RE: [ActiveDir] SUS Feedback...
We use SUS. It works very effectively for us. We set up the client configuration to install and reboot. The client services connects and checks for updates. Go to a website and approve. The client usually gets updated in 24hours. Some things I wish were better. 1) Reporting needs to be better. Sure I can use the IIS logs to view it...but a simple % complete etc would be nice. 2) Setting up SUS zones for different client updates. Servers may get different patches than the workstations. Or they do not get them at the same time. So We have setup multiple SUS servers to have different approved updates. 3) It would be nice to be able to group SUS clients together and send patches. (Push) 4) Alas Service Packs. We use GPOs. You could use SMS. But that sure would be nice to do it in a single interface. -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 12:12 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] SUS Feedback... Is anyone out there running Software Update Service? I want to gage what the general opinion of the service is. I personally think that there probably needs to be two approaches when it comes to a service like this. One is a pull service based on GPO agent configuration, the other is a push service based on a need to force workstation updates on down-level clients, and those that seem to ride outside the SUS zone. Any comments? Thanks, Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS Feedback...
I think SUS is great for what it does... in my environment I don't need NT4 or Win9x support. I do need non-domain workstation and server support, so I developed a few scripts that set the appropriate registry entries to make that work. I push the scripts and SUS pulls the patches. I'll be happy when it's better integrated with Office, SQL, etc. etc. etc. The feature set of SUS 2.0 should be nice. For environments that need to support the push model, Update Expert (St. Bernard) and HFNetChk Pro (Shavlik) both work well. I have them deployed at several clients. And, of course, SMS for you large environment (and large IT staff) guys/gals. -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 1:12 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] SUS Feedback... Is anyone out there running Software Update Service? I want to gage what the general opinion of the service is. I personally think that there probably needs to be two approaches when it comes to a service like this. One is a pull service based on GPO agent configuration, the other is a push service based on a need to force workstation updates on down-level clients, and those that seem to ride outside the SUS zone. Any comments? Thanks, Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS Feedback...
You have both of those if you use SMS with the SUS Feature Pack. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Tuesday, September 09, 2003 1:12 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] SUS Feedback... Is anyone out there running Software Update Service? I want to gage what the general opinion of the service is. I personally think that there probably needs to be two approaches when it comes to a service like this. One is a pull service based on GPO agent configuration, the other is a push service based on a need to force workstation updates on down-level clients, and those that seem to ride outside the SUS zone. Any comments? Thanks, Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS Feedback...
We use SUS too, with great success. I would like to see some of the features Edward mentioned. For #2 we have multiple OUs and one server, which seems to do the trick for now. As far as #4, they say in SUS version 2, Service Packs will be an option. One way to push patches is to use HFNetCheck Pro by Shavlik. It can be a costly tool, but is one of the best tools out there to push patches in a controlled environment (by subnet, by OU, etc). Version 4 is really slick. Chris - Christopher England Server Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University -Original Message- From: Parker, Edward [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 12:27 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS Feedback... We use SUS. It works very effectively for us. We set up the client configuration to install and reboot. The client services connects and checks for updates. Go to a website and approve. The client usually gets updated in 24hours. Some things I wish were better. 1) Reporting needs to be better. Sure I can use the IIS logs to view it...but a simple % complete etc would be nice. 2) Setting up SUS zones for different client updates. Servers may get different patches than the workstations. Or they do not get them at the same time. So We have setup multiple SUS servers to have different approved updates. 3) It would be nice to be able to group SUS clients together and send patches. (Push) 4) Alas Service Packs. We use GPOs. You could use SMS. But that sure would be nice to do it in a single interface. -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 12:12 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] SUS Feedback... Is anyone out there running Software Update Service? I want to gage what the general opinion of the service is. I personally think that there probably needs to be two approaches when it comes to a service like this. One is a pull service based on GPO agent configuration, the other is a push service based on a need to force workstation updates on down-level clients, and those that seem to ride outside the SUS zone. Any comments? Thanks, Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ smime.p7s Description: S/MIME cryptographic signature
RE: [ActiveDir] SUS Feedback... Resend
Resent without my signed cert. Sorry. We use SUS too, with great success. I would like to see some of the features Edward mentioned. For #2 we have multiple OUs and one server, which seems to do the trick for now. As far as #4, they say in SUS version 2, Service Packs will be an option. One way to push patches is to use HFNetCheck Pro by Shavlik. It can be a costly tool, but is one of the best tools out there to push patches in a controlled environment (by subnet, by OU, etc). Version 4 is really slick. Chris - Christopher England Server Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University -Original Message- From: Parker, Edward [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 12:27 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS Feedback... We use SUS. It works very effectively for us. We set up the client configuration to install and reboot. The client services connects and checks for updates. Go to a website and approve. The client usually gets updated in 24hours. Some things I wish were better. 1) Reporting needs to be better. Sure I can use the IIS logs to view it...but a simple % complete etc would be nice. 2) Setting up SUS zones for different client updates. Servers may get different patches than the workstations. Or they do not get them at the same time. So We have setup multiple SUS servers to have different approved updates. 3) It would be nice to be able to group SUS clients together and send patches. (Push) 4) Alas Service Packs. We use GPOs. You could use SMS. But that sure would be nice to do it in a single interface. -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 12:12 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] SUS Feedback... Is anyone out there running Software Update Service? I want to gage what the general opinion of the service is. I personally think that there probably needs to be two approaches when it comes to a service like this. One is a pull service based on GPO agent configuration, the other is a push service based on a need to force workstation updates on down-level clients, and those that seem to ride outside the SUS zone. Any comments? Thanks, Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS Feedback...
