Agent to update? Does it 
allow non-administrator accounts to login using the WUA method as well?

-Mike

On Mon, 6 Apr 2009, Prem Ananthakrishnan (prananth) wrote:

> Hi Mike,
>
> Are you using the agent stub? You will need the agent stub for the
WSUS
> to work
>
> -Prem
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators
> [mailto:[log in to unmask]] On Behalf Of Mike Diggins
> Sent: Monday, April 06, 2009 9:32 AM
> To: [log in to unmask]
> Subject: Re: Windows Update Services Requirement
>
> I discovered the source of at least some of the failed logins. You
can't
>
> run WUA if you're not an Administrator of that machine, and we have
> several (that I know about), that do just that.
>
> Considering that Best Practise is not to run as an Administrator, is
> there
> any work around to this, short of exempting it from the checks?
>
> -Mike
>
>
> On Sun, 5 Apr 2009, Atif Azim (atif) wrote:
>
>> Mike D,
>>
>> Mike S is correct in that this typically happens when the update
> service
>> on that machine is broken, however to ascertain this you should take
a
>> look at the agent logs.
>>
>> When you do have access to the clients, can you look at the agent
logs
>> and see if there is any information there. In order to set the
> loglevel
>> to debug, please refer to the following link:
>>
>
http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/45/
>> 45rn.html#wp607061
>>
>> Please send the agent log to myself and I can have one of our
> technical
>> folks take a look and get back to you. Alternatively you can also
>> forward the logs to TAC and they will follow up with you.
>>
>> Regards,
>> Atif
>>
>> -----Original Message-----
>> From: Cisco Clean Access Users and Administrators
>> [mailto:[log in to unmask]] On Behalf Of Stanclift,
> Michael
>> Sent: Saturday, April 04, 2009 11:22 PM
>> To: [log in to unmask]
>> Subject: Re: Windows Update Services Requirement
>>
>> We run our checks like this as well, when students get those errors
it
>> usually is because the update service on their machine is either
> broken
>> or somehow disabled.
>>
>> Michael Stanclift
>> Network Analyst
>> Rockhurst University
>>
>> http://help.rockhurst.edu
>> (816) 501-4231
>> ________________________________________
>> From: Cisco Clean Access Users and Administrators
>> [[log in to unmask]] On Behalf Of Mike Diggins
>> [[log in to unmask]]
>> Sent: Saturday, April 04, 2009 1:27 PM
>> To: [log in to unmask]
>> Subject: Windows Update Services Requirement
>>
>> I'm testing the Windows Update Service in place of the Cisco checks
> for
>> Windows patches. I created a new requirement for this (using the
>> Microsoft update servers, and the Updates to be installed set to
>> Critical.
>>
>>        Enforce Type: Mandatory
>>        Priority: 3
>>        Remediation Type: Manual, Interval 0, Retry Count 0
>>        Windows Updates Validation by Severity
>>        Windows Updates to be Installed: Critical
>>        (Not checked) Upgrade to Latest OS Service Pack
>>        Windows Update Installation Sources: Microsoft Servers
>>        Installation Wizard Interface: Show UI
>>        Requirement Name: Windows Update Services
>>        Description:Critical Windows Updates are missing from your
>>                    computer. Click on the Update button to launch
>> Windows
>>                    Update.
>>
>>        Operating System: Windows XP (ALL), Windows Vista (All)
>>
>> Most users appear to be passing the check successfully. However,
> several
>> are not, and when I look at their report, it shows the following:
>>
>>   3. Windows Update Services (Mandatory)
>>           * Passed Checks:
>>           * Failed Checks:
>>           * Not executed Checks:
>>           * Description:
>>
>> Nothing under the failed checks, yet they're failing the check!? Some
>> other failed reports do show the missing patches. I don't have access
> to
>> the clients today, so I'm wondering what this failure status means?
>>
>> -Mike
>>
>
>
>             _________________________________________
>
> Mike Diggins       			Voice:  905.525.9140 Ext. 27471
> Network Analyst, Enterprise Networks    FAX:    905.522.0511
> University Technology Services 		E-Mail:
[log in to unmask]
> McMaster University, Hamilton, Ontario
>


             _________________________________________

Mike Diggins       			Voice:  905.525.9140 Ext. 27471
Network Analyst, Enterprise Networks    FAX:    905.522.0511
University Technology Services 		E-Mail: [log in to unmask]
McMaster University, Hamilton, Ontario

ATOM RSS1 RSS2