Patching

TheMSsForum.com: The Microsoft Software Forum

I would like to know how how people here handle this patching
madness. I work in a company of three full-time and two part-time employees.
One of our full-time employees is the owner, who has many non-technical
responsibilities although he has a technical background. One of the
part-time employees is an administrative assistant with no technical
background. The other part-time employee works two or three mornings a week.
My full-time colleague is still getting up to speed on servers but also
takes care of lots of the easier calls. This pretty much leaves me largely
or wholly responsible for about 40 servers, including about 20 SBS units. I
have VPN access to most of them but I've been reluctant to patch remotely,
if only on account of having heard that some error messages don't display on
the Terminal Services session. Plus, our clients are widely scattered
geographically, so if something blows up it may not be easy for me to make
an emergency on-site visit. In addition to server maintenance I also have to
do routine service calls such as "I can't print" or "My UPS is beeping."
It's hard to ignore the things that people demand that you fix right away
while doing work that nobody asked you to do (we did have one smart guy who
asked us for the Blaster patch though). We got stretched to the limit by the
blackout in the Northeast; lots of stuff got fried or otherwise
discombobulated. I really wanted to patch for Blaster but had no way to do
it unless I did it remotely, and even then I'd have to go home and do it
after hours. I think I may have patched about 10 or 15 of the 40, tops.
Yesterday I made it to a server but it already had W32.Welchia on it. So
what's a bedraggled technician to do? Am I just one of many or am I going
about it wrong?
Top

Re: Patching by Rick

Rick
Wed Sep 10 22:44:47 CDT 2003

Yes it is!

Discombobulated
adj : having self-possession upset; thrown into confusion; "the hecklers
pelted the discombobulated speaker with anything that came to hand"; "looked
at each other dumbly, quite disconcerted"

Try www.dictionary.com :-)

Rick in the Midwest

"Javier Gomez" <javier_gomez@remove-this-bit.engineer.com> wrote in message
news:e7My3yAeDHA.3820@tk2msftngp13.phx.gbl...
> > discombobulated
>
> Is that even a word??? :-)
>
> More seriously... I think you might want to reconsider how you are
handling
> this situation.
>
> From a technical standpoint-> It is my opinion that you can "safely" patch
> remotely. I had success for some service packs too (in my little test
> server)... but I just too scared to do it for real. I have a schedule of
> checking each one of my servers remotely periodicaly... but that's part of
> my work plan (I don't have 40 servers to take care of). Another (last)
> option you might consider is training someone at each site to perform
these
> procedures (but I really don't like it... not a bit).
>
> From a service quality standpoint-> I got to be honest with you: If I were
> your client and I find out that my server got Welchia/Nachi/MSBlaster
> because you didn't patch it on time (for any reason whatsoever) I would
> terminate our agreement on the spot (Man... you had several weeks to
perform
> that patch). I suggest you reconsider your working plan to do one of the
> following: a) reduce the number of clients/servers you take care off b)
get
> more skilled people to work on them c) start increasing you efficiency d)
a
> combination or all of the above. I don't think you want to loose 50% of
your
> clients because you can't handle them in a timely manner. Believe me... I
> know what it is to be under pressure (try attending Grad School, doing ChE
> research and having a part-time job as IT admin to get some money)... but
> for that same reason I don't take more clients that what I can handle
> comfortably.
>
> I don't want to beat you up... is just a heads up. In this highly
> competitive IT world... is just a matter of time until you start loosing
> clients to your competitors for not taking care of them.
>
> My $0.02,
>
> Javier
>
>


Top

Re: Patching by Rick

Rick
Wed Sep 10 22:57:04 CDT 2003

I am self-employed and even though I don't have 40 servers to manage, but
maybe one day. I am lucky that I have one client paying me a 6 figure
contract, so I take on other clients when and if I choose. What I started to
do is offer a Maintenance Contract to my clients. It covers updates like
patches plus the SBS reports, backup, etc stuff is emailed to me for review.
I am hoping that the months that don't require much patching will make up
for the months that do (might be more of a dream though) Yes, I patch at
night when the client isn't there but I am getting paid. (doing a SBS client
right now as I wait for it to scan the domain) So far I have had very good
luck patching using TS to the server. I've used Shalik's and St. Bernard's
products, and so far I like UpdateExpert better. But you are correct, if
something goes wrong, then you have to make an emergency call. I always test
the patches on my own production SBS before doing it to a client. You are
either going to go there or talk someone over the phone if the worst
happens.
You've asked a good question though, because I have tackled this with much
thought also...