For the reporting, use the SUS reporting tool. http://www.susserver.com/Software/SUSreporting/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Parker, Edward Sent: Tuesday, September 09, 2003 1:27 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS Feedback... We use SUS. It works very effectively for us. We set up the client configuration to install and reboot. The client services connects and checks for updates. Go to a website and approve. The client usually gets updated in 24hours. Some things I wish were better. 1) Reporting needs to be better. Sure I can use the IIS logs to view it...but a simple % complete etc would be nice. 2) Setting up SUS zones for different client updates. Servers may get different patches than the workstations. Or they do not get them at the same time. So We have setup multiple SUS servers to have different approved updates. 3) It would be nice to be able to group SUS clients together and send patches. (Push) 4) Alas Service Packs. We use GPOs. You could use SMS. But that sure would be nice to do it in a single interface. -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 12:12 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] SUS Feedback... Is anyone out there running Software Update Service? I want to gage what the general opinion of the service is. I personally think that there probably needs to be two approaches when it comes to a service like this. One is a pull service based on GPO agent configuration, the other is a push service based on a need to force workstation updates on down-level clients, and those that seem to ride outside the SUS zone. Any comments? Thanks, Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS Feedback...
Yes. As I said we use the IIS logsbut they are really bad. The whole reporting mechanism needs to be much better. -Original Message- From: Rod Trent [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 12:34 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS Feedback... For the reporting, use the SUS reporting tool. http://www.susserver.com/Software/SUSreporting/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Parker, Edward Sent: Tuesday, September 09, 2003 1:27 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS Feedback... We use SUS. It works very effectively for us. We set up the client configuration to install and reboot. The client services connects and checks for updates. Go to a website and approve. The client usually gets updated in 24hours. Some things I wish were better. 1) Reporting needs to be better. Sure I can use the IIS logs to view it...but a simple % complete etc would be nice. 2) Setting up SUS zones for different client updates. Servers may get different patches than the workstations. Or they do not get them at the same time. So We have setup multiple SUS servers to have different approved updates. 3) It would be nice to be able to group SUS clients together and send patches. (Push) 4) Alas Service Packs. We use GPOs. You could use SMS. But that sure would be nice to do it in a single interface. -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 12:12 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] SUS Feedback... Is anyone out there running Software Update Service? I want to gage what the general opinion of the service is. I personally think that there probably needs to be two approaches when it comes to a service like this. One is a pull service based on GPO agent configuration, the other is a push service based on a need to force workstation updates on down-level clients, and those that seem to ride outside the SUS zone. Any comments? Thanks, Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS Feedback...
Title: RE: [ActiveDir] SUS Feedback... We also use SUS with great results. I'm looking forward to using SUS 2.0 with support for other apps, especially Office. Another new feature in SUS 2.0 is deadline installs. So you assign an update and the user has until a certain time to install it. If not done by that time it installs automatically. Mike -Original Message- From: Michael B. Smith [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 09, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS Feedback... I think SUS is great for what it does... in my environment I don't need NT4 or Win9x support. I do need non-domain workstation and server support, so I developed a few scripts that set the appropriate registry entries to make that work. I push the scripts and SUS pulls the patches. I'll be happy when it's better integrated with Office, SQL, etc. etc. etc. The feature set of SUS 2.0 should be nice. For environments that need to support the push model, Update Expert (St. Bernard) and HFNetChk Pro (Shavlik) both work well. I have them deployed at several clients. And, of course, SMS for you large environment (and large IT staff) guys/gals. -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 09, 2003 1:12 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] SUS Feedback... Is anyone out there running Software Update Service? I want to gage what the general opinion of the service is. I personally think that there probably needs to be two approaches when it comes to a service like this. One is a pull service based on GPO agent configuration, the other is a push service based on a need to force workstation updates on down-level clients, and those that seem to ride outside the SUS zone. Any comments? Thanks, Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS Feedback...
