Getting patch information on Systems without ADMIN rights !?

[Tony Zirnoon <[EMAIL PROTECTED]>]

In my view the challenge that remains to be address by third party vendors
is how to identify and patch systems where (for various reasons) we don't
have remote admin rights.(Lab Systems, Engineering Systems , ...) 

At this point I am merely interested in being able to scan the systems and
report on them. Once we can identify them I am sure the is the challenge to
get them patched. ( Login  scripts .., SUS, PUSH method apps ... or CDs )

Please don not respond with things like Define a policy , delegate
responsibility, and so on ! I am interested in more of technical solutions. 

I used WMIC , SYSTEMINFO, PSINFO, REMOTE REG queries, HYENA, EXPORTER, and
SRVINFO.  

SRVINFO is the only one that seams to bypass this limitation to some degree
but it has a huge CPU toll (non-threaded) and cannot be efficiently used
through a Script to handle over 2000 systems. 

WMI extension might address it to some degree but haven't had much luck with
it.

Notes:
-------
NO AD in place - SO GPO not applicable! 
Must be Client -less: Does not require a Client Side APP running 
Pick up any New systems - NON Standard builds, contractors,
Unauthenticated...plugged into supported subnets

In light of above mentioned shortcomings,not yet addressed by third party
vendors (i.e SUS, SMS, SHAVLIK...all others mentioned on this list), I have
developed a suite of VBS scripts that launches a remote process using
(PSEXEC)a and runs HFNETCHECK using a centralized & customized copy of
mssecure.XML. It copies the results to a central repository which is then
merged into a CSV file to be merged into a DATABASE or EXCEL workbook using
VBA. This also handles the issue of dealing with Mobile, VPN and dhcp USERS.


This suite has allowed us to capture all the info that we need without
having to maintain client side apps or pay expensive licensing fees. As We
scan these Systems we configure the SUS clients for ongoing pathc
management. In case we need to push critical patches in realtime mode we
would push a manual batch files to all identified clients requiring the
patches followed by qchain.exe and schedule a reboot if needed 

The remaining problem is still dealing with systems where Domain Admins DO
NOT have remote admin rights. I would be interested to see how others are
accounting for such systems in your environments! 


Sincerely, 
Tony Zirnoon
[EMAIL PROTECTED]


-----Original Message-----
From: Angela Triola [mailto:[EMAIL PROTECTED] 
Sent: Friday, April 30, 2004 1:01 PM
To: Patch Management Mailing List
Subject: RE: Applying patches-updates to lab PCs

[Moderator's Note: This discussion can quickly turn into emails each touting
the pros
and cons of each patch management product available.  Many of these
discussions have
occurred previously on this list - please refer to the list archives.  Also,
for more
information about frequently reviewed products, please refer to the
Comparisons page here:
http://www.patchmanagement.org/comparisons.asp]

Definitely take a look at ECM (Enterprise Configuration Manager) from
ConfigureSoft (no, not part of Microsoft - although the name does kinda lean
that way, huh?)  

ECM is a vulnerability assessment/patch management tool and a LOT more and
it is completely worth it.

I manage about 80 servers and 300 pcs with it in a Windows AD environment
and have just barely scratched the surface of what it can do.

Check it out for yourself:  http://www.configuresoft.com

Angela Triola
Infrastructure Analyst
Ent Federal Credit Union 

-----Original Message-----
From: Bott, Bruce - SICA [mailto:[EMAIL PROTECTED] 
Sent: Friday, April 30, 2004 12:21 PM
To: Patch Management Mailing List
Subject: RE: Applying patches-updates to lab PCs

Take a look at update expert from St. Bernard Software too. 

It's working well for us... but I haven't used the other products
you mention so I can't comment on how well it stacks up against
them.

bb

-----Original Message-----
From: Mike Rountree [mailto:[EMAIL PROTECTED] 
Sent: Friday, April 30, 2004 6:55 AM
To: Patch Management Mailing List
Subject: Applying patches-updates to lab PCs

Hello...
We are looking at obtaining a product that will allow us to easily apply
updates / patches (e.g., Microsoft patches) to our PCs located in our
student computer labs...approximately 200 PCs.  I've been looking at
various products such as PatchLink and HFNetChkPro.  I've also seen some
messages on this listserv regarding SUS, but I'm not familiar with that
product.

With the above in mind, can anyone recommend a product that's easy to
install and use and does a good job in patch management?
Thanks. 


---
To unsubscribe send a blank email to
[EMAIL PROTECTED]



---
To unsubscribe send a blank email to
[EMAIL PROTECTED]

---
To unsubscribe send a blank email to
[EMAIL PROTECTED]


---
To unsubscribe send a blank email to [EMAIL PROTECTED]