Rick in the Midwest

"Arthur T. Jackson" <ajackson@atjackson.info> wrote in message
news:%23zOcMGAeDHA.2320@TK2MSFTNGP12.phx.gbl...
> I would like to know how how people here handle this patching
> madness. I work in a company of three full-time and two part-time
employees.
> One of our full-time employees is the owner, who has many non-technical
> responsibilities although he has a technical background. One of the
> part-time employees is an administrative assistant with no technical
> background. The other part-time employee works two or three mornings a
week.
> My full-time colleague is still getting up to speed on servers but also
> takes care of lots of the easier calls. This pretty much leaves me largely
> or wholly responsible for about 40 servers, including about 20 SBS units.
I
> have VPN access to most of them but I've been reluctant to patch remotely,
> if only on account of having heard that some error messages don't display
on
> the Terminal Services session. Plus, our clients are widely scattered
> geographically, so if something blows up it may not be easy for me to make
> an emergency on-site visit. In addition to server maintenance I also have
to
> do routine service calls such as "I can't print" or "My UPS is beeping."
> It's hard to ignore the things that people demand that you fix right away
> while doing work that nobody asked you to do (we did have one smart guy
who
> asked us for the Blaster patch though). We got stretched to the limit by
the
> blackout in the Northeast; lots of stuff got fried or otherwise
> discombobulated. I really wanted to patch for Blaster but had no way to do
> it unless I did it remotely, and even then I'd have to go home and do it
> after hours. I think I may have patched about 10 or 15 of the 40, tops.
> Yesterday I made it to a server but it already had W32.Welchia on it. So
> what's a bedraggled technician to do? Am I just one of many or am I going
> about it wrong?
>
>


Top

Re: Patching by Gavin

Gavin
Wed Sep 10 23:01:46 CDT 2003

If you're TS'ing into the server - is HFNetCheck installed on the server
itself?
(I'm assuming that's the Shavlik software?)

"Rick in the Midwest" <Rick.NOSPAM@NOSPAM.rdfts.com> wrote in message
news:uoTCMhBeDHA.3576@tk2msftngp13.phx.gbl...
> I am self-employed and even though I don't have 40 servers to manage, but
> maybe one day. I am lucky that I have one client paying me a 6 figure
> contract, so I take on other clients when and if I choose. What I started
to
> do is offer a Maintenance Contract to my clients. It covers updates like
> patches plus the SBS reports, backup, etc stuff is emailed to me for
review.
> I am hoping that the months that don't require much patching will make up
> for the months that do (might be more of a dream though) Yes, I patch at
> night when the client isn't there but I am getting paid. (doing a SBS
client
> right now as I wait for it to scan the domain) So far I have had very good
> luck patching using TS to the server. I've used Shalik's and St. Bernard's
> products, and so far I like UpdateExpert better. But you are correct, if
> something goes wrong, then you have to make an emergency call. I always
test
> the patches on my own production SBS before doing it to a client. You are
> either going to go there or talk someone over the phone if the worst
> happens.
> You've asked a good question though, because I have tackled this with much
> thought also...
>
> Rick in the Midwest
>
> "Arthur T. Jackson" <ajackson@atjackson.info> wrote in message
> news:%23zOcMGAeDHA.2320@TK2MSFTNGP12.phx.gbl...
> > I would like to know how how people here handle this patching
> > madness. I work in a company of three full-time and two part-time
> employees.
> > One of our full-time employees is the owner, who has many non-technical
> > responsibilities although he has a technical background. One of the
> > part-time employees is an administrative assistant with no technical
> > background. The other part-time employee works two or three mornings a
> week.
> > My full-time colleague is still getting up to speed on servers but also
> > takes care of lots of the easier calls. This pretty much leaves me
largely
> > or wholly responsible for about 40 servers, including about 20 SBS
units.
> I
> > have VPN access to most of them but I've been reluctant to patch
remotely,
> > if only on account of having heard that some error messages don't
display
> on
> > the Terminal Services session. Plus, our clients are widely scattered
> > geographically, so if something blows up it may not be easy for me to
make
> > an emergency on-site visit. In addition to server maintenance I also
have
> to
> > do routine service calls such as "I can't print" or "My UPS is beeping."
> > It's hard to ignore the things that people demand that you fix right
away
> > while doing work that nobody asked you to do (we did have one smart guy
> who
> > asked us for the Blaster patch though). We got stretched to the limit by
> the
> > blackout in the Northeast; lots of stuff got fried or otherwise
> > discombobulated. I really wanted to patch for Blaster but had no way to
do
> > it unless I did it remotely, and even then I'd have to go home and do it
> > after hours. I think I may have patched about 10 or 15 of the 40, tops.
> > Yesterday I made it to a server but it already had W32.Welchia on it. So
> > what's a bedraggled technician to do? Am I just one of many or am I
going
> > about it wrong?
> >
> >
>
>