Title: Message Do you have a link on SUS 2.0 info? -Original Message-From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 1:26 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] SUS Feedback... We also use SUS with great results. I'm looking forward to using SUS 2.0 with support for other apps, especially Office. Another new feature in SUS 2.0 is deadline installs. So you assign an update and the user has until a certain time to install it. If not done by that time it installs automatically. Mike -Original Message- From: Michael B. Smith [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 09, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS Feedback... I think SUS is great for what it does... in my environment I don't need NT4 or Win9x support. I do need non-domain workstation and server support, so I developed a few scripts that set the appropriate registry entries to make that work. I push the scripts and SUS pulls the patches. I'll be happy when it's better integrated with Office, SQL, etc. etc. etc. The feature set of SUS 2.0 should be nice. For environments that need to support the push model, Update Expert (St. Bernard) and HFNetChk Pro (Shavlik) both work well. I have them deployed at several clients. And, of course, SMS for you large environment (and large IT staff) guys/gals. -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 09, 2003 1:12 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] SUS Feedback... Is anyone out there running Software Update Service? I want to gage what the general opinion of the service is. I personally think that there probably needs to be two approaches when it comes to a service like this. One is a pull service based on GPO agent configuration, the other is a push service based on a need to force workstation updates on down-level clients, and those that seem to ride outside the SUS zone. Any comments? Thanks, Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS Feedback...
Return Receipt Your RE: [ActiveDir] SUS Feedback... document : was James S. Cate/CONTRACTOR/FIA/CO/GSA/GOV received by: at: 09/09/2003 02:56:30 PM List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS Feedback...
I've been running SUS SP1 for a week or two now - finally got time to implement it. I'd second a lot of the basic limitations of the product - its not perfect, but it does do a good job with the basics. If you're aware of the limits, it's a good way to push the more critical OS layer stuff. The biggest issue I've got is dealing with the automatic reboots - a lot of MS patches (as you know) require restarts to take effect. The decision as to whether or not to force reboot isn't easy, and I wish there was some form of recurring reminder to reboot. In my environment, that can be an issue - I have a heavily laptop oriented client base, so I have to schedule the updates to happen when they're here (I chose Noon), but that's a busy time for people, so forcing a reboot then isn't a great option. Fortunately, most laptops get shut down and taken home at night. My desktops, however, probably won't get rebooted, so that's a problem. And more often than not, the desktops are on the desks of people who are going to cause me pain (development and customer support). I'd like to be able to do some form of filtering (WMI?) for client type and have different settings for different boxes, and I *think* that's on the books for 2.0, but I don't know. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 1:12 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] SUS Feedback... Is anyone out there running Software Update Service? I want to gage what the general opinion of the service is. I personally think that there probably needs to be two approaches when it comes to a service like this. One is a pull service based on GPO agent configuration, the other is a push service based on a need to force workstation updates on down-level clients, and those that seem to ride outside the SUS zone. Any comments? Thanks, Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS Feedback... Resend
http://www.autoprof.com/policy/ Has anyone used this utility with SUS? Thanks, Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS Feedback... Resend
Not sure why you would want to. Just download the .ADM file and use that to configure SUS. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Tuesday, September 09, 2003 3:20 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] SUS Feedback... Resend http://www.autoprof.com/policy/ Has anyone used this utility with SUS? Thanks, Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS Feedback... Resend
I don't see what it buys you? It looks like it has custom ADMs. Just use the ADM that comes with SUS... -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 3:20 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS Feedback... Resend http://www.autoprof.com/policy/ Has anyone used this utility with SUS? Thanks, Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS Feedback...
Title: Message Its still in beta. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Parker, EdwardSent: Tuesday, September 09, 2003 2:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] SUS Feedback... Do you have a link on SUS 2.0 info? -Original Message-From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 1:26 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] SUS Feedback... We also use SUS with great results. I'm looking forward to using SUS 2.0 with support for other apps, especially Office. Another new feature in SUS 2.0 is deadline installs. So you assign an update and the user has until a certain time to install it. If not done by that time it installs automatically. Mike -Original Message- From: Michael B. Smith [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 09, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS Feedback... I think SUS is great for what it does... in my environment I don't need NT4 or Win9x support. I do need non-domain workstation and server support, so I developed a few scripts that set the appropriate registry entries to make that work. I push the scripts and SUS pulls the patches. I'll be happy when it's better integrated with Office, SQL, etc. etc. etc. The feature set of SUS 2.0 should be nice. For environments that need to support the push model, Update Expert (St. Bernard) and HFNetChk Pro (Shavlik) both work well. I have them deployed at several clients. And, of course, SMS for you large environment (and large IT staff) guys/gals. -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 09, 2003 1:12 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] SUS Feedback... Is anyone out there running Software Update Service? I want to gage what the general opinion of the service is. I personally think that there probably needs to be two approaches when it comes to a service like this. One is a pull service based on GPO agent configuration, the other is a push service based on a need to force workstation updates on down-level clients, and those that seem to ride outside the SUS zone. Any comments? Thanks, Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS Feedback...
