Teach users how to patch their own systems

If you're like most administrators I know, the title of this article probably makes you wonder: Why would you want to teach users how to patch their own systems? After all, one of an administrator's primary goals is to lock down workstations so that users can't do anything to them. However, there are some circumstances where teaching users how to do patch management themselves makes a lot of sense.

Companies that have small remote offices with little connectivity beyond dial up are good examples. In my experience, such offices generally have one to three badly neglected PCs with no constant connection to the outside world. In such an environment, it may be difficult or impossible to automate patch management. If you want to keep the systems up-to-date, you have a choice between sending a support person to the remote office every day or teaching the users how to patch their own system. It's most likely simpler and more cost effective in that situation to train the end user.

Also, many employees have a PC in their home, along with broadband Internet access that is always connected. These employees should have a basic knowledge of patch management because you never know when they might need to work from home. If the employee's home computer isn't properly patched, sensitive documentation could be accessible to the outside world. There is also the possibility that a virus or Trojan horse could attach itself to a file at the employee's home and find its way back to the office. If you teach employees about the importance of patching and show them how to execute the procedure properly, they are more likely to take the time to safeguard their machine at home (especially if you suggest or require it).

Patch management training meetings

So how do you go about educating users on patching systems? Just sending out an e-mail or a memo probably won't make your point -- half the people won't read it, and the other half won't take it seriously. Instea

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Microsoft Windows patches and critical updates Troubleshooting Microsoft WSUS connectivity issues Windows security tools for the busy desktop administrator Why should Windows shops use Microsoft Baseline Security Analyzer? Enhancing patch management with NAP The 10 most common Windows security vulnerabilities Windows security in the enterprise: Tutorials Microsoft will release three critical patches in May Critical patches for IE and Office released Have my Windows patches actually been installed? PatchLink Update 6.4

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

d, try to set up a series of training meetings with smaller groups or departments to explain and demonstrate patch management. Try to keep the meetings small. The fewer in the group, the more likely the users will be to ask questions about things they don't understand.

As you discuss patch management with the users, you must keep in mind that most of them are not familiar with patching. You should also keep in mind that there are many patching myths floating around -- and some people whole-heartedly believe those myths. Give users specific dos and don'ts to patch their systems. Here are some of the points to consider discussing:

How to make users listen

Patching can be a lot of work for users and not everybody will be immediately receptive to the idea. But there's one sure-fire way to sell patch management: fear.

For example, you might get the ball rolling by showing employees a hacker Web site that contains instructions for exploiting an operating system vulnerability. You could explain to them that unless a security patch is applied, anyone who visits that Web site could figure out how to attack your company's system. Give specific examples of what kinds of documentation is vulnerable, preferably particular to the group or department at the meeting. Then, show them the magic bullet: The patch that again makes them safe.

Sooner or later, someone is bound to ask why patch management is necessary for home computers. The common perception is that only large companies get hacked and your company already has security systems in place.

When that question is raised, ask the group how many of them have ever walked into a store and established an instant credit line. Almost everybody will remember having done so at one time or another. Explain that to get your business, stores will approve credit on the spot. Anybody with a decent credit score can walk in with no money and walk out with a $3,000 television.

Hackers frequently target home computers in an effort to steal personal information, such as a name, address, social security number, etc. With enough personal information, these unsavory types can apply for credit in your name, using your credit score -- and you'll soon be buying them a new television.

Someone may also question whether your specific recommendations are relevant to them; after all, every home machine is set up differently. This is a valid point. I can almost guarantee that the machine I am using to write this article is significantly different from the one you are using to read it. However, there is at least one mitigating factor working to your advantage: Windows XP.

Microsoft generally releases new desktop operating systems every two years, but Windows XP has been in use for an unusually long period of time. Most people with PCs less than four years old are running Windows XP (although you might have someone who uses a Macintosh or Linux). The fact that Windows XP is such a dominant standard means that the information you are presenting will be relevant to most of the people in the group. For the few Windows 98 stragglers in the room, you can take the opportunity to warn them of the dangers that they face and to encourage them to update.

Handouts to provide

You might consider providing some very clear and simple instructions on how to automatically update and manually download patches. You can pass these out at the end of the session and provide a URL for finding the instructions online. That way, you'll have fewer helpdesk calls and more users empowered in your fight to promote patch management.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit his personal Web site at www.brienposey.com.

More information from SearchWindowsSecurity.com

Article: Software patching remains a laborious process

---

Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.