Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: WSUS/Reboot

from [Martin Mewes] Network Security [Permanent Link]
Subject: Re: WSUS/Reboot
Date: Mon, 27 Jun 2005 19:20:45 +0200 
Hello,

"Depp, Dennis M." <deppdm@ornl.gov> wrote :

So why aren't the patches smart enough to stop and restart the
necessary services?  IMHO there is a big difference in bouncing a
service and bouncing the entire box.  For starters there is a big
time differece. It takes much longer to bounce a box than to bounce a
service.  During a server bounce, there is a much greater chance of
something else going wrong.  Ever have a box reboot with an error
"Key board not found, Press F1 to continue."?


Good catch ;-)


-----Original Message-----
From: David LeBlanc [mailto:dleblanc@mindspring.com]
Sent: Saturday, June 25, 2005 5:53 PM
To: 'Martin Mewes'; focus-ms@securityfocus.com
Subject: RE: WSUS/Reboot

[...]

Reducing reboots is something that I know is a priority for
Microsoft, and you're right - having systems rebooting all the time is
a problem, even if they're just desktops. I think you'll see
improvement on this over time, and one of the new features of WSUS I
notice is immediate application of patches that don't need reboots.


Obviously I noticed that WSUS does not respect the settings I set.
In my test area I configured that patches are installed "behind the 
scenes" and the machine shall not be rebooted as they are turned off by 
the users every evening.

If the logged on user is a non-admin (default) he/she is presented a 
dialog box to make sure to click on OK to reboot the machine not having 
the chance clicking on CANCEL which is greyed out.

This is by far not what I want. I want WSUS to install updates during 
the shutdown of a machine without begging the user for clicking on OK.


However, they way that you get this system uptime on most *nix
systems is to drop the service in question, apply patches and restart
the service.


The problem is that sometimes you do not know which services to stop in 
order to just be able to restart a service instead of restarting the 
complete machine.

- Way back I fell over that Outlook did not work anymore because I 
de-installed Outlook Express which still does not do any sense to me.
- Or why do I need to reboot the machine if I apply a patch for Internet 
Explorer even if I do not have one single window open (reason is that 
parts of the Internet Explorer are being used by the Windows Explorer).
- Windows seems not to be able to just unload dll's "on the fly", 
install a new one and load that one again.

Please prove me wrong or right about that latter.

bis dahin/kind regards

Martin Mewes

-- 
Richtiges Zitieren in Mailinglisten und Newsgroups
-> http://www.afaik.de/usenet/faq/zitieren/

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?, David LeBlanc
Next by Date:  Re: WSUS/Reboot, Susan Bradley
Previous by Thread:  RE: WSUS/Reboot, Depp, Dennis M.
Next by Thread:  Disclaimer on Active/active clustered exchange servers, Peter Rodger
Indexes:  [Date] [Thread] [Top] [All Lists]