Why do we need an update management system?



Similar documents
How To Install An Aneka Cloud On A Windows 7 Computer (For Free)

Windows Offline Files

To install Multifront you need to have familiarity with Internet Information Services (IIS), Microsoft.NET Framework and SQL Server 2008.

Integration Package for Microsoft Office SharePoint3

Introduction. Before you begin. Installing efax from our CD-ROM. Installing efax after downloading from the internet

Administrator s Guide

EPiServer Operator's Guide

Egress Switch Client Deployment Guide V4.x

RMCS Installation Guide

McAfee One Time Password

Installation Manual v2.0.0

Healthstone Monitoring System

Content Management System

FortiClient SSL VPN Client User s Guide

Practice Fusion API Client Installation Guide for Windows

Office of Information Technologies (OIT) Network File Shares

Universal Management Service 2015

Administrator s Guide

FDCC Implementers Workshop David L. Dixon Sr. Consultant, Microsoft Federal Services FDCC Team

GpsGate Server. Installation and Administration Guide. Version: 2.2 Rev: 2

Guide to deploy MyUSBOnly via Windows Logon Script Revision 1.1. Menu

Installing the Citrix Online Plug-In

Administrative Guide VtigerCRM Microsoft Exchange Connector (Exchange Server 2010)

1. Installation Overview

Dell UPS Local Node Manager USER'S GUIDE EXTENSION FOR MICROSOFT VIRTUAL ARCHITECTURES Dellups.com

Admin Guide Product version: Product date: November, Technical Administration Guide. General

MapGuide Open Source Repository Management Back up, restore, and recover your resource repository.

Contents 1. Introduction 2. Security Considerations 3. Installation 4. Configuration 5. Uninstallation 6. Automated Bulk Enrollment 7.

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

WRITING HONEYPOINT PLUGINS WITH HONEYPOINT SECURITY SERVER

TECHNICAL TRACKSNETWORKING ESSENTIALS OPPORTUNISTIC LOCKING

R i o L i n x s u p p o r r i o l i n x. c o m 1 / 3 0 /

MAPI Connector Overview

JobScheduler Web Services Executing JobScheduler commands

Perceptive Intelligent Capture Solution Configration Manager

Click Studios. Passwordstate. Upgrade Instructions to V7 from V5.xx

Installation Instructions

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities

Secure Messaging Server Console... 2

30 Steps to Successfully Installing DotNetNuke on a Network Solutions Shared Hosting Package

Installation and Administration Guide

IceWarp to IceWarp Server Migration

IT Administrator Guide for Mass Deployment of WebEx Productivity Tools. Installation Guide for Administrators

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Download/Install IDENTD

Best Practices: Integrating Mac OS X with Active Directory. Technical White Paper April 2009

32-Bit Workload Automation 5 for Windows on 64-Bit Windows Systems

How To Configure CU*BASE Encryption

Administration Guide. . All right reserved. For more information about Specops Gpupdate and other Specops products, visit

Netwatch Installation For Windows

Check Point FDE integration with Digipass Key devices

Remote Console Installation & Setup Guide. November 2009

NETWRIX EVENT LOG MANAGER

LDaemon. This document is provided as a step by step procedure for setting up LDaemon and common LDaemon clients.

Software Delivery Integration and Source Code Management. for Suppliers

IT Administrator Guide for Mass Deployment of WebEx Productivity Tools

Installation Instruction STATISTICA Enterprise Small Business

Intelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2)

Before you install ProSeries software for network use

Using CertAgent to Obtain Domain Controller and Smart Card Logon Certificates for Active Directory Authentication

ITA Mail Archive Setup Guide

Installing the ASP.NET VETtrak APIs onto IIS 5 or 6

Install SQL Server 2014 Express Edition

Central Configuration Using File Server

Configuring SSL VPN on the Cisco ISA500 Security Appliance

STATISTICA VERSION 12 STATISTICA ENTERPRISE SMALL BUSINESS INSTALLATION INSTRUCTIONS

Quick Start - NetApp File Archiver

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

SCUP 2011 Installation and Configuration Guide

Microsoft Corporation. Project Server 2010 Installation Guide

for Networks Installation Guide for the application on the server July 2014 (GUIDE 2) Lucid Rapid Version 6.05-N and later

MS Enterprise Library 5.0 (Logging Application Block)

Outlook Data File navigate to the PST file that you want to open, select it and choose OK. The file will now appear as a folder in Outlook.

Installation Steps for PAN User-ID Agent

Click Studios. Passwordstate. Password Discovery, Reset and Validation. Requirements

Univention Corporate Server. Operation of a Samba domain based on Windows NT domain services

Close Support Service Desk v Upgrade Guide

Novell ZENworks Asset Management

MS SQL Express installation and usage with PHMI projects

User s Guide for OpenERP Microsoft Outlook Free Plug-in 1.0 By Axelor

BusinessObjects Enterprise XI Release 2

WebCruiser Web Vulnerability Scanner User Guide

SSL VPN Server Guide Access Manager 3.1 SP5 January 2013

dotdefender v5.12 for Apache Installation Guide Applicure Web Application Firewall Applicure Technologies Ltd. 1 of 11 support@applicure.

