Secunia CSI integrated with WSUS (SCCM)



Similar documents
Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Nagios XI Monitoring Windows Using WMI

ACTIVE DIRECTORY DEPLOYMENT

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

4cast Client Specification and Installation

Windows Server Update Services 3.0 SP2 Step By Step Guide

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

AdminToys Suite. Installation & Setup Guide

Universal Management Service 2015

NetWrix Password Manager. Quick Start Guide

SCCM How to guide deploying SCCM Client, setting up SUP and SCEP. Hans Chr. Andersen

How To Set Up Safetica Insight 9 (Safetica) For A Safetrica Management Service (Sms) For An Ipad Or Ipad (Smb) (Sbc) (For A Safetaica) (

Adobe Acrobat 9 Deployment on Microsoft Windows Group Policy and the Active Directory service

NetIQ Advanced Authentication Framework - Administrative Tools. Installation Guide. Version 5.1.0

TECHNICAL DOCUMENTATION SPECOPS DEPLOY / APP 4.7 DOCUMENTATION

CONFIGURING MICROSOFT SQL SERVER REPORTING SERVICES

DriveLock Quick Start Guide

Connecting to Remote Desktop Windows Users

Out n About! for Outlook Electronic In/Out Status Board. Administrators Guide. Version 3.x

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

SupportDesk Installation Guide Main Client Version

ILTA HANDS ON Securing Windows 7

Receptionist-Small Business Administrator guide

NetIQ Advanced Authentication Framework. FIDO U2F Authentication Provider Installation Guide. Version 5.1.0

Transferring Scans from your Dolphin into Destiny

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

Deploying Windows Streaming Media Servers NLB Cluster and metasan

Software Installation Requirements

Aspera Connect User Guide

InventoryControl for use with QuoteWerks Quick Start Guide

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Installing Remote Desktop Connection

SOLARWINDS ORION. Patch Manager Evaluation Guide

SARANGSoft WinBackup Business v2.5 Client Installation Guide

Configuring a Custom Load Evaluator Use the XenApp1 virtual machine, logged on as the XenApp\administrator user for this task.

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Table of Contents. Introduction...9. Installation Program Tour The Program Components...10 Main Program Features...11

How to Configure Terminal Services for Pro-Watch in Remote Administration Mode (Windows 2000)

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Kaseya Server Instal ation User Guide June 6, 2008

User Document. Adobe Acrobat 7.0 for Microsoft Windows Group Policy Objects and Active Directory

Defender Token Deployment System Quick Start Guide

Click Studios. Passwordstate. Password Discovery, Reset and Validation. Requirements

Egress Switch Client Deployment Guide V4.x

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

owncloud Configuration and Usage Guide

Sharpdesk V3.5. Push Installation Guide for system administrator Version

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

Creating client-server setup with multiple clients

Setup Guide for Exchange Server

Active Directory Software Deployment

NovaBACKUP xsp Version 15.0 Upgrade Guide

RSA Security Analytics

Installing Policy Patrol on a separate machine

Parallels Mac Management for Microsoft SCCM

DCA Local Print Agent Push Install

Lotus Notes 6.x Client Installation Guide for Windows. Information Technology Services. CSULB

F-Secure Messaging Security Gateway. Deployment Guide

Set Up Setup with Microsoft Outlook 2007 using POP3

User Guide Microsoft Exchange Remote Test Instructions

XMap 7 Administration Guide. Last updated on 12/13/2009

Core Protection for Virtual Machines 1

DataSuite Installation and Activation Guide

Exchange Server Backup and Restore

Setting up a VPN connection Windows XP

CONSOLEWORKS WINDOWS EVENT FORWARDER START-UP GUIDE

HP Universal Print Driver Series for Windows Active Directory Administrator Template White Paper

SCUP 2011 Installation and Configuration Guide

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

Acronis Backup & Recovery 11

Distributing SMS v2.0

Richmond Systems. SupportDesk Quick Start Guide

INSTALLING MICROSOFT SQL SERVER AND CONFIGURING REPORTING SERVICES

Como configurar o IIS Server para ACTi NVR Enterprise

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd.

