Thanks, that's good to know.
-Mike
On Tue, 7 Apr 2009, Prem Ananthakrishnan (prananth) wrote:
> Mike,
>
> My understanding is that you need the stub installed both to check as
> well as update against WSUS. Please note that we will be eliminating the
> additional stub requirement for non-admins in an upcoming NAC release.
>
> -Prem
>
>
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators
> [mailto:[log in to unmask]] On Behalf Of Mike Diggins
> Sent: Monday, April 06, 2009 12:22 PM
> To: [log in to unmask]
> Subject: Re: Windows Update Services Requirement
>
> I'm not. I thought that was just to allow the Agent to update? Does it
> allow non-administrator accounts to login using the WUA method as well?
>
> -Mike
>
> On Mon, 6 Apr 2009, Prem Ananthakrishnan (prananth) wrote:
>
>> Hi Mike,
>>
>> Are you using the agent stub? You will need the agent stub for the
> WSUS
>> to work
>>
>> -Prem
>>
>> -----Original Message-----
>> From: Cisco Clean Access Users and Administrators
>> [mailto:[log in to unmask]] On Behalf Of Mike Diggins
>> Sent: Monday, April 06, 2009 9:32 AM
>> To: [log in to unmask]
>> Subject: Re: Windows Update Services Requirement
>>
>> I discovered the source of at least some of the failed logins. You
> can't
>>
>> run WUA if you're not an Administrator of that machine, and we have
>> several (that I know about), that do just that.
>>
>> Considering that Best Practise is not to run as an Administrator, is
>> there
>> any work around to this, short of exempting it from the checks?
>>
>> -Mike
>>
>>
>> On Sun, 5 Apr 2009, Atif Azim (atif) wrote:
>>
>>> Mike D,
>>>
>>> Mike S is correct in that this typically happens when the update
>> service
>>> on that machine is broken, however to ascertain this you should take
> a
>>> look at the agent logs.
>>>
>>> When you do have access to the clients, can you look at the agent
> logs
>>> and see if there is any information there. In order to set the
>> loglevel
>>> to debug, please refer to the following link:
>>>
>>
> http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/45/
>>> 45rn.html#wp607061
>>>
>>> Please send the agent log to myself and I can have one of our
>> technical
>>> folks take a look and get back to you. Alternatively you can also
>>> forward the logs to TAC and they will follow up with you.
>>>
>>> Regards,
>>> Atif
>>>
>>> -----Original Message-----
>>> From: Cisco Clean Access Users and Administrators
>>> [mailto:[log in to unmask]] On Behalf Of Stanclift,
>> Michael
>>> Sent: Saturday, April 04, 2009 11:22 PM
>>> To: [log in to unmask]
>>> Subject: Re: Windows Update Services Requirement
>>>
>>> We run our checks like this as well, when students get those errors
> it
>>> usually is because the update service on their machine is either
>> broken
>>> or somehow disabled.
>>>
>>> Michael Stanclift
>>> Network Analyst
>>> Rockhurst University
>>>
>>> http://help.rockhurst.edu
>>> (816) 501-4231
>>> ________________________________________
>>> From: Cisco Clean Access Users and Administrators
>>> [[log in to unmask]] On Behalf Of Mike Diggins
>>> [[log in to unmask]]
>>> Sent: Saturday, April 04, 2009 1:27 PM
>>> To: [log in to unmask]
>>> Subject: Windows Update Services Requirement
>>>
>>> I'm testing the Windows Update Service in place of the Cisco checks
>> for
>>> Windows patches. I created a new requirement for this (using the
>>> Microsoft update servers, and the Updates to be installed set to
>>> Critical.
>>>
>>> Enforce Type: Mandatory
>>> Priority: 3
>>> Remediation Type: Manual, Interval 0, Retry Count 0
>>> Windows Updates Validation by Severity
>>> Windows Updates to be Installed: Critical
>>> (Not checked) Upgrade to Latest OS Service Pack
>>> Windows Update Installation Sources: Microsoft Servers
>>> Installation Wizard Interface: Show UI
>>> Requirement Name: Windows Update Services
>>> Description:Critical Windows Updates are missing from your
>>> computer. Click on the Update button to launch
>>> Windows
>>> Update.
>>>
>>> Operating System: Windows XP (ALL), Windows Vista (All)
>>>
>>> Most users appear to be passing the check successfully. However,
>> several
>>> are not, and when I look at their report, it shows the following:
>>>
>>> 3. Windows Update Services (Mandatory)
>>> * Passed Checks:
>>> * Failed Checks:
>>> * Not executed Checks:
>>> * Description:
>>>
>>> Nothing under the failed checks, yet they're failing the check!? Some
>>> other failed reports do show the missing patches. I don't have access
>> to
>>> the clients today, so I'm wondering what this failure status means?
>>>
>>> -Mike
>>>
>>
>>
>> _________________________________________
>>
>> Mike Diggins Voice: 905.525.9140 Ext. 27471
>> Network Analyst, Enterprise Networks FAX: 905.522.0511
>> University Technology Services E-Mail:
> [log in to unmask]
>> McMaster University, Hamilton, Ontario
>>
>
>
> _________________________________________
>
> Mike Diggins Voice: 905.525.9140 Ext. 27471
> Network Analyst, Enterprise Networks FAX: 905.522.0511
> University Technology Services E-Mail: [log in to unmask]
> McMaster University, Hamilton, Ontario
>
_________________________________________
Mike Diggins Voice: 905.525.9140 Ext. 27471
Network Analyst, Enterprise Networks FAX: 905.522.0511
University Technology Services E-Mail: [log in to unmask]
McMaster University, Hamilton, Ontario
|