That AD mumbo jumbo you blow off so blithely is HOW you get clients to use WSUS instead of whichever random IP Microsoft is pointing at today for updates. It requires Group Policy settings, and unless you want to force all your customers to make their machines part of an AD domain, which most can't join even if they were willing since they're running consumer machines with XP Home on them, you can't force them to use your local server. Jamie Bowden -- "It was half way to Rivendell when the drugs began to take hold" Hunter S Tolkien "Fear and Loathing in Barad Dur" Iain Bowen <alaric@alaric.org.uk> -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Jeroen Massar Sent: Thursday, June 14, 2007 3:14 PM To: Patrick W. Gilmore Cc: nanog@nanog.org Subject: Re: FBI tells the public to call their ISP for help Patrick W. Gilmore wrote: [.]]
That said, the majority of compromised computers do run some flavor of Redmond-Ware. (One can argue about the underlying cause - market share, quality of software, virus writer's preference, whatever - but the fact still stands that most compromised computers run Windows.) So getting a "windows update sandbox" would be very useful.
You want to have a look at: http://technet.microsoft.com/en-us/wsus/ 8<---------------------------------------------------------------- Microsoft Windows Server Update Services Microsoft Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates to computers running the Windows operating system. By using WSUS, administrators can fully manage the distribution of updates that are released through Microsoft Update to computers in their network. ----------------------------------------------------------------->8 Which is used in large organizations to deploy patches with ease. Requires some AD mumbojumbo of course. Really the information is out there, google knows, so can you :) Greets, Jeroen