E-Notebook SQL13.0 Desktop Migration and Upgrade Guide

for Networks Installation Guide for the application on the server July 2014 (GUIDE 2) Lucid Rapid Version 6.05-N and later

SMART Classroom Suite 2011

HP Business Availability Center

Dell UPS Local Node Manager USER'S GUIDE EXTENSION FOR MICROSOFT VIRTUAL ARCHITECTURES Dellups.com

USER GUIDE. Ethernet Configuration Guide (Lantronix) P/N: Rev 6

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

Deploying the DisplayLink Software using the MSI files

Indian Standards on DVDs. Installation Manual Version 1.0. Prepared by Everonn Education Ltd

Microsoft Dynamics GP Release

Installation Manual (MSI Version)

XStream Remote Control: Configuring DCOM Connectivity

Network/Floating License Installation Instructions

Deploying Applications To Users Using SCCM 2012 R2

NSi Mobile Installation Guide. Version 6.2

How to Install and Setup IIS Server

Kaseya 2. Installation guide. Version 7.0. English

Freshservice Discovery Probe User Guide

Setting Up SSL on IIS6 for MEGA Advisor

Remote Deposit Capture Installation Guide

ilaw Installation Procedure

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

Also you need the C-MOR ISO file. This file you will find following this link:

FileMaker Server 15. Getting Started Guide

Transcription:

Secunia CSI integrated with WSUS (SCCM) A how to documentation 1 Requirement: 1.1 CSI GUI/console requirements The CSI Console must be launched by a user with Domain Admin privileges https://secunia.com must be added to the Trusted sites in the Internet Options of IE Port 443/TCP open outbound (towards the Internet) Minimum 1024 * 768 screen resolution Adobe Flash plug-in for Internet Explorer (needed to display charts and other graphics) You can run the agent on the computer as a client or clientless, requirements: 1.2 Agent requirements Port 443/TCP open outbound Windows Update Agent 2.0 or later 1.3 Scan group/agent-less requirements Ports 139/TCP and 445/TCP open inbound (on hosts) File sharing enabled on hosts Easy/simple file sharing disabled on hosts Windows Update Agent 2.0 or later Required Windows services started on hosts (should be by default): Workstation service Server service Remote Registry service COM+ services (COM+ System Application: Set to Automatic) 1.4 OS requirments: Windows 2000 SP4 Windows XP SP3 Windows Vista Windows 7 Windows Server 2003 Windows Server 2008

To integrate Secunia CSI with WSUS (SCCM) you will also need to complete the following requirements: 1.5 CSI with patching capability WSUS installer (Administration console only) Visual C runtime Microsoft.NET runtime V2.0 SP2 If running the Secunia CSI 4.0 for the first time in Windows Vista, 7 or 2008, right click the CSI icon and select 'Run as administrator' Remote Registry must be enabled in order to successful install the certificates (In Vista and Win7 the service is by default disabled) In my test scenario I installed the Secunia CSI on the SCCM server. Remember that you will also need to have the WSUS Admin Console installed on the server you are launching the Secunia CSI from (remember to have the same version as the WSUS server (WSUS Admin Console 3.0 SP2 if you are running WSUS 3.0 SP2 on your WSUS server). 2 Installation and configuration of Secunia CSI. Double click the installer icon and follow the wizard instructions. Launch the Secunia CSI as an Domain Administrator, i.e. right-click and 'Run as administrator' (if running on Windows Vista, 7 or 2008) Log in with user name and password. You will be prompted to configure or skip CSI 4.0 initial configuration (i skipped it). Go to the Patch Menu and Click Configuration: Then you will see the following screen:

