1 / 24

Congratulations – you survived the keynote with Stan & Ollie

Congratulations – you survived the keynote with Stan & Ollie. 10 min is all it takes - Managing Microsoft & 3rd party updates with SC 2012 Configuration Manager. Kent Agerlund. Who am I. Kent Agerlund Chief System Management Architect Coretech A/S, Denmark

len
Download Presentation

Congratulations – you survived the keynote with Stan & Ollie

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Congratulations – you survived the keynote with Stan & Ollie

  2. 10 min is all it takes - Managing Microsoft & 3rd party updates with SC 2012 Configuration Manager Kent Agerlund

  3. Who am I • Kent Agerlund • Chief System Management Architect • Coretech A/S, Denmark • Microsoft MVP: Enterprise Client Management • Microsoft Certified Trainer, MCITP Enterprise Admin I love questions – but DON’T ask me about hockey and the world cup

  4. Agenda • Patch Tuesday • Let’s spend 5 min together • Why worry about 3rd party updates • What are your options • SCUP 2011 (System Center Updates Publisher) • Solarwinds • Secunia

  5. So….What is patch management? Patch Creation Vulnerability Intelligence VI VS PC PD PM = + + + Vulnerability Scanning Patch Deployment

  6. Plan for Software Updates • Define you Update process • Pilot environments • Servers with automatic restart • Servers with manual requirements • Logically grouped servers • Workstations in production • Excluded devices • Define you SLA’s • When is your Boss a “Happy Camper” • Can you track compliance • Collection design • Maintenance Windows • CD+IT+RT=MW

  7. Workstation restarts • Automatic restart? • No restart = No compliance = No • Make sure you have a restart plan • Create custom report Last Computer Restart

  8. Give me 5 minutes DEMO Wake up it’s, Patch Tuesday or early Wednesday

  9. Microsoft Programs 14% Third Party Programs 86% Why worry about 3rd party Criminals View Business View What criminals attack Vendors What do you patch today Business critical programs Programs you know about Programs you don’t know about

  10. Cybercriminals know:patch available ≠ patch installed The numbers speaks for themselves – TOP 50 apps Vulnerabilitiesin 2012 TOP 50 Apps 1137 421 in 2009 229 in 2007 10

  11. Where to begin Patching N of 200 programs Strategy 1: Static Risk remediated by patching the N most prevalent programs Strategy 2: By Criticality Risk remediated by patching the N most critical programs • 80% risk reduction achieved by either patching the 12 most critical programs, or by patching the 37 most prevalent programs 12 37

  12. Are we doomed?

  13. SCUP 2011

  14. SCUP 2011 • What is SCUP • Authoring tool • Publishing tool • 3rd Party Updates with SCUP • Same experience for all updates in ConfigMgr • Supports EXE, MSI and MSP based updates • MSU workaround : http://blogs.technet.com/b/dominikheinz/archive/2011/10/17/deploying-custom-msu-updates-with-sccm-and-scup.aspx

  15. SCUP Process Flow Catalogs downloaded from web Import Updates Author Updates Publish Updates Sync Updates Author custom SCUP catalog SCUP Console WSUS Server ConfigMgr Server Scan Updates Deploy Updates ConfigMgr Clients

  16. The signing certificate • Used by SCUP to sign updates • TrustedPublishers • TrustedRoot • ConfigureWSUS GPO • Allow self signed certificates • Create the self-signed certificate with SCUP • External certificate - http://blogs.msdn.com/b/steverac/archive/2011/09/18/using-system-center-update-publisher-2007-with-verisign-certificates.aspx • KB2720211 & KB2661254

  17. Available Catalogs • Free catalogs • Adobe • Reader and Flash • Dell • Client and Server updates • Hewlett-Packard • Client and Server updates • Fujitsu • ConfigMgr Cumulative updates • $$ catalogs • SCUPdates from Shavlik, VMWARE no wait today it’s LANDESK • PatchMyPC

  18. SCUP DEMO Patch ConfigMgr clients…..the easy way

  19. Secunia

  20. Secunia • Products • CSI – Corporate edition • SSB – Small Business edition • PSI – Consumer and free • Cloud Based solution • Database contains vulnerabilities in software products since 2003 • 40k+ programs, applications and plug-ins from thousands of software vendors • Automated patch repackaging • Fully integrated with 2012

  21. Reporting • Integrated with Configuration Manager • Custom Dashboard • Custom reports • E-Mail subscriptions

  22. Deploying patches • Custom created Secunia packages • Silent installations • Can detect running applications like JAVA • Script support • PowerShell • VB • Java • Updates are injected into WSUS

  23. Secunia DEMO 3rd party patching

  24. UTVÄRDERING KVÄLLSMINGEL Best of MMS avslutas med ett gigantiskt mingel på närliggande Dubliner direkt efter dagens sista session! Microsoft och LabCenter bjuder på god öl och ett unikt tillfälle för experter, branschkollegor och eventdeltagare att mingla tillsammans. Vi ses väl där? • Fyll i utvärderingen så att vi kan bli ännu bättre till nästa gång! • Antigen via länken du fick med din biljett eller vid någon av datorerna i TrueSec:s monter • Tävla samtidigt om en HP Elitepad 900 (Vinnaren presenteras i Utställarfoajén direkt efter sista sessionen).

More Related