Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: Microsoft Security, baby steps ?[Scanned] [Scanned]
From: "James P. Saveker" <james () wetgoat net>
Date: Thu, 18 Mar 2004 16:46:26 -0000

Valdis.Kletnieks () vt edu said...

If you have 30K machines, figure on several dozen needing to install from
disk *every day*, just due to hard drive failures and the like.

And it only takes 1 junior secretary using the old disks instead of last

The real problem is at the low-end corporate environment - how many sites
that have only 50 or 100 machines can afford somebody who's able to
slipstream updates every month?

If you have 30K seats then as I pointed out image installation would be done
via the SMS server or for companies not running SMS they may use RIS or
another image multicast server.  The desktop units will of course have PXE
boot roms on the NIC's and therefore not even need a boot disk.  The images
are stored on a central server/servers and are therefore "always" up to
date(no room for low grade secretary error).

Of course not all companies and what not have the resources to be able to
run SMS or even perhaps the need.  SMS is more than just a hyped up RIS
server, it maintains updates across the network and also run
hardware/software inventory (for lics) and software monitoring, e.g. don't
want people to run quake tell SMS and or MOM the MD5 hash of the bin and
your cooking on gas.

For smaller companies the IT staff should find it easier in a 2K domain or
above let's face it RIS is free with 2k server (running a native windows
network) They would of course have to keep RIS images up to date.  They
could install SUS for free (whoever said Microsoft don't give stuff away :-)
to maintain the patches on the network, also to test bed them away from the
production network.  Fire up the MBSA once in a while and they are also
cooking on gas.  In fact all tasks for smaller companys can be done by
people with little up top using SBS 2003 and enjoying the wizards.

The tools are available the documentation is available, if people are
running windows networks they should at least hire one MCSA to run it or an
MCSE to design and run it.  But then I am sure that's another topic in
itself, one I do not want to get involved in. 

James Saveker

"The only thing which helps me maintain my slender grip on reality is the
friendship I share with my collection of singing potatoes..."

This e-mail has been virus checked by Sophos Mail Monitor. There are
inherent dangers in the opening any Attachments contained within e-mails.
wetgoat.net cautions you to make sure that you completely understand the
potential risks before opening any of the Attachments. You are solely
responsible for adequate protection and backup of the data and equipment
used in connection with this e-mail service, and wetgoat.net will not be
liable for any damages that you may suffer in connection with using,
modifying or distributing any of the Attachments.

Attachment: smime.p7s

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]