Patch/program rollout utility

greenfreak

New Member
We're looking at purchasing this product at work:

http://www.gfisoftware.com/lannetscan/

We have all of our users on a Citrix server environment and none have internet access locally on their pc's. So we can't run Windows Update to get the necessary patches. This utility will scan all the pc's and Wyse terminals on a range of IP's and give tons of info including which patches are installed. I can schedule to launch the patches whenever I want to either run in the background (the most recent ms03-039 patch took 7-10 seconds) or to notify the user with a customized message and it will reboot the pc when it's done.

We spent so much time patching and removing worms in the past month, we found a better solution. It's definitely worth the money for us, and I'm going to be handling the purchase, setup and maintenance on it if it gets approved. This is going to save me so much time and heartache! :dance:
 

greenfreak

New Member
Yup, we are. I haven't really made up my mind about them. So many of our users don't need more than that kind of terminal, and it would be a waste of money and effort to give them a computer.

But they're built like crap and are constantly being repaired. Once the service contract is up in a year, we're going to be screwed.
 

Mirlyn

rebmeM
GF, ever tried running a SUS server?

http://www.microsoft.com/downloads/...E4-6E41-4F54-972C-AE66A4E4BF6C&displaylang=en

I was looking into that for the labs and offices, but we run strictly linux servers. No server platforms on Windows (requires a Win-server to run). Wonder if it'd work in your situation?

I've played with MS's Baseline Security Analyzer, but it doesn't look as powerful as that. It does the basic test for open shares, password integrity, and open servers as well as some known exploits/patches. Not sure how comprehensive it is for the critical updates available.
 

greenfreak

New Member
I'm looking at the white papers for that now. Looks like it depends on the Automatic Update feature in 2000 and can't do 95/98 updates. Since we don't have dedicated internet access from our user's local desktops, we can't use automatic update. There is a section where they say you can deploy it on non-internet enabled sites but that it would require connecting to a dedicated server on the site. With 50 sites, that's just not possible.

I'm still going to look into it though, there might be other options.

I was looking to push out antivirus updates using the GFI program but I don't know if my networking guys are going to go for that; they're worried about the impact on bandwith.
 

Mirlyn

rebmeM
Ah, I forgot you've still got 95 to support. Do you link up the sites? It looks like you use the auto-update feature (which I think you can download for 98, not sure about 95) to go to your SUS server, wherever it may be (on/offsite). Might be able to mirror from mirrors, or something.

It looks like it might be more work than that program has to offer in your situation. ;)
 

greenfreak

New Member
I have to ask myself this question... Is it better to spend more time investigating and setting this up to save my company money? Or is it better to spend less time and make them pay?

Two years ago I might have said yes to the first. I'm jaded enough now to say yes to the second. Make 'em pay, that's what I say. :p
 

Mirlyn

rebmeM
greenfreak said:
Two years ago I might have said yes to the first. I'm jaded enough now to say yes to the second. Make 'em pay, that's what I say. :p
Hey, thats what you're paid for. To make decisions. :p
 
Top