[unisog] executable for setting windows updates?

PaulFM paulfm at me.umn.edu
Tue Jun 22 14:32:56 GMT 2004


I hope you are ready to deal with all the problems you may cause.

By forcing people to use your scripts before they can even connect to the 
network, you may become responsible for any problems that may cause
(including those caused by windows update breaking things).  This may be a 
greater support cost than chasing down the viruses of those who don't follow 
instructions.

We just tell people they should wipe there machines if they get a virus (we 
don't let them re-connect until they can assure us they have removed the 
virus) and re-iterate that they should keep the machine up to date and turn 
the built in firewall on (even the little protection it provides is helpful).
Of course - we only run the network in 3 buildings (including wireless).

Also, you should be careful about playing BIG BROTHER - I would object to 
running any scripts on my machine just on the grounds of privacy (do you 
supply a guarantee that the script will not send any private information to 
anyone?).

I think you would be better off to segregate your networks and put in 
firewalls - even if you force people to run scripts that turn things on, they 
can still turn things back off.


Sippel, Jeremy wrote:

> Why not use SUS or WUS (whenever it's released) to localize the traffic?
> A simple .reg file will do the trick to point it to the appropriate
> server(s)...  One can always wrap it in a pretty installer if necessary.
> If you don't want to maintain your own, simply configure as you want to...
> -jjs
> 
> 
>>-----Original Message-----
>>From: Matt Ashfield (UNB) [mailto:mda at unb.ca]
>>Sent: Monday, June 21, 2004 12:23 PM
>>To: UNIversity Security Operations Group
>>Subject: [unisog] executable for setting windows updates?
>>
>>
>>Hi
>>
>>We are looking into developing a program that would setup a
>>Windows computer to be configured to automatically download
>>and install patches via windows update.
>>
>>The thinking here is that as students arrive this fall for
>>classes with their own computers, we'd like them to have to
>>run this program as part of the process of registering their
>>computer on the network.
>>
>>Is anyone else out there doing such a thing? Care to share
>>your approach?
>>
>>Just thought i'd check here first!
>>
>>Thanks
>>
>>Matthew Ashfield
>>Network Analyst
>>Integrated Technology Services
>>University of New Brunswick
>>(506) 447-3033
>>
>>_______________________________________________
>>unisog mailing list
>>unisog at lists.sans.org http://www.dshield.org/mailman/listinfo/unisog
>>
>>
>>
>>------------------------------------------------------------------------
>>
>>_______________________________________________
>>unisog mailing list
>>unisog at lists.sans.org
>>http://www.dshield.org/mailman/listinfo/unisog

-- 
The views and opinions expressed above are strictly
those of the author(s).  The content of this message has
not been reviewed nor approved by any entity whatsoever.
---------------------------------------------------------------------
Paul F. Markfort               Email: paulfm at me.umn.edu
- SysAdmin -                   (Information Technology Professional)
MEnet, Rm# 152
Mechanical Engineering         Web: http://www.menet.umn.edu/~paulfm
University of Minnesota         Main Phone: (612) 626-9800 (No VM)
111 Church Street                Alt Phone: (612) 625-1916 (No VM)
Minneapolis, MN 55455-0150      Home Phone: (651) 774-2136
---------------------------------------------------------------------



More information about the unisog mailing list