On Tue, Mar 12, 2013 at 7:39 AM, David Lum <david....@nwea.org> wrote: > Scenario: > > · 550 Windows workstations, with 100+ of them remote. > > · Active Directory (W2K8R2 and W2K3 DCs). > > · Windows 7 and Windows XP. > > · Users are local admins. > > · Some remote users VPN in daily, others only VPN in once/month, a > few others almost never > > · 30+ onsite users frequently jump between wired and wireless (in my > experience this occasionally trips up DNS and thus management agents for a > bit) > > · Systems are cycled out at the rate of about 30 machines every > quarter (relevant because finding a noncompliant machine often means knows > if a system has been decommissioned or not). Systems are not always > immediately removed from AD for various reasons. > > > > Task: Keep them up to date on anti-virus and patches, incl. 3rd party > (Java/Adobe/Chrome/etc.). This includes coordinating (with select users) > installing/testing the patches on their systems before full rollout to the > rest of the org. > > > > Is this enough info to give a SWAG for how many hours/week you would you > tell management this would take? A rough number works. > > David Lum > Sr. Systems Engineer // NWEATM > Office 503.548.5229 // Cell (voice/text) 503.267.9764
The remotes are the ones that are going to kill you. Travel time will eat up a lot of your days, because if they don't VPN in regularly, they'll fall out of date far too fast for you to keep up - witness the recent spate of Java and Adobe patches just this month - that's not going to get better any time soon.. A WSUS installation on a public IP address can mitigate a lot of that, but not all of it. Any chance of getting Win7/8 Enterprise into the hands of the remote users? DirectAccess is a powerful tool. Really, it all depends on the tools available and the policies in place and how they are enforced, and I would have to know more about those before I could make any kind of commitment Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