HELP DESK MANUAL INSTALLATION GUIDE

FirstClass Export Tool User and Administration Guide

NetWrix USB Blocker. Version 3.6 Administrator Guide

Windows 7 Deployment Procedures in 802.1X Wired Networks

ez Agent Administrator s Guide

NeuralStar Installation Guide

Juris Suite 2.6. Upgrade Guide

How To Understand The History Of Anntds.Dntd.Dt.Dotnetdt Database On A Pc Or Macbook (Windows) With A Password Key (For A Macbook) And Password History (For Annt

COMMANDS 1 Overview... 1 Default Commands... 2 Creating a Script from a Command Document Revision History... 10

IIS SECURE ACCESS FILTER 1.3

CYCLOPE let s talk productivity

A brief Guide to checking your Group Policy Health

Published. Technical Bulletin: Use and Configuration of Quanterix Database Backup Scripts 1. PURPOSE 2. REFERENCES 3.

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

Embarcadero Performance Center 2.7 Installation Guide

SMART Sync Windows operating systems. System administrator s guide

Transcription:

Windows update management using Samba (among other things) SambaXP 2012 May 9th Matthieu Patou Samba Team mat@samba.org Agenda Disclaimer Why do we need an update management system Existing alternatives Yet another SUS, why? Introducing Shuss How it works: for the client How it works: for the server Issues Future Disclaimer The views and opinions in this presentation are my own and do not necessarily reflect the views and opinions of my present, past and future employers. Why do we need an update management system? Because :

applying all the updates proposed by a vendor is not always desirable going on each computer to select updates doesn t scale at all because not applying security updates is not an option Existing alternatives WSUS: Windows Server Update Services LSUS: Linux Server Update Services (defunct) from samba-edu WSUSoffline: seems more offline oriented (Yet) another SUS, why? Was running a full IT infrastructure on top of opensource software. So why introduce non free software for just 1 thing? WSUSoffline didn t exists at that time Didn t like the idea of LSUS trying to interprete Wsusscn2.cab content Microsoft didn t provide a documentation on this file and has already once changed the organisation of the archive There is an API to control update service on workstation Ideal compagnon of Samba 4 DCs Introducing shuss 1/2 Used to be called yasus or L4SUS but domains wheren t available Why shuss...? well grep -E "s.u.s" /usr/share/myspell/dicts/ didn t yield interesting enougth words but shush looks promissing, but wasn t available or I was too tired... Available at http://shuss.org/, contributors very welcome Introducing shuss 2/2 Fairly simple (I hope) Update are served out of a samba share tested only with samba4 DC (and ntvfs fileserver) Should work though with samba 3.x or s3fs if server encrypt is used and vfs_xattr Signed packets provide a proof that updates and update list hasn t been tampered by a man in the middle Each computer has its own folder with ACLs granting write only to this computer and the domain admins How it works: for the client 1/2 At scheduled period getupdates.vbs runs The script create an object manager of class Microsoft.Update.ServiceManager From the manager we create a searcher

Set updatesearcher = updatesession.createupdatesearcher() And then we do the search, default search criteria is: "IsInstalled=0 and Type= Software " Once the search is complete, iterate on the results And write a file in the "computer" folder on the update server with entries like that: Update: Security Update for Windows XP (KB956803) Update ID: 33a7edf1-2350-4102-8082-9540eff65704 Name: Binary en Url: http://download.windowsupdate.com/msdownload/update/ software/secu/2008/09/windowsxp-kb956803-x86-enu_d075d359a2 8ab8b058a35a2e7b466bd0bca8e9ef.exe How it works: for the client 2/2 At scheduled period doupdates.vbs runs It checks for the existance of a file called updatelist with entries like this: microsoft\33a7edf1-2350-4102-8082-9540eff65704.exe 1 Entries indicate the relative path from the updates share on the update server for the file and a file tag, which basically indicate which flags should be used while running the update After each update, a line indicating return code of the update program is added for debug How it works: for the client 2/2 At scheduled period doupdates.vbs runs It checks for the existance of a file called updatelist with entries like this: microsoft\33a7edf1-2350-4102-8082-9540eff65704.exe 1 Entries indicate the relative path from the updates share on the update server for the file and a file tag, which basically indicate which flags should be used while running the update After each update, a line indicating return code of the update program is added for debug How it works: for the server 1/2 updatewatcher.pl is started as a background task with the update folder as first parameter For each folder a separate watcher is created If in the parent folder a new directory is create a new watcher is added It allows new workstation detection without restarting the watcher In other folders if a event concerns a file containing the string proposedupdate.log then the analyzer script is started with the "discovered" file How it works: for the server 2/2 This script will... well "analyze" the list of updates the clients wants and do the following things: If the update is new, add a notify entry If the update is not new, check if last notify date is > 24H if so add a new notify entry

If the update is validated, add it to the list of update to download Send an email if there notify entries Start the download of updates download_winupdate will: obviously download updates if the file didn t exists add entry in the update list with the guessed tag Update are validated with validate_update script Issues Shuss works great with Windows XP/2003 But starting from Vista installation of update isn t working because most of the updates are.cab files and I don t know how to install on Vista But in Windows 7 there is pkgmgr or DISM and shuss is able to use it The update tag (which control the switch of command line) is guessed from the output of file results are descent but not perfect. Future Update API has a way to copy a file to WUA cache The idea is to use this to populate the cache of WUA and then use the API to trigger the installation of selected updates Obviously emails reports for updates is not sufficient and so is the validation of updates only through command line This calls for a web interfaces to be able to lists which updates are needed, which host hasn t applied an update since xx days, to validate updates,... <add here your own whish> Questions Questions? Thank you

Thanks for listenning The discussion continue at blog.shuss.org

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information