Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How to: Block Service Pack 2 4
- Thread starter bcastner
- Start date
- Status
Netbum,
I believe that we did it through DNS on our firewall. I can ask if you really need it.
Beware though, the way we had to do it blocks ALL Windows updates and downloads from microsoft's website.
Internally we use a patch management system call Shavlik to control our critical updates on Windows machines so this blocking will work for us.
Unfortunately, this causes a security risk for our field networks because we do not have a patch management solution setup for them, so they are left with unable to update any critical patches unless we provide them through an alternative access point.
This is what we are trying to implement:
Leaving the DNS Firewall blockade and then sending out the BlockXPSP2.exe to our field users that access the Internet from their own ISP and then we will just be dealing with the virus flare ups on our office networks until we can get our 3rd party applications patched for Windows XPSP2. Additionally we will have to send out other critical updates via email or other notification methods because of this scenario, but it's the only way when you don't own the outside user's computers.
It's ugly, but it will work. We are dealing with 4000 field computers some on a frame-relay network protected by our firewall and some working from their private or home offices with their own ISP so we had to come up with this resolution.
I believe that we did it through DNS on our firewall. I can ask if you really need it.
Beware though, the way we had to do it blocks ALL Windows updates and downloads from microsoft's website.
Internally we use a patch management system call Shavlik to control our critical updates on Windows machines so this blocking will work for us.
Unfortunately, this causes a security risk for our field networks because we do not have a patch management solution setup for them, so they are left with unable to update any critical patches unless we provide them through an alternative access point.
This is what we are trying to implement:
Leaving the DNS Firewall blockade and then sending out the BlockXPSP2.exe to our field users that access the Internet from their own ISP and then we will just be dealing with the virus flare ups on our office networks until we can get our 3rd party applications patched for Windows XPSP2. Additionally we will have to send out other critical updates via email or other notification methods because of this scenario, but it's the only way when you don't own the outside user's computers.
It's ugly, but it will work. We are dealing with 4000 field computers some on a frame-relay network protected by our firewall and some working from their private or home offices with their own ISP so we had to come up with this resolution.
Thanks for the response cwyman,
Yes if you could find out how it was done that would be great. We are a schools system and want to use suse to deploy the update in a controlled way.
Unfortunatly the majority of our workstations are unavailable at the schools and will not be ready till after the deadline from Microsoft.
Thanks Again,
Yes if you could find out how it was done that would be great. We are a schools system and want to use suse to deploy the update in a controlled way.
Unfortunatly the majority of our workstations are unavailable at the schools and will not be ready till after the deadline from Microsoft.
Thanks Again,
- Status
