Windows Updates
Since these computers operate on a network, their operating systems must have the latest updates.
Automated: Windows Updates
Disable the Native Utility
Windows ships with the Automatic Updates program, but its features do not suit our policies. So we first disable this feature:
- Select Start | Settings | Control Panel | Automatic Updates.
- Windows XP: Select Start | Settings | Control Panel | System | Automatic Updates.
- Uncheck the box for Keep my computer up to date.
- Click OK.
Disable the Windows XP SP2 Firewall
...you will need to disable the firewall on the windows XP computers.
You can disable the firewall by opening computer management,
near the bottom left you will see services and applications, click the
+ (Plus sign) to open and then select services.
Scroll down the right side and look for Internet connection Firewall,
double click it and change the startup type to disabled, and then stop the service,
click apply and close the window. This will disable the firewall and
allow normal network functions to work without interruption. The major
problem with the firewall is that it will block your computer from getting
antivirus updates from our virus scan server. it will also make it impossible to manage over the network.
Will Chaney, email, 2005-04-13.
Windows Update Server
Our computers should all be set to use the local Software Update Server.
If you have computers that have not been setup to check
with our Software Update Server, you need to execute the SUS.bat
file located at: \\Smathersnt2r\Departments\ReadOnly.
Will Chaney, email, 2005-04-13.
How can we be sure the SUS.bat file is installed? Is there a way to double check?
There is a windows update.log file located in C:\windows or c:\winnt whichever you have.
It will show entries near the bottom of checking with our local server if its been installed.
Our local server is smathersnt8r1.
Enable the "Log off, leave on" Policy
It has been decided that all network computers will be left on
at all times... unless a power surge is expected.
Will Chaney, 2003-12-12
The displays can be turned off, but the CPU's should stay on.
...please ensure that your file and print sharing settings are
checked, this will help keep the computers updated.
Actually, both the operating system and the virus pattern updates depend on this:
- Select Start | Settings | Control Panel | Power Options.
- Under Power Schemes, select Always On.
- Under Turn off monitor, select Never.
- Under Turn off hard disks, select Never.
- Under System standby, select Never.
- Under the Hibernate tab, uncheck Enable hibernate support.
Manual: Critical Updates and Service Packs
This can be a long and difficult process if the computer did not ship with the latest service pack. But this part is extremely important for the security of our network. Let not the DLC become Patient Zero in the next great viral plague.
- Select Start | Windows Update.
- Click on Scan for Updates.
- Download and install all service packs and critical updates, even those for programs that the user does not think they will use. (Outlook Express is a good example.) Just having the program installed on the machine opens up that machine to attacks, even if it is never used by anyone even once. Nice, huh? So just suspend your faculty of analytical thought and install everything which Microsoft has labeled critical.
- It may make you do some updates separately from others, and in a particular order. Good luck with that.
- For security reasons, make sure to install or upgrade to the latest version of the Internet Explorer browser and all its patches, even if it will not be used at that workstation.
- Restart.
- Always go back and check for more updates, because the installation of one will sometimes create the need for another one, even though it was not previously listed. Updates are tricky.
- And always login as yourself again and open up Internet Explorer and Outlook. Many Windows updates do not actually go into effect until some Microsoft programs are opened. Openeing IE should but its patches into play, and Systems recommends opening Outlook since it is "sufficiently complicated".
Manual: Recommended Updates
Normally we just say no to these, but the DLC uses several programs which require the Microsoft .Net framework. Install the latest version listed under Recommended Updates at the same web site.
