Some key items to remember is that testing of the patch must be done in a separate environment from production.
The test system must be at the same level as production. Production data must not be used in testing There must be a proper segregation of duites between those who test and those who move into production. Chris G. Dalton C.P.A. Corporate Audit Services Capital One Financial 1-504-533-6419 phone 1-504-533-2355 fax >>> "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <[EMAIL PROTECTED]> >>> 05/08/06 4:44 PM >>> I'm a fan of Shavlik.... not only from the standpoint of their product..but their 'community help' posture as well. They run the patchmanagement.org listserve that discusses patch management platforms and patching issues. (Check out www.patchmanagement.org) Honestly.. it's the process of change management that is the hard part, I think..the testing and the approval process. No matter what patch tool you chose will have it's nuances that you get used to. Why do I like Shavlik? Because it just shows me the patches I need in a nice format unlike WSUS which has a confusing UI. Because it works. Because it has additional features like 'reboot before patching', Office local install source, and will patch things beyond MS in my network. Jim Stagg wrote: >On this topic, I'd love to hear from some of the non-WSUS Microsoft server >folks are doing. I've heard a lot about BigFix, Patchlink, St. Bernard, SMS, >GFI et al. Has anyone found a product that works reliably? > > >-- >Jim Stagg, Systems Administrator > > > > >>-----Original Message----- >>From: Renee Peters [mailto:[EMAIL PROTECTED] >>Sent: Monday, May 08, 2006 10:41 AM >>To: [EMAIL PROTECTED]; [email protected] >>Subject: RE: Patch Management on Critical Servers (Healthcare) >> >>Last year, our college campus was hit with an unclassified >>virus. After the hours it took to manually run around and >>patch 1000+ computers, our upper management finally approved >>a WSUS server. Knock on wood, it has run beautifully, and >>keeps our desktops and servers patched. As far as actually >>getting the updates applied and rebooting, we have standard >>times posted that the server may be unavailable due to >>routine maintenance. After last year's scare, everybody >>seems to be OK with this slight inconvience. We aren't >>regulated as much as the healthcare field, but do still have >>standards to meet for state and federal funding. As long as >>the president of the college supports our practices, we don't >>have much to worry about. >> >>Renee >>Network Manager >> >> >>-----Original Message----- >>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >>Sent: Monday, May 08, 2006 8:02 AM >>To: [email protected] >>Subject: Patch Management on Critical Servers (Healthcare) >> >>Hello >> >> >> >> >> >>I'm just curious to hear how people in the field have been >>handling patch management with critical servers. Have you >>setup maintenance windows? If, so how did you manage the down >>time? What have people been doing if the device or server has >>an approved FDA configuration? Are you using thing like WSUS? >> >> >> >> >> >>Thanks, >> >> >>Matthew >> >>Security Engineer >> >> >>-------------------------------------------------------------- >>---------- >>--- >>-------------------------------------------------------------- >>---------- >>--- >> >> >>-------------------------------------------------------------- >>------------- >>-------------------------------------------------------------- >>------------- >> >> >> >> * Letting your vendors set your risk analysis these days? http://www.threatcode.com --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
