Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Ian Webb (iwebb_at_carolina.rr.com)
Date: Sat Aug 10 2002 - 10:32:24 CDT
I'm going to second the earlier recommendation of Shavlik's HFNetChkPro.
I recently purchased it for the network I admin (~50 users) and even at
that size, it's much better than manual updates or SUS / Windows Update.
It does real hotfix verification, not just registry checks, and it
doesn't send any information to Microsoft. It just downloads some XML
documents from MS, and then downloads the necessary patches. It's not
free, but I think the cost is definitely worth it. It's really the best
tool for the job.
From: Tosh, Michael J (N-Joule) [mailto:michael.j.toshlmco.com]
Sent: Thursday, August 08, 2002 2:05 PM
To: 'Igor' Spivak'; focus-mssecurityfocus.com
Subject: RE: Another SUS / Autoupdate question
The hope is to not have any PC's raise red flags at MS. We own licenses
all installations of our operating systems, and then some, but to ease
work load, we installed w2k on one machine and just made 1600 copies of
So we have 1600 pc's that have the same Product ID on them. I have
recent stories of people getting locked out of XP due to fake product
after visiting windows update, and if we get 1599 locked pcs, or worse,
MS audit, that will costs hundreds of thousands in man-hours to prove
ownership of that many licenses. If an SUS works exactly as the
Windowsupdate.microsoft.com site, then it is not what we are looking
And manual installation of an update to 1600 pcs is also too time
That is the main reason for using the auto update feature.
From: Igor' Spivak [mailto:urbanachieverattbi.com]
Sent: Thursday, August 08, 2002 12:28 PM
To: focus-mssecurityfocus.com; Tosh, Michael J (N-Joule)
Subject: Re: Another SUS / Autoupdate question
> Has any set up an MS Software Update Service server on their network?
> not want any Product ID information to be accessible to ANYONE outside
> organization, including MS. If anyone has the SUS running, does it
> the Product ID, Product version, Plug-and-play information, and IE
> of each computer that connects to it to one of the MS servers?
AFAIK no, the SUS server doesn't seem to log any specific information of
kind about the clients that use it. Also SUS server doesn't seem to log
just a uniquely generated ID number of the client and various status
on update success, etc.
My plan is
> to maybe point this SUS Server to itself for auto updates, give it no
> gateway address so it can only work inside our organization, and
> move any updates over to it from another PC on our LAN.
you could do that by manually coping the windows update catalog and all
patches from the MS Download sites, but that is a chore. By default SUS
server synchronizes with windows update and downloads the catalog and
updates either on admin specified schedule, or by the admin manually
Alternatively, you could use SMS to push updates. My question is, what
you hoping to accomplish by manually synchronizing the SUS server?