Top

Re: Patching by Javier

Javier
Wed Sep 10 23:33:46 CDT 2003

Damn... you are right :-)

That's is the sort of words that are asked in the GRE (no wonder I got such
bad scores in this part). Heck, I don't think I can even pronounce it...
that's one of the things I don't like about English (too much ambiguity in
pronunciation).

Who said that we only learn computer stuff here? (Here I have learned the
meaning of: Vegemite, Marmite, Beetroot, Poms, Chunder... the list is long).

-Javier

"Rick in the Midwest" <Rick.NOSPAM@NOSPAM.rdfts.com> wrote in message
news:O197UaBeDHA.3820@tk2msftngp13.phx.gbl...
> Yes it is!
>
> Discombobulated
> adj : having self-possession upset; thrown into confusion; "the hecklers
> pelted the discombobulated speaker with anything that came to hand";
"looked
> at each other dumbly, quite disconcerted"
>
> Try www.dictionary.com :-)
>
> Rick in the Midwest
>
> "Javier Gomez" <javier_gomez@remove-this-bit.engineer.com> wrote in
message
> news:e7My3yAeDHA.3820@tk2msftngp13.phx.gbl...
> > > discombobulated
> >
> > Is that even a word??? :-)
> >
> > More seriously... I think you might want to reconsider how you are
> handling
> > this situation.
> >
> > From a technical standpoint-> It is my opinion that you can "safely"
patch
> > remotely. I had success for some service packs too (in my little test
> > server)... but I just too scared to do it for real. I have a schedule of
> > checking each one of my servers remotely periodicaly... but that's part
of
> > my work plan (I don't have 40 servers to take care of). Another (last)
> > option you might consider is training someone at each site to perform
> these
> > procedures (but I really don't like it... not a bit).
> >
> > From a service quality standpoint-> I got to be honest with you: If I
were
> > your client and I find out that my server got Welchia/Nachi/MSBlaster
> > because you didn't patch it on time (for any reason whatsoever) I would
> > terminate our agreement on the spot (Man... you had several weeks to
> perform
> > that patch). I suggest you reconsider your working plan to do one of the
> > following: a) reduce the number of clients/servers you take care off b)
> get
> > more skilled people to work on them c) start increasing you efficiency
d)
> a
> > combination or all of the above. I don't think you want to loose 50% of
> your
> > clients because you can't handle them in a timely manner. Believe me...
I
> > know what it is to be under pressure (try attending Grad School, doing
ChE
> > research and having a part-time job as IT admin to get some money)...
but
> > for that same reason I don't take more clients that what I can handle
> > comfortably.
> >
> > I don't want to beat you up... is just a heads up. In this highly
> > competitive IT world... is just a matter of time until you start loosing
> > clients to your competitors for not taking care of them.
> >
> > My $0.02,
> >
> > Javier
> >
> >
>
>


Top

Re: Patching by Rick

Rick
Wed Sep 10 23:40:23 CDT 2003

Yes it is. I know that it is recommended to put it on a workstation but I
have tested it when on the server and so far (knock on wood) it works just
fine. Yes, Shavlik.

