Problem solve Get help with specific problems with your technologies, process and projects.

Keeping remote PCs patched

Site contributor Tony Bradley offers three quick tips to help you ensure remote machines are regularly patched, or at least protected until they can be patched.

A long time ago, in a decade far, far away, I ran my operating system and applications without constant patching. I had to manually solve interruption requests and other device conflicts, but I didn't have to patch on a weekly or daily basis. Those days are long gone.

Whether you are one with the patching and accept it as an integral component of computer software, or you cling to a Utopian idealism that Windows software vendors should just write perfect code, patching is a necessity in today's networked world -- particularly for those machines that are not always on the network.

Many companies use software packages designed to scan computers on a network, determine which patches are missing and automatically deploy the necessary fixes, but how should they patch the intrepid road warrior who isn't always connected to the network or available on site? The following three quick tips will help you ensure remote machines are regularly patched or at least protected until they can be patched:

Use vendor updates
Rather than rely on internal patch testing and deployment procedures, configure remote machines to automatically retrieve and apply patches and updates. Running Windows Automatic Update on each machine will help keep them protected. Many vendors other than Microsoft also offer their own automatic updates, or at least automatic notification when new updates are available.

Patch via snail mail
Patching remote users is difficult because they often connect to the company network over slow or unreliable connections. Attempting to download and install tens or hundreds of megabytes of patches may seem impossible. To avoid this problem, collect and record the required patches on CDs or DVDs, then distribute them to remote users so they can install the updates without the Internet bottleneck.

Deploy policy enforcement products
As more companies are required to assure network security with policy compliance, a new breed of products aimed at automatically enforcing that compliance has emerged. Cisco's Network Access Control (NAC) and Trend Micro Network VirusWall can verify the current patch status of remote machines attempting to connect to the network. Systems not up to date are directed to a server to obtain necessary patches or instructions on how to get in compliance before being allowed access to the network.

Keeping remote systems up to date with the latest patches is certainly a challenge. Regardless of how you solve the dilemma, you should always protect Windows systems with frequently-updated antivirus programs and personal firewalls.

About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He compiles the Guide for Internet/Network Security, providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security.

More information from

  • Book Excerpt: Roberta Bragg explains how to use remote access policies
  • Tip: Get help weeding out those unpatched systems
  • Tip: Make sure you patch for regulatory compliance

  • Dig Deeper on Patches, alerts and critical updates

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.