In this two-part series, SearchWindowsSecurity.com contributor Serdar Yegulalp identifies tools and techniques for easing the pains of patch management. Part one discusses three different tools for automating processes and updating your systems. Part two will offer three techniques to simplify patching.


Keeping one system patched with the latest security updates and hotfixes is usually easy enough. Keeping 10, 100 or 1,000 machines up to date -- now that's agonizing. It's even worse if you inherited someone else's network, and have no idea what was patched and what wasn't, or how recently patches were made. The good news is you can approach this problem with a bevy of tools, which handle everything from auditing an existing group of systems for patch-readiness to automatically pushing patches to systems that need them.

Automate your auditing
Don't drive yourself crazy inspecting systems "by hand" to see what patches or service packs they need; use a program designed for exactly that function. One of the best third-party programs for doing this is Security Bastion's Service Pack Manager 2000, which audits for Windows service packs and patches, and looks for updates to Microsoft server products like ISA Server, SQL Server and Exchange Server. Any missing patches can be downloaded and rolled out to the target machines. A free five-computer version of the program is available for unlimited use.

Use Software Update Services to patch from within
Microsoft's Software Update Services tool lets you use Windows's Automatic Updates function to retrieve published updates from a local server rather than Microsoft's servers. The administrator can download and publish the patches that need to be rolled out to the organization, cutting down on the amount of external bandwidth used, while garnering tighter control over which updates are published. SUS is now being revamped as Windows Update Services.

Use PsExec for quick-and-easy remote command-line patching by hand
If you're trying to patch a system remotely from a command line and don't want to go through the hassle of setting up remote access, consider PsExec. This is a freeware utility that lets you interactively run command-line (not GUI) programs on a remote system. It's also a good way to perform the auditing and inspection often needed to insure that a patch installed correctly (i.e., to make sure files now have the proper date and time stamps, etc.). The utility can be found at Sysinternals.com.

Click here to read part two of this series, "Quick tips for easier patching".


For More Information

  • Get help prioritizing critical Windows patches.
  • Find out why you should consider MBSA patching help.
  • View our complete collection of Patch Management Tips.


  • This was first published in November 2004

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.