Rick in the Midwest

"Gavin" <gavin@interprom.com> wrote in message
news:O0mAIpBeDHA.2076@TK2MSFTNGP12.phx.gbl...
> If you're TS'ing into the server - is HFNetCheck installed on the server
> itself?
> (I'm assuming that's the Shavlik software?)
>
> "Rick in the Midwest" <Rick.NOSPAM@NOSPAM.rdfts.com> wrote in message
> news:uoTCMhBeDHA.3576@tk2msftngp13.phx.gbl...
> > I am self-employed and even though I don't have 40 servers to manage,
but
> > maybe one day. I am lucky that I have one client paying me a 6 figure
> > contract, so I take on other clients when and if I choose. What I
started
> to
> > do is offer a Maintenance Contract to my clients. It covers updates like
> > patches plus the SBS reports, backup, etc stuff is emailed to me for
> review.
> > I am hoping that the months that don't require much patching will make
up
> > for the months that do (might be more of a dream though) Yes, I patch at
> > night when the client isn't there but I am getting paid. (doing a SBS
> client
> > right now as I wait for it to scan the domain) So far I have had very
good
> > luck patching using TS to the server. I've used Shalik's and St.
Bernard's
> > products, and so far I like UpdateExpert better. But you are correct, if
> > something goes wrong, then you have to make an emergency call. I always
> test
> > the patches on my own production SBS before doing it to a client. You
are
> > either going to go there or talk someone over the phone if the worst
> > happens.
> > You've asked a good question though, because I have tackled this with
much
> > thought also...
> >
> > Rick in the Midwest
> >
> > "Arthur T. Jackson" <ajackson@atjackson.info> wrote in message
> > news:%23zOcMGAeDHA.2320@TK2MSFTNGP12.phx.gbl...
> > > I would like to know how how people here handle this patching
> > > madness. I work in a company of three full-time and two part-time
> > employees.
> > > One of our full-time employees is the owner, who has many
non-technical
> > > responsibilities although he has a technical background. One of the
> > > part-time employees is an administrative assistant with no technical
> > > background. The other part-time employee works two or three mornings a
> > week.
> > > My full-time colleague is still getting up to speed on servers but
also
> > > takes care of lots of the easier calls. This pretty much leaves me
> largely
> > > or wholly responsible for about 40 servers, including about 20 SBS
> units.
> > I
> > > have VPN access to most of them but I've been reluctant to patch
> remotely,
> > > if only on account of having heard that some error messages don't
> display
> > on
> > > the Terminal Services session. Plus, our clients are widely scattered
> > > geographically, so if something blows up it may not be easy for me to
> make
> > > an emergency on-site visit. In addition to server maintenance I also
> have
> > to
> > > do routine service calls such as "I can't print" or "My UPS is
beeping."
> > > It's hard to ignore the things that people demand that you fix right
> away
> > > while doing work that nobody asked you to do (we did have one smart
guy
> > who
> > > asked us for the Blaster patch though). We got stretched to the limit
by
> > the
> > > blackout in the Northeast; lots of stuff got fried or otherwise
> > > discombobulated. I really wanted to patch for Blaster but had no way
to
> do
> > > it unless I did it remotely, and even then I'd have to go home and do
it
> > > after hours. I think I may have patched about 10 or 15 of the 40,
tops.
> > > Yesterday I made it to a server but it already had W32.Welchia on it.
So
> > > what's a bedraggled technician to do? Am I just one of many or am I
> going
> > > about it wrong?
> > >
> > >
> >
> >
>
>


Top

Re: Patching by Arthur

Arthur
Thu Sep 11 18:36:10 CDT 2003

To add insult to injury-- yesterday I was speaking to the
part-timer, who has a couple of clients of his own. I told him "ya gotta
patch for Blaster!" So today he went to his client-- a 25-user Windows 2000
Server installation-- and applied Windows 2000 Service Pack 4 and the
Blaster patch, among other things. The whole network crashed to the ground;
the only thing I could tell him when he called me for advice was to
uninstall each thing one thing at a time until he got things working again.
He wound up uninstalling everything, right back to SP 4 and now probably
looks like an idiot to the client. His only other option at this point seems
to be a call to Microsoft, even if he has to pay for an incident. Meanwhile,
that network is still vulnerable. Today, my boss said to me, "I wonder if we
shouldn't become a Linux shop?" I know he's not right-- but one wonders. You
just can't walk into a client and destroy a working network, for ANY reason.
That is almost as bad as allowing a worm to infiltrate. The end result is
almost the same, at least from the client's standpoint-- lost productivity
and annoyance.

