Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 386
  • Last Modified:

Install patches & updates during reboot

We face an issue with patching a large, Windows based client computer environment.

I am not talking about Microsoft OS patches but patches of applications. The problem is that end users have administrative privileges to their machines (no way to change this as it's a contractual requirement) and install their own software beside the software managed by us. Regrettably the installation of self-installed applications is not controlled in anyway and often their applications make use of our applications and therefore block files/processes.

Example:
 - We manage the email application and should patch it
 - We are aware of some additional tools, accessing the email application, hence before patching starts we check if the email applications as well as the tools known to us are closed
 - Regrettably there are other, "end user managed" tools out there (e.g. a calendar sync tool for whatever mobile device) which are keeping files/processes of the email application open and make a straight forward patching of affected PCs impossible

I assume other companies have similar issues. How do you overcome those?

E.g. is there a reliable solution to install patches during reboot?
0
CPAB
Asked:
CPAB
  • 4
  • 2
2 Solutions
 
AlexiosCommented:
Hello
Indeed the administrator privilege is an issue for the situation as you decribed it

Group policy is a good solution
0
 
CPABAuthor Commented:
@Kostasp: thank, but what do you exactly mean with "group policy is a solution"? Preventing the customer to install apps? We are regrettably not allowed to do so...
0
 
AlexiosCommented:
No, I was referring just to your question

Group policy is a good solution... for applying patches
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
CPABAuthor Commented:
Ok, yes, that's an option.

Is somebody aware on how to realize something like this using Microsoft SCCM. We are currently patching using SCCM and have all processes and reports designed around this tool. Hence it would be nice if we could integrate such a "patch on reboot" solution into SCCM based patching...
0
 
AlexiosCommented:
Yes...
I think that you cannot configure that specific action with SCCM unfortunately
0
 
AlexiosCommented:
Glad to help
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now