We also use SUS, and us a GPO to warn our users...In WIN2003 ther are some improvements for the GPO, but it still can be better...Such as giving the user some time to choose to update but if not done...the force it... Now we use SUS and HFnetChk and SMS SUS we use to test the update on our PC's HFNetcheck (for now the lite version) will be used to update and followup our servers + all Administrator PC's SMS + feature pack 1 to implement on our systems...without reboot...off course -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Tuesday, September 09, 2003 7:12 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] SUS Feedback... Is anyone out there running Software Update Service? I want to gage what the general opinion of the service is. I personally think that there probably needs to be two approaches when it comes to a service like this. One is a pull service based on GPO agent configuration, the other is a push service based on a need to force workstation updates on down-level clients, and those that seem to ride outside the SUS zone. Any comments? Thanks, Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ * Dit e-mail bericht inclusief eventuele ingesloten bestanden kan informatie bevatten die vertrouwelijk is en/of beschermd door intellectuele eigendomsrechten. Dit bericht is uitsluitend bestemd voor de geadresseerde(n). Elk gebruik van de informatie vervat in dit bericht (waaronder de volledige of gedeeltelijke reproductie of verspreiding onder elke vorm) door andere personen dan de geadresseerde(n) is verboden. Indien u dit bericht per vergissing heeft ontvangen, gelieve de afzender hiervan te verwittigen en dit bericht te verwijderen. This e-mail and any attachment thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the addressees. Any use of the information contained herein (including but not limited to total or partial reproduction or distribution in any form) by other persons than the addressees is prohibited. If you have received this e-mail in error, please notify the sender and delete its contents. * List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS Feedback...
William, We, too, run SUS with great success - much of the warts have already been mentioned so I won't elaborate. However, we knew that ther was an issue with users not shutting of their systems. What we implemented to resolve this and to insure that updates did get applied - especially in the case of vulns like MS03-07 and MS03-26 - we have a script that will do a rolling 'restart' of systems. Granted, our systems are named in a logical manner for our production seats, but our staff seats are on their own subnet - so we just reboot anything between specific IP ranges - and have it spaced out (by minutes, hours, or days = depending on criticallity) so that the systems don't overload the DCs and SUS systems, oh yeah - and the network g. It's been effective for us for a fair amount of time (10 - 12 mos.) and we are running this in 14 of our remote locations as well as our local campus WAN with 8 buildings. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Lefkovics Sent: Tuesday, September 09, 2003 3:33 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] SUS Feedback... We share the same issues. But we have laptops that have traveled the country or just get taken home each night, but haven't been rebooted in weeks. They just hibernate on battery power til next time they are opened. Essentially, we have chosen to not shut off workstations at days' end. They remain running 24/7. Updates for antivirus, patches for applications or OS all happen after hours for desktops. William - Original Message - From: Roger Seielstad [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 11:59 AM Subject: RE: [ActiveDir] SUS Feedback... I've been running SUS SP1 for a week or two now - finally got time to implement it. I'd second a lot of the basic limitations of the product - its not perfect, but it does do a good job with the basics. If you're aware of the limits, it's a good way to push the more critical OS layer stuff. The biggest issue I've got is dealing with the automatic reboots - a lot of MS patches (as you know) require restarts to take effect. The decision as to whether or not to force reboot isn't easy, and I wish there was some form of recurring reminder to reboot. In my environment, that can be an issue - I have a heavily laptop oriented client base, so I have to schedule the updates to happen when they're here (I chose Noon), but that's a busy time for people, so forcing a reboot then isn't a great option. Fortunately, most laptops get shut down and taken home at night. My desktops, however, probably won't get rebooted, so that's a problem. And more often than not, the desktops are on the desks of people who are going to cause me pain (development and customer support). I'd like to be able to do some form of filtering (WMI?) for client type and have different settings for different boxes, and I *think* that's on the books for 2.0, but I don't know. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 1:12 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] SUS Feedback... Is anyone out there running Software Update Service? I want to gage what the general opinion of the service is. I personally think that there probably needs to be two approaches when it comes to a service like this. One is a pull service based on GPO agent configuration, the other is a push service based on a need to force workstation updates on down-level clients, and those that seem to ride outside the SUS zone. Any comments? Thanks, Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/