Network Question [Technical]

[Chronictank]

Right here goes, I am making a patching system for a network but have come across a small problem, the whole point of patching off a central server is so you dont need to go round every PC and install off CD's. But as soon as you connect to the network you are going to get a virus (by the nature of being a public organisation you have access to the internet with a large range of ports open).
So heres the problem how do you access the central server but deny access to all else, to add a few more complications:
1) you cant install a firewall on the pc or any other application.
2) Cant set up a new domain for the pc to patch from due to limited rescources
3) You cant tamper with the router

Ty in advance

 

[Kalid]

This happens on every computer you try to patch?

 

[Insane]

okay.

(1) dont be a lazy sod, get off your ass and do it manually.. an IT job isnt a desk job, even if it means recruiting a few tech-savvy people into doing it then its the best, get all the machines patched up and disinfected and secure.
(2) install a suitable Anti-virus product, i'd advise the F-secure product "F-Secure Anti-Virus Total Suite" again either by manual foot-work, or you can use the "policy manager" to farm it out.

once you complete those two steps, you can then do your patch service on the network.

 

[Brunore]

I agree with Insane.

These sort of project require setting up a baseline, you cannot just hope to drop the boxes on the network, patch them and be happy.

If they are new machines then create a new image with all the needed patches, apply that image from a multicast server or RIS server to the new boxes then you have a goodbase line start.

You will *always* be needing to update AV/patches when you add machine to a network, you will never be on top of it.

 

[Chronictank]

okay.

(1) dont be a lazy sod, get off your ass and do it manually.. an IT job isnt a desk job, even if it means recruiting a few tech-savvy people into doing it then its the best, get all the machines patched up and disinfected and secure.
(2) install a suitable Anti-virus product, i'd advise the F-secure product "F-Secure Anti-Virus Total Suite" again either by manual foot-work, or you can use the "policy manager" to farm it out.

once you complete those two steps, you can then do your patch service on the network.

Ignorance is bliss isnt it?
1000 servers aswell as 420 unmanaged workstations, i wont go into the managed as they run off a centralised system.
are you going to manually go round each and install the patches.... no
its not about being lazy its about practicality, f-secure and various software comes bundled with the windows software as we have made it specially to do so, also auto updates when the definitions come out.
As for being lazy if i was lazy i would do it youre way, it takes alot less effort to give a user a cd/go patch it urself than spend the time and effort making a script to run the patches and setting up a secure server to allow our remote support department go out and put in the software i have made to run on the machine automatically patching and setting it up for the user.
I have actually come up with a solution and that was to not include the gateway in the setup program and add route to setup a connection to my server, there is a difference between laziness and practicality.

 

[Brunore]

Then if you are involved in a job like that why the fuck are you asking on FH for help!!

If it was a managed system patches can be deployed via script or GP...

You should know what you are doing, but I think your full of shit m8! rly imo

 

[Chronictank]

Then if you are involved in a job like that why the fuck are you asking on FH for help!!

If it was a managed system patches can be deployed via script or GP...

You should know what you are doing, but I think your full of shit m8! rly imo

Its a little project i wanted to do myself as i feel it would improve things greatly, noone knows everything and as a public forum other people might have ideas better than mine.
So rather than shootin ur mouth off without a clue... once again
Try reading and u might be able to comprehend the situation, there are systems on the network which ARE NOT managed, i.e departmental and additional services. If you have nothing constructive to say dont post and get youre +1 elsewhere.
It's well known that there is a large ammount of people with employment in IT or something similar play daoc, so i simply was looking for ideas.

In short YOU really are full of shit so kindly find that hole you climed out of and stay in it

Edit: The alternative solution is yet more software from microsoft, yet more liscencing fees and yet more bugs, which i wanted to avoid

Admin please close the thread