Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Win2k3 patches

Status
Not open for further replies.
bentley45

bentley45

MIS
Jul 15, 2004
120
US
I am way behind on patching my servers due to many reasons. I was hoping to go to sp2 soon enough that it would get them up to date. However, some of the 3rd party software we run is not compatible with sp2 and may never be.

Therefore, I need a plan to safely patch these servers. We have a WSUS server that we only use to patch desktops. I have a very locked down environment and allow no access to 99% my servers from the outside. Is WSUS a good way to patch servers or is there a better solution besides creating a batch file to install them all?
 
Sort by date Sort by votes
That's what WSUS is designed for we use it for all of our servers. It seems odd that the software will run on SP1 but not on SP2 as this update doesn't make nearly as many system changes as SP1, i would be pushing the software house as MS won't be supporting SP1 forever.
 
Upvote 0 Downvote
I don't think they had even heard of sp2 until I asked about their compatibility, so I am afraid I am out of luck.
Thanks for your response.
 
Upvote 0 Downvote
Well you wont be the only user of this 3rd party software, so im sure they must have plans to make it compaitable.
Very strange they didnt even hear about it though!
 
Upvote 0 Downvote
SP2 is pretty new still, and there are a fair number of applications that don't work quite the same. For example, McAfee ePO 3.60 won't work with SP2. You had to upgrade to 3.61, but they didn't announce that for awhile after the SP2 release and many of us found out the hard way.

The other possibility is that the vendor simply hasn't tested with it yet, and so they won't support it on SP2. This is pretty common in some specialized fields. At the hospital where I used to work it would usually take several months after a service pack was released before the vendor would certify their products as compatible. Up until that point, you could install the service pack but they wouldn't support your application. We had one PACS system (radiology imaging workstation) that sat on Windows XP SP1 until almost a year and a half after SP2 was released because the vendor only released one major upgrade a year (in late October/early November) and the feature set for the upgrade was locked in 9-10 months earlier.

At any rate, I digress. WSUS works just fine for patching servers. Everywhere I've worked used it, but they usually had a different set of WSUS servers for the servers or kept the servers in a different group. That way they could control the server patching separately.

One last tidbit, even if the majority of your servers aren't available from the "outside", some of them undoubtedly are. And if one of them that is available from the outside becomes compromised, all of your internal servers could potentially be vulnerable. Not only that, they would be vulnerable to anything that comes from a user's workstation, a visitor's laptop, or anything else on your internal network that may not be properly secured.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

topdabadawg
  • Locked
  • Question
Issues with June Patches
Replies
1
Views
48
technome
technome
terrassa5
  • Locked
  • Question
Some Windows XP appear in WSUS as they need patches, but they don't get them
Replies
1
Views
60
terrassa5
terrassa5
city100
  • Locked
  • Question
Vulnerability Assessment Procedure - Patches 1
Replies
3
Views
46
baddos
baddos
ehunt32
  • Locked
  • Question
How to Uninstall RAS Win2k3 64bit ?
Replies
0
Views
45
ehunt32
ehunt32
Mwinn
  • Locked
  • Question
Win2K3 Standard R2 to Enterprise
Replies
4
Views
58
Mwinn
Mwinn

Part and Inventory Search

Sponsor

Back
Top