"Arthur T. Jackson" <ajackson@atjackson.info> wrote in message
news:#zOcMGAeDHA.2320@TK2MSFTNGP12.phx.gbl...
> I would like to know how how people here handle this patching
> madness. I work in a company of three full-time and two part-time
employees.
> One of our full-time employees is the owner, who has many non-technical
> responsibilities although he has a technical background. One of the
> part-time employees is an administrative assistant with no technical
> background. The other part-time employee works two or three mornings a
week.
> My full-time colleague is still getting up to speed on servers but also
> takes care of lots of the easier calls. This pretty much leaves me largely
> or wholly responsible for about 40 servers, including about 20 SBS units.
I
> have VPN access to most of them but I've been reluctant to patch remotely,
> if only on account of having heard that some error messages don't display
on
> the Terminal Services session. Plus, our clients are widely scattered
> geographically, so if something blows up it may not be easy for me to make
> an emergency on-site visit. In addition to server maintenance I also have
to
> do routine service calls such as "I can't print" or "My UPS is beeping."
> It's hard to ignore the things that people demand that you fix right away
> while doing work that nobody asked you to do (we did have one smart guy
who
> asked us for the Blaster patch though). We got stretched to the limit by
the
> blackout in the Northeast; lots of stuff got fried or otherwise
> discombobulated. I really wanted to patch for Blaster but had no way to do
> it unless I did it remotely, and even then I'd have to go home and do it
> after hours. I think I may have patched about 10 or 15 of the 40, tops.
> Yesterday I made it to a server but it already had W32.Welchia on it. So
> what's a bedraggled technician to do? Am I just one of many or am I going
> about it wrong?
>
>


Top

Re: Patching by Andrew

Andrew
Thu Sep 11 19:44:26 CDT 2003

By and large, we have one server--usually an SBS-- per location,
with one or two exceptions. In our case, the difference isn't significant.

"Marcio Watanabe" <Marcio@nospam.com> wrote in message
news:8g32mvsm0bcvbjqk15pccili0nt2rl57m6@4ax.com...
> "Andrew M. Saucci, Jr." <andrew@2000computer.com> wrote:
>
> > That restricts the consultant to a maximum of one server per
night
> >then, since realistically the only way to know if it worked okay is to
wait
> >for the next morning when everyone returns.
>
> No, it restricts the consultant to a maximum of one *location* per
> night. I have one location with 3 servers and others with 2, and when
> I patch one, I patch all of them.
>
> --
> Marcio Watanabe


Top

Re: Patching by Andrew

Andrew
Thu Sep 11 20:04:35 CDT 2003

What's the licensing model for HFNetChkPro? Do you buy a license
for each network?

"Susan Bradley, CPA aka Ebitz SBS Rocks [MVP] on highspeed in Charlotte"
<sbradcpa@pacbell.net> wrote in message
news:#Y$qUlBeDHA.620@TK2MSFTNGP11.phx.gbl...
> Tools to make your life easier.
>
> SUS/HfnetchPro ...the ability to remote into a box and not "touch" a
> server to patch it.
>
> Educating all of us that to stay safe we are going to spill a little
> blood on the floor. Educating all of us that it's not any better in the
> Linux world as no operating system these days is safe.
>
> Someday....Vendors who support user mode [yes, you Intuit and Quickbooks]
>
> Someday... Firewalls on every machine.
>
> Arthur T. Jackson wrote:
>
> > I would like to know how how people here handle this patching
> > madness. I work in a company of three full-time and two part-time
employees.
> > One of our full-time employees is the owner, who has many non-technical
> > responsibilities although he has a technical background. One of the
> > part-time employees is an administrative assistant with no technical
> > background. The other part-time employee works two or three mornings a
week.
> > My full-time colleague is still getting up to speed on servers but also
> > takes care of lots of the easier calls. This pretty much leaves me
largely
> > or wholly responsible for about 40 servers, including about 20 SBS
units. I
> > have VPN access to most of them but I've been reluctant to patch
remotely,
> > if only on account of having heard that some error messages don't
display on
> > the Terminal Services session. Plus, our clients are widely scattered
> > geographically, so if something blows up it may not be easy for me to
make
> > an emergency on-site visit. In addition to server maintenance I also
have to
> > do routine service calls such as "I can't print" or "My UPS is beeping."
> > It's hard to ignore the things that people demand that you fix right
away
> > while doing work that nobody asked you to do (we did have one smart guy
who
> > asked us for the Blaster patch though). We got stretched to the limit by
the
> > blackout in the Northeast; lots of stuff got fried or otherwise
> > discombobulated. I really wanted to patch for Blaster but had no way to
do
> > it unless I did it remotely, and even then I'd have to go home and do it
> > after hours. I think I may have patched about 10 or 15 of the 40, tops.
> > Yesterday I made it to a server but it already had W32.Welchia on it. So
> > what's a bedraggled technician to do? Am I just one of many or am I
going
> > about it wrong?
> >
> >
>


