Professional Documents
Culture Documents
Problem 07:
P.A.T.C.H. it!
1
Problem Statement
Wannacry ransomware attack is the largest cyber-attack
occurred in recent years.
Your boss requires you to get all the 500 Windows 10 PCs
and 20 servers running installed with the security update
released in March which addresses the vulnerability that
these attacks are exploiting on Windows systems in an
effective method.
2
Approaches to Problem Statement
3
Update Management
Source: https://technet.microsoft.com/en-us/library/hh852345(v=ws.11).aspx
4
Phases of Update Management
4. Deploy 1. Assess
3. Evaluate
& Plan 2. Identify
Phases of Update Management
Assess
Inventory existing computing assets.
Assess security threats and vulnerabilities.
Determine the best source for information about new software
updates.
Assess the existing software distribution infrastructure.
Assess operational effectiveness.
Identify
Discover new software updates.
Determine whether software updates are relevant.
Obtain safe and reliable software update source files.
Categorize the software update as a normal change or an
emergency.
6
Phases of Update Management (Cont’d)
Deploy
Prepare for deployment.
Deploy a software update to targeted computers.
Review the deployment, post-implementation.
7
Security Bulletins
Source: http://www.microsoft.com/technet/security/bulletinsandadvisories/default.mspx
8
Update Management Tools
System Center Configuration Manager (SCCM) - formerly known
as Microsoft Systems Management Server (SMS)
Commercial software
Besides Patch Management, features include Application
Deployment/Asset Tracking and Management
Windows Update
Automatic Updates
Windows Server Update Services (WSUS)
Ease the deployment of the product updates and patches.
Manage the distribution of updates to clients in your environments
9
Windows Server Update Service (WSUS)
The Windows Server Update Service (WSUS) enables system
administrators to deploy the latest Microsoft product updates.
Source: https://technet.microsoft.com/en-us/library/hh852345(v=ws.11).aspx
10
WSUS Deployment Scenarios
(Small-Sized or Simple Network)
Source: https://technet.microsoft.com/en-us/library/cc708628(v=ws.10).aspx
11
WSUS Deployment Scenarios
(Medium-Sized or More Complex Network)
Administrators can deploy multiple servers that are
configured so that each server is managed
independently and so that each server synchronizes
its content from Microsoft Update
Multiple Independent
WSUS Servers
Multiple Internally
Synchronized WSUS Servers
12
WSUS Deployment Scenarios
(Medium-Sized or More Complex Network)
13
Windows Server Update Services
Software that downloads all critical updates and
security patches to servers and client
computers as soon as the updates are posted
to the Windows Update Web site
LAN
14
Windows Updates
What are updates?
Security fixes, critical updates, and critical drivers
Resolve known security vulnerabilities and stability issues
Can also include drivers, feature packs, tools,
15
Windows Update Settings
16
Windows Update Settings
The best way to configure Automatic Updates depends
upon your network environment.
17
Configuring Automatic Updates via GPO
Automatic Updates can be
configured using GPO to download
packages from a server running
Windows Server Update Services
18
Checking if Update is successful
Microsoft uses Windows Update Agent
to automatically download updates to
your client machine.
Windows 10, contains major changes to
Windows Update Agent operations; it no
longer allows the manual, selective
installation of updates. All updates,
regardless of type (includes hardware
drivers), are downloaded and installed
automatically, and users are only given
the option to choose whether their
system would reboot automatically to
install updates when the system is
inactive, or be notified to schedule a
reboot.
You can view update history to see the
list of updates that has been applied to
your client machine
19
UsoClient.exe
USO stands for Switch Description
21
WSUS Configuration Wizard
22
WSUS Configuration Wizard
23
WSUS Configuration Wizard
24
Update Service console
25
Configure Automatic Updates (via GPO)
26
Enable client-side targeting (via GPO)
27
Specify intranet Microsoft update service
location (via GPO)
28
WSUS Admin Website
Use the Windows Server Update Services Web site for:
Synchronizing and approving content
Remote administration
Configuring Windows Server Update Services
options
Monitoring
server status
and logs
29
How Synchronization Works
Automatic synchronization
30
WSUS Reports (validation)
WSUS provides
reports containing
useful information
that allows
administrators to
validate if updates
have been
successfully
applied.
Administrators can
use information
from these reports
to make decisions
and carry out any
admin tasks if
deemed necessary
31
Possible Solution
32
P07: What you learnt today
Explain the role of Windows Server Update Services (WSUS) that
enables administrators to manage and distribute updates
Manage the distribution of updates that are released through
Microsoft Update to computers in a network using GPO
Configure Group Policy Settings to control how WSUS clients can
interact with Windows Update to obtain automatic updates
Deploy updates with WSUS
33
Road Map
S/No Key Area Objective
34