Employees who rarely connect to the Internal LAN are another challenge. These laptops are company property, but management options are limited because they’re rarely on the network. To ensure these computers get patched, many users are forced to the Microsoft public update Web site. There, they’ll get every patch Microsoft deems appropriate.
As you can imagine, there are multiple issues with this approach. Most of us want to determine which patches are installed. We want to test and approve patches so we can weed out those we know cause problems. We also need reports on patching success, to prevent an unpatched computer from infecting our network.
One way to accomplish this (and achieve 100 percent compliance overnight) is with an Internet-facing WSUS server. This type of server can address your patch-management needs for users who are rarely in the office. Internet-facing WSUS servers typically don’t contain actual update data. Instead, they point clients to Windows Update for the update content.
This lets you control which patches you deploy while offloading the patch distribution responsibility to Microsoft servers. These servers also tend to be hardened against inappropriate users through the use of SSL certificates and a separate database server.
As you can imagine, there are multiple issues with this approach. Most of us want to determine which patches are installed. We want to test and approve patches so we can weed out those we know cause problems. We also need reports on patching success, to prevent an unpatched computer from infecting our network.
One way to accomplish this (and achieve 100 percent compliance overnight) is with an Internet-facing WSUS server. This type of server can address your patch-management needs for users who are rarely in the office. Internet-facing WSUS servers typically don’t contain actual update data. Instead, they point clients to Windows Update for the update content.
This lets you control which patches you deploy while offloading the patch distribution responsibility to Microsoft servers. These servers also tend to be hardened against inappropriate users through the use of SSL certificates and a separate database server.
0 comments:
Post a Comment