Top

Re: Patching by Rick

Rick
Thu Sep 11 23:28:11 CDT 2003

No offense but if your buddy didn't know to patch his clients for Blaster,
then I wonder how qualified he is to update the 25 user network. A good
consultant is aware of these things. I've been doing this for almost 10
years, since the Windows NT 3.1 Advance Server days (yes, server 3.1) and
never brought a client to their knees when doing any kind of updates.
Granted, I've had updates go wrong but was always able to resolve it in a
reasonable fashion.

Rick ITM

"Arthur T. Jackson" <ajackson@atjackson.info> wrote in message
news:%23AQMU2LeDHA.1732@TK2MSFTNGP12.phx.gbl...
> To add insult to injury-- yesterday I was speaking to the
> part-timer, who has a couple of clients of his own. I told him "ya gotta
> patch for Blaster!" So today he went to his client-- a 25-user Windows
2000
> Server installation-- and applied Windows 2000 Service Pack 4 and the
> Blaster patch, among other things. The whole network crashed to the
ground;
> the only thing I could tell him when he called me for advice was to
> uninstall each thing one thing at a time until he got things working
again.
> He wound up uninstalling everything, right back to SP 4 and now probably
> looks like an idiot to the client. His only other option at this point
seems
> to be a call to Microsoft, even if he has to pay for an incident.
Meanwhile,
> that network is still vulnerable. Today, my boss said to me, "I wonder if
we
> shouldn't become a Linux shop?" I know he's not right-- but one wonders.
You
> just can't walk into a client and destroy a working network, for ANY
reason.
> That is almost as bad as allowing a worm to infiltrate. The end result is
> almost the same, at least from the client's standpoint-- lost productivity
> and annoyance.
>
> "Arthur T. Jackson" <ajackson@atjackson.info> wrote in message
> news:#zOcMGAeDHA.2320@TK2MSFTNGP12.phx.gbl...
> > I would like to know how how people here handle this patching
> > madness. I work in a company of three full-time and two part-time
> employees.
> > One of our full-time employees is the owner, who has many non-technical
> > responsibilities although he has a technical background. One of the
> > part-time employees is an administrative assistant with no technical
> > background. The other part-time employee works two or three mornings a
> week.
> > My full-time colleague is still getting up to speed on servers but also
> > takes care of lots of the easier calls. This pretty much leaves me
largely
> > or wholly responsible for about 40 servers, including about 20 SBS
units.
> I
> > have VPN access to most of them but I've been reluctant to patch
remotely,
> > if only on account of having heard that some error messages don't
display
> on
> > the Terminal Services session. Plus, our clients are widely scattered
> > geographically, so if something blows up it may not be easy for me to
make
> > an emergency on-site visit. In addition to server maintenance I also
have
> to
> > do routine service calls such as "I can't print" or "My UPS is beeping."
> > It's hard to ignore the things that people demand that you fix right
away
> > while doing work that nobody asked you to do (we did have one smart guy
> who
> > asked us for the Blaster patch though). We got stretched to the limit by
> the
> > blackout in the Northeast; lots of stuff got fried or otherwise
> > discombobulated. I really wanted to patch for Blaster but had no way to
do
> > it unless I did it remotely, and even then I'd have to go home and do it
> > after hours. I think I may have patched about 10 or 15 of the 40, tops.
> > Yesterday I made it to a server but it already had W32.Welchia on it. So
> > what's a bedraggled technician to do? Am I just one of many or am I
going
> > about it wrong?
> >
> >
>
>


Top

Re: Patching by Susan

Susan
Fri Sep 12 00:24:59 CDT 2003

"just can't walk into a client and destroy a working network, for ANY
reason"

...gee... the alternative in the State that I live is that if I don't
patch, get nailed, get a trojan backdoor that might be stealing SS#, I
have to tell my clients of this fact.

Yes, all of us need to consider patching as maintenance. Linux?
Patches there too.. In fact just as many or more in some distros.

We live in a world where we share the pipe with very bad people. We
share a "bad neighborhood". So we have to bolt ourselves down and lock
the doors.

