resources and events that can help you keep your security knowledge
and skills up to date and keep your Windows and other systems secure.
=== SECURITY Q&A ===============================================
by Randy Franklin Smith, rsmith@ultimatewindowssecurity.com
Q: I don't have enough systems to warrant setting up a Windows Server
Update Services (WSUS) server to manage security updates; I just want
all my computers to download updates from Microsoft's site as they're
released. I'm comfortable with not having the option to skip certain
updates; I just want our systems to stay fully patched and the process
to be as automatic as possible. How can I configure this?
A: If your systems are part of an Active Directory (AD) environment,
you can configure all of them with a Group Policy Object (GPO). If not,
you can configure the settings manually.
If you have AD, edit the Default Domain Policy GPO, which is linked to
the root of your domain in the Microsoft Management Console (MMC)
Active Directory Users and Computers snap-in. Maneuver to Computer
Configuration\Administrative Templates\Windows Components\Windows
Update. Enable the Configure Automatic Updates policy and set it to
"4 - Auto download and schedule the install." This policy activates the
Automatic Updates client and configures it to download and install
updates without any user interaction required. This policy also allows
you to configure the day and time that installations (and any necessary
reboots) occur. Disable the "Specify intranet Microsoft update service
location" policy to ensure that Automatic Updates obtains updates
directly from the Microsoft site.
If you don't have AD, you can find the same settings in the local
policy of each computer or you can configure the following settings in
the registry as Reg_DWORD values under the
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
subkey. Set AUOptions to 4. Set ScheduledInstallDay to 0 for every day,
or to limit installs to once a week, specify a value from 1 through 7,
where Sunday is 1. Set ScheduledInstallTime to the desired hour of day
(use the 24-hour format, in which hours range from 0 to 23) for the
installation.
(This Security Q&A originally appeared in the Windows IT Security
newsletter's Access Denied column.)
=== SECURITY RESOURCES =========================================
The following security-related resources are brought to you by Windows
IT Pro. For additional resources and information, visit
http://list.windowsitpro.com/t?ctl=3EE74:886699
Are you protected company-wide against spyware, keyloggers, adware, and
backdoor Trojans? Test the state of the art scanning engine that uses
threat signatures from multiple sources to track down the culprits that
antivirus solutions alone can't protect you against. Download your
free 30 day trial of CounterSpy Enterprise today!
http://list.windowsitpro.com/t?ctl=3EE6F:886699
Learn the commonalities across multiple compliance regulations and
standards to optimize your environment and save time and money.
http://list.windowsitpro.com/t?ctl=3EE6D:886699
Mark Joseph Edwards discusses emerging spyware threats, including
rootkits, keyloggers, and distribution methods. On-Demand Web Seminar
http://list.windowsitpro.com/t?ctl=3EE6E:886699
Ensure that you're being effective with your internal network security.
Are your DIY options protecting you against worms, BotNets, Trojans and
hackers? Make sure! On-Demand Web Seminar
http://list.windowsitpro.com/t?ctl=3EE6C:886699
Take an up-to-date look at secure, remote access to corporate
applications and stay ahead of the curve when making decisions about
near- and long-term IT infrastructure. On-Demand Web Seminar
http://list.windowsitpro.com/t?ctl=3EE70:886699
Achieve compliance in today's complex regulatory environment, while
managing threats to the inward- and outward-bound communications vital
to your business. Adopt a best-practices approach, such as the one
outlined in the international information security standard ISO/IEC
17799:2005. Download the whitepaper today to secure the
confidentiality, availability and integrity of your corporate
information!
http://list.windowsitpro.com/t?ctl=3EE6B:886699
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and the Windows IT Security newsletter
(subscribe at the second URL below).
http://list.windowsitpro.com/t?ctl=3EE72:886699
https://store.pentontech.com/index.cfm?s=1&promocode=eu255xsb
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=3EE71:886699
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB134768C0F4826E2AF
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=3EE73:886699
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment