cde123ans
asked on
Microsoft, Windows 2000 server and 2003 server, Windows 2000 server and 2003 server, No internet access from these servers
what is best and proven method to update MS patches/updates to servers that don't have access to the internet(this is on purpose and the servers can't be connected to the internet due to security requirements)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, patches are normal *.exe files that can be downloaded and burned to CD, or copyed to USB drives, over the network, etc... More info at http://www.microsoft.com/technet/archive/community/columns/security/essays/secpatch.mspx?mfr=true
Once that you collect all of those patches manualy, you can install them on as many servers you want to.
Also, good practice is that you download SP2 for MS Windows 2003 server, because most of the patches are already in SP2. After that, you only need to download patches that are released after SP2 and install them on your servers.
But if you want to save time, try to use Autopatcher, you will love it.
Hope this help!
Once that you collect all of those patches manualy, you can install them on as many servers you want to.
Also, good practice is that you download SP2 for MS Windows 2003 server, because most of the patches are already in SP2. After that, you only need to download patches that are released after SP2 and install them on your servers.
But if you want to save time, try to use Autopatcher, you will love it.
Hope this help!
as my friends said, WSUS is the best method and program, but you can use 3rd party softwares like GFI languard N.S.S. this is a complete solution for patch management and vulnerability scanning for your clients and servers.
I use this for my network, since this is very powerful software. scan your clients and informs you about all vulnerabilities, include missing patches or SPs for microsoft applications, shared folders on the systems, users, hardwares, open ports , and many other tools.
More info at http://www.gfi.com/lannetscan/
I use this for my network, since this is very powerful software. scan your clients and informs you about all vulnerabilities, include missing patches or SPs for microsoft applications, shared folders on the systems, users, hardwares, open ports , and many other tools.
More info at http://www.gfi.com/lannetscan/
ASKER
Cro0707 and majidhajali, Thank You for your information.
"After that, you only need to download patches that are released after SP2 and install them on your servers."
I notice that updates are always "downloaded" before installation. Can I use those downloads and if so, where are they located and how would I RE-USE them? On our internet-attached servers this is now problem due to MSupdate site, but for our servers that ARE NOT ON THE INTERNET, can I just place those files or folders on thumb drive or somewhere then RUN THEM or something like that?
Thank You
Cesar ;-) what else does one do on a Saturday night ;---)))
"After that, you only need to download patches that are released after SP2 and install them on your servers."
I notice that updates are always "downloaded" before installation. Can I use those downloads and if so, where are they located and how would I RE-USE them? On our internet-attached servers this is now problem due to MSupdate site, but for our servers that ARE NOT ON THE INTERNET, can I just place those files or folders on thumb drive or somewhere then RUN THEM or something like that?
Thank You
Cesar ;-) what else does one do on a Saturday night ;---)))
ASKER
Can patches be downloaded to any hard drive, then burned to CD, then installed? Can I simply copy a folder from patches that have been installed on other similar type servers that ARE patched(these)?
I guess my main need is to learn what is best way to download the patches manually, then how to apply on those "private" servers(of course this refers to servers that don't have access to the internet)
Thank You for quick response,
Cesar