Part of this process is patching.

You don't patch, you run the risk of a compromised network. I'd rather
have a "downed" network than a infiltrated network in my lan. Flat out
plain and simple, stick in disk imaging, better backups, plan for this
and wake up to the reality that this is the world of computing and the
Internet today for Linux for Windows... for us all.

We share the pipe with every stupid, two bit, insane, out to make a
point script kiddie on the planet.

Welcome to the reality of 2003... to be blunt about it.

Susan

Arthur T. Jackson wrote:

> To add insult to injury-- yesterday I was speaking to the
> part-timer, who has a couple of clients of his own. I told him "ya gotta
> patch for Blaster!" So today he went to his client-- a 25-user Windows 2000
> Server installation-- and applied Windows 2000 Service Pack 4 and the
> Blaster patch, among other things. The whole network crashed to the ground;
> the only thing I could tell him when he called me for advice was to
> uninstall each thing one thing at a time until he got things working again.
> He wound up uninstalling everything, right back to SP 4 and now probably
> looks like an idiot to the client. His only other option at this point seems
> to be a call to Microsoft, even if he has to pay for an incident. Meanwhile,
> that network is still vulnerable. Today, my boss said to me, "I wonder if we
> shouldn't become a Linux shop?" I know he's not right-- but one wonders. You
> just can't walk into a client and destroy a working network, for ANY reason.
> That is almost as bad as allowing a worm to infiltrate. The end result is
> almost the same, at least from the client's standpoint-- lost productivity
> and annoyance.
>
> "Arthur T. Jackson" <ajackson@atjackson.info> wrote in message
> news:#zOcMGAeDHA.2320@TK2MSFTNGP12.phx.gbl...
>
>> I would like to know how how people here handle this patching
>>madness. I work in a company of three full-time and two part-time
>
> employees.
>
>>One of our full-time employees is the owner, who has many non-technical
>>responsibilities although he has a technical background. One of the
>>part-time employees is an administrative assistant with no technical
>>background. The other part-time employee works two or three mornings a
>
> week.
>
>>My full-time colleague is still getting up to speed on servers but also
>>takes care of lots of the easier calls. This pretty much leaves me largely
>>or wholly responsible for about 40 servers, including about 20 SBS units.
>
> I
>
>>have VPN access to most of them but I've been reluctant to patch remotely,
>>if only on account of having heard that some error messages don't display
>
> on
>
>>the Terminal Services session. Plus, our clients are widely scattered
>>geographically, so if something blows up it may not be easy for me to make
>>an emergency on-site visit. In addition to server maintenance I also have
>
> to
>
>>do routine service calls such as "I can't print" or "My UPS is beeping."
>>It's hard to ignore the things that people demand that you fix right away
>>while doing work that nobody asked you to do (we did have one smart guy
>
> who
>
>>asked us for the Blaster patch though). We got stretched to the limit by
>
> the
>
>>blackout in the Northeast; lots of stuff got fried or otherwise
>>discombobulated. I really wanted to patch for Blaster but had no way to do
>>it unless I did it remotely, and even then I'd have to go home and do it
>>after hours. I think I may have patched about 10 or 15 of the 40, tops.
>>Yesterday I made it to a server but it already had W32.Welchia on it. So
>>what's a bedraggled technician to do? Am I just one of many or am I going
>>about it wrong?
>>
>>
>
>
>

Top

Re: Patching by Susan

Susan
Fri Sep 12 00:26:11 CDT 2003

I've got it on my server at home as well.

Rick in the Midwest wrote:

