Solved

Workstations rejecting patches/service packs

Posted on 2004-08-26
3
188 Views
Last Modified: 2013-12-04

I have some older PCs that don't seem to be accepting patches

I've attempted deploying the patches manually, but after a scan with Microsoft’s Baseline Security Analyzer, they still show as vulnerable.

In some instances, a PC won't accept except SP4 (over its current sp3 install)

in other SP4 machines, they are selective: where one won't accept any post sp4 patches and other another will reject every other patch.

I'm applying the patches in order and they even show up in the Add/Remove Program Wiz as being installed, but scans show they are vulnerable.  Are these readings bogus?

The PCs having the problem are all in the range of PII and Celeron processors with 400-500 mhz, 256mb ram and 5gig hard drives, with plenty of space.

This is my last attempt before I reload the machines with integrated SP4, so any advice help is appreciated.
0
Comment
Question by:Marketing_Insists
  • 2
3 Comments
 

Author Comment

by:Marketing_Insists
Comment Utility
Sorry, this is regarding Windows 2000 and post sp4 hotfixes
0
 
LVL 2

Accepted Solution

by:
mellowmarquis earned 250 total points
Comment Utility
Are the machines coming up with error messages when you try to install the patches, or does it seem to go through OK?

A few thoughts:

1. Are you logged in as the local Administrator with sufficient rights to all system directories when you a)install the patches and b)scan for patches

2. Are you installing locally or across the network? A dumb question maybe, but I like to cover all angles. Local is obviously preferable.

3. There are several tools to scan a PC to check which of these patches are installed and sometimes these scans can be less than honest, even with MBSA. You may want to try Shavlik HfnetchkPro:

http://www.shavlik.com/pHFNetChkPro.aspx

and/or GFI LANguard N.S.S (eval)

http://www.gfi.com/lannetscan/?adclickid=1472336

and see if they come up with the same results.

4. If you have internet access, go to the MS download site and let it scan your machine that way. I find that is usually the most reliable way to check.

Hope this helps :)





0
 

Author Comment

by:Marketing_Insists
Comment Utility

4.

Visisting windows update did the trick.

I'm so used to deploying patches remotly or personally with the pre-downloaded packages, the old stand-by slipped my mind.

Thanks!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now