In this section you should provide the relevant information (IP-address / DNS-name) regarding the WSUS server you wish to use. After inserting the necessary information, press 'Save and Connect. If the connection is successful, a message box will be displayed (for troubleshooting read section 4 Troubleshooting). Please note that the port number used to connect to your WSUS depends on your settings, ports 80 or 8530 are the most common. 2.1 Create and install the Certificate In order for the clients to consider the locally created updates, a signing certificate must be created for the WSUS. The Secunia CSI will search for the Certificate and if the Certificate doesn t exist, the following message will displayed. Click the 'OK' button to create a new Certificate: And press OK on the Following: After pressing the 'OK' button, the certificate is created on the WSUS server. It is then ready to be Installed both locally on the system running the Secunia CSI, and on the target computers.

This certificate must be present in the following systems: WSUS Server (This is done my clicking the 'Create Signing Certificate' button) The system running CSI (This is done by clicking 'Install Certificate, and if you cannot see the Install Certificate button the certificate is installed') Clients receiving Updates (This is done with GPO or with Right clicking clients, se below). This Certificate can be distributed with GPO or by going to Patch Deployment, select the target computers where the certificate is to be installed (CRTL+ mouse click for multiple selection) and right clicking to select 'Verify and Install Certificate'. If you are using right click installation of the Certificate, remember that you need to be sure you completed the following requirements: When installing the Certificate, please make sure that CSI was launched with 'Run as administrator' (applicable in Windows Vista, 7 and 2008). Remote Registry is needed to install the certificates (in Vista, Win7 this service is disabled by default). Note that the certificate must also be installed on the system being used to create the packages. 2.2 GPO Configuration After installing and creating and the Signing Certificate, the Secunia CSI will search for the CSI WSUS Group Policy. If that policy doesn't exist, the following message will be displayed. If you press OK the following screen will appear: IMPORTANT NOTE: If you use Microsoft SCCM (System Center Configuration Manager) please make sure you don't check the first option 'Use the WSUS Server specified in the CSI'.

In my lab I changed the GPO myself on the AD server, and then ran gpupdate /force on the SCCM server, WSUS server and on the clients: 1. In the Group Policy Management Console (GPMC), browse to the GPO on which you want to configure WSUS, and then click Edit. 2. In the GPMC, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update. Enable: Allow signed updates from an intranet Microsoft update service location. (Important enables WSUS to distribute patches through the Secunia CSI) Note: The user running the Secunia CSI must have the necessary privileges so it can perform tasks such as: Configure / connect to Microsoft WSUS, perform remote scans to hosts in the network, install the necessary certificates so client machines can accept the packages created with the Secunia CSI. 3. Scanning computers for applications that need patching: Go to Scan in Secunia CSI, and then select Quick Scan. I selected Scan this Computer (Local host) and then pressed SCAN Hosts. This will scan the computer where secunia csi is installed(my sccm server). Remember than you can scan clients using the agent or agentless. If you are using agentless remember that you need to complete the requirements in section 1.3

After scanning I found that some applications need patching, so I went to Patch, and Create: And then right clicked on Adobe Reader and choose Create Update Click on the Path and then Next.

I then clicked on the download link to download the application, and saved it to my disk. After the download was completed I choose Browse, and browsed to the area where the file is located, then clicked next. Check www.appdeploy.com for parameters to your applications.

Click Finish to create the Application.. Go to your SCCM server and Run Synchronization: Then after a minute or two, browse down to Security Updates, and yes it s there:

Deploy these updates as you would with normal Windows updates. 4 Troubleshooting If you are having trouble, enable the logging feature, and read the log file: Go to: "Configuration" -> "Settings" -> "Enable Logging, then read where the log file will be created. Do the steps that created an error, open the log file and read what went wrong. (Thanks go to Richard from Secunia for this one). 5 Sources Sources for some of the material: Secunia_CSI_4_setup_and_usage_guide.pdf from Secunia. 6 More to come: How to scan computers with an agent or agentless How to configure Secunia when you have a Hierarchy of SCCM and WSUS server. More troubleshooting?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information