Solved

Microsoft, Windows 2000 server and 2003 server, Windows 2000 server and 2003 server, No internet access from these servers

Posted on 2007-12-06
7
221 Views
Last Modified: 2013-12-05
what is best and proven method to update MS patches/updates to servers that don't have access to the internet(this is on purpose and the servers can't be connected to the internet due to security requirements)
0
Comment
Question by:cde123ans
  • 2
  • 2
7 Comments
 
LVL 10

Accepted Solution

by:
Cro0707 earned 125 total points
ID: 20426029
Best method is that you implement WSUS on one of servers that are able to go to internet. Others servers will updates trought this server. This is recommended by Microsoft and this is best method. Current version of WSUS is 3.0, http://technet.microsoft.com/en-us/wsus/default.aspx

Other methods are that you download patches and install them manualy on all others servers.

Thirt solution is that you download program called Autopatcher 2003, this is program that have all pathes compiled into one single EXE file, all that you need to do is run this program, then you will be able to choose which updates you want to install. Problem is that AP has stop updating before few months, but this is still great choice. http://www.autopatcher.com

Hope this help!
0
 

Author Comment

by:cde123ans
ID: 20426092
Cro0707, thank you  the WSUS is good, but I've seen/read about issues with 3.0.  I would probably implement 2.0, but I'm not quite at that knowledge level yet.  

Can patches be downloaded to any hard drive, then burned to CD, then installed?  Can I simply copy a folder from patches that have been installed on other similar type servers that ARE patched(these)?  

I guess my main need is to learn what is best way to download the patches manually, then how to apply on those "private" servers(of course this refers to servers that don't have access to the internet)

Thank You for quick response,
Cesar
0
 
LVL 10

Expert Comment

by:Cro0707
ID: 20426120
Yes, patches are normal *.exe files that can be downloaded and burned to CD, or copyed to USB drives, over the network, etc... More info at http://www.microsoft.com/technet/archive/community/columns/security/essays/secpatch.mspx?mfr=true

Once that you collect all of those patches manualy, you can install them on as many servers you want to.

Also, good practice is that you download SP2 for MS Windows 2003 server, because most of the patches are already in SP2. After that, you only need to download patches that are released after SP2 and install them on your servers.

But if you want to save time, try to use Autopatcher, you will love it.

Hope this help!
0
 
LVL 4

Expert Comment

by:majidhajali
ID: 20426577
as my friends said, WSUS is the best method and program, but you can use 3rd party softwares like GFI languard N.S.S. this is a complete solution for patch management and vulnerability scanning for your clients and servers.
I use this for my network, since this is very powerful software. scan your clients and informs you about all vulnerabilities, include missing patches or SPs for microsoft applications, shared folders on the systems, users, hardwares, open ports , and many other tools.
More info at http://www.gfi.com/lannetscan/
0
 

Author Comment

by:cde123ans
ID: 20435861
Cro0707 and majidhajali,   Thank You for your information.

"After that, you only need to download patches that are released after SP2 and install them on your servers."

I notice that updates are always "downloaded" before installation.  Can I use those downloads and if so, where are they located and how would I    RE-USE them?   On our internet-attached servers this is now problem due to MSupdate site, but for our servers that ARE NOT ON THE INTERNET, can I just place those files or folders on thumb drive or somewhere then RUN THEM or something like that?

Thank You
Cesar  ;-)    what else does one do on a Saturday night  ;---)))


0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Know what services you can and cannot, should and should not combine on your server.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now