> Yes it is. I know that it is recommended to put it on a workstation but I
> have tested it when on the server and so far (knock on wood) it works just
> fine. Yes, Shavlik.
>
> Rick in the Midwest
>
> "Gavin" <gavin@interprom.com> wrote in message
> news:O0mAIpBeDHA.2076@TK2MSFTNGP12.phx.gbl...
>
>>If you're TS'ing into the server - is HFNetCheck installed on the server
>>itself?
>>(I'm assuming that's the Shavlik software?)
>>
>>"Rick in the Midwest" <Rick.NOSPAM@NOSPAM.rdfts.com> wrote in message
>>news:uoTCMhBeDHA.3576@tk2msftngp13.phx.gbl...
>>
>>>I am self-employed and even though I don't have 40 servers to manage,
>
> but
>
>>>maybe one day. I am lucky that I have one client paying me a 6 figure
>>>contract, so I take on other clients when and if I choose. What I
>
> started
>
>>to
>>
>>>do is offer a Maintenance Contract to my clients. It covers updates like
>>>patches plus the SBS reports, backup, etc stuff is emailed to me for
>>
>>review.
>>
>>>I am hoping that the months that don't require much patching will make
>
> up
>
>>>for the months that do (might be more of a dream though) Yes, I patch at
>>>night when the client isn't there but I am getting paid. (doing a SBS
>>
>>client
>>
>>>right now as I wait for it to scan the domain) So far I have had very
>
> good
>
>>>luck patching using TS to the server. I've used Shalik's and St.
>
> Bernard's
>
>>>products, and so far I like UpdateExpert better. But you are correct, if
>>>something goes wrong, then you have to make an emergency call. I always
>>
>>test
>>
>>>the patches on my own production SBS before doing it to a client. You
>
> are
>
>>>either going to go there or talk someone over the phone if the worst
>>>happens.
>>>You've asked a good question though, because I have tackled this with
>
> much
>
>>>thought also...
>>>
>>>Rick in the Midwest
>>>
>>>"Arthur T. Jackson" <ajackson@atjackson.info> wrote in message
>>>news:%23zOcMGAeDHA.2320@TK2MSFTNGP12.phx.gbl...
>>>
>>>> I would like to know how how people here handle this patching
>>>>madness. I work in a company of three full-time and two part-time
>>>
>>>employees.
>>>
>>>>One of our full-time employees is the owner, who has many
>
> non-technical
>
>>>>responsibilities although he has a technical background. One of the
>>>>part-time employees is an administrative assistant with no technical
>>>>background. The other part-time employee works two or three mornings a
>>>
>>>week.
>>>
>>>>My full-time colleague is still getting up to speed on servers but
>
> also
>
>>>>takes care of lots of the easier calls. This pretty much leaves me
>>
>>largely
>>
>>>>or wholly responsible for about 40 servers, including about 20 SBS
>>
>>units.
>>
>>>I
>>>
>>>>have VPN access to most of them but I've been reluctant to patch
>>
>>remotely,
>>
>>>>if only on account of having heard that some error messages don't
>>
>>display
>>
>>>on
>>>
>>>>the Terminal Services session. Plus, our clients are widely scattered
>>>>geographically, so if something blows up it may not be easy for me to
>>
>>make
>>
>>>>an emergency on-site visit. In addition to server maintenance I also
>>
>>have
>>
>>>to
>>>
>>>>do routine service calls such as "I can't print" or "My UPS is
>
> beeping."
>
>>>>It's hard to ignore the things that people demand that you fix right
>>
>>away
>>
>>>>while doing work that nobody asked you to do (we did have one smart
>
> guy
>
>>>who
>>>
>>>>asked us for the Blaster patch though). We got stretched to the limit
>
> by
>
>>>the
>>>
>>>>blackout in the Northeast; lots of stuff got fried or otherwise
>>>>discombobulated. I really wanted to patch for Blaster but had no way
>
> to
>
>>do
>>
>>>>it unless I did it remotely, and even then I'd have to go home and do
>
> it
>
>>>>after hours. I think I may have patched about 10 or 15 of the 40,
>
> tops.
>
>>>>Yesterday I made it to a server but it already had W32.Welchia on it.
>
> So
>
>>>>what's a bedraggled technician to do? Am I just one of many or am I
>>
>>going
>>
>>>>about it wrong?
>>>>
>>>>
>>>
>>>
>>
>
>

Top

Re: Patching by Edward

Edward
Sat Sep 13 13:10:51 CDT 2003

Testing wouldn't have done the guy any good. Every server and
network is different. In the end, he still would have had to bite the bullet
and install the updates. The alternative-- do nothing and get burned with a
worm or virus.

"Ed Grant" <ed.grant@raremedium.net> wrote in message
news:080101c378c8$63004420$a101280a@phx.gbl...

> As for your friend....even though you told him to install
> the updates, he did not test them for himself? It also
> sounds like he has some other underlying issues that need
> to be addressed at this clients location. If the majority
> of the admins out there can install the latest patched
> without issues, but he is have issues on that scale.
> Sounds to me like he needs to take a closer look at his
> clients environment.


Top