Patch Management –Patch Management –Targeting Virtual Server, Unmanaged Systems, Targeting Virtual Server, Unmanaged Systems, and Microsoft Office Componentsand Microsoft Office Components
Paul ButterworthPaul Butterworth
Management Technology ArchitectManagement Technology Architect
ADM308ADM308
AgendaAgenda
Solution Accelerator OverviewSolution Accelerator Overview
Assessing Microsoft® Virtual Server installations Assessing Microsoft® Virtual Server installations and scanning the unmanaged spaceand scanning the unmanaged space
Using Microsoft Systems Management Server Using Microsoft Systems Management Server (SMS) 2003 for gathering Microsoft Office (SMS) 2003 for gathering Microsoft Office component details component details
What’s a Solution Accelerator?What’s a Solution Accelerator?
Integrated people, process, and technologyIntegrated people, process, and technology
Industry, partner, customer, and Microsoft best practicesIndustry, partner, customer, and Microsoft best practicesIncludes project and operational guidance—based on Microsoft Solutions Framework Includes project and operational guidance—based on Microsoft Solutions Framework (MSF) and Microsoft Operations Framework (MOF)(MSF) and Microsoft Operations Framework (MOF)
Microsoft training and servicesMicrosoft training and services
Microsoft and partner products/technologiesMicrosoft and partner products/technologies
Targeted at defined customer scenariosTargeted at defined customer scenarios
Also known as pain pointsAlso known as pain points
Covers the entire life cycleCovers the entire life cycle
Evaluating, planning, building, deploying, and operatingEvaluating, planning, building, deploying, and operating
Built with customers, partners, and MicrosoftBuilt with customers, partners, and Microsoft
Engineered, tested, and validatedEngineered, tested, and validated
SupportedSupported
Components of the Patch Management Solution Accelerator Components of the Patch Management Solution Accelerator Using SMS 2003 Using SMS 2003
1. 1. AssessAssess
2. 2. IdentifyIdentify
4. 4. DeployDeploy
3. 3. Evaluate Evaluate & Plan& Plan
Patch Management Process based on industry best practices (MOF/ITIL)
+
• Microsoft Systems Management Server 2003 • Microsoft Baseline Security Analyzer (MBSA)• Microsoft WMI Custom Scripting Solutions
Microsoft technology for assessing and deploying patches
• Microsoft SQL Server™ 2000• Microsoft Virtual Server / Microsoft Virtual PC• Microsoft Office 2000 /Office XP / Office 2003
Best-practice technical guidance for patching specific Microsoft technologies
Released Oct. 27, 2004
Patch Management ProcessPatch Management Process
1. Assess1. Assess 2. 2. IdentifyIdentify
4. Deploy4. Deploy 3. 3. Evaluate Evaluate & Plan& Plan
Discover a New Software UpdateDiscover a New Software Update Determine RelevanceDetermine Relevance Obtain and Verify Source FilesObtain and Verify Source Files Submit request for change (RFC)Submit request for change (RFC)
Determine Appropriate Response Determine Appropriate Response Plan the ReleasePlan the Release Build the ReleaseBuild the Release Perform Acceptance TestingPerform Acceptance Testing
Prepare for DeploymentPrepare for Deployment Deploy to Targeted ComputersDeploy to Targeted Computers Conduct Post-Implementation ReviewConduct Post-Implementation Review
Inventory/Discover Existing AssetsInventory/Discover Existing Assets Assess Security Threats/VulnerabilitiesAssess Security Threats/Vulnerabilities Determine the Best Source of InformationDetermine the Best Source of Information Assess Software Distribution InfrastructureAssess Software Distribution Infrastructure Assess Operational EffectivenessAssess Operational Effectiveness
Solution Accelerator Solution Accelerator
Scenarios andScenarios and HighlightsHighlights
Automation scripts to assist with Automation scripts to assist with ASSESSASSESS and and DEPLOYDEPLOYAssessAssess managed and unmanaged installations managed and unmanaged installations
Virtual Server, Virtual PC, SQL Server 2000Virtual Server, Virtual PC, SQL Server 2000
AssessAssess Office installations Office installationsExtending SMS HINV to capture additional information about Office Extending SMS HINV to capture additional information about Office installationsinstallations
DeployDeploy to Office installations to Office installationsProvide increased targeting for Office applicationsProvide increased targeting for Office applications
Provide custom Office collections and reports for Office 2000, Office Provide custom Office collections and reports for Office 2000, Office XP, and Office 2003XP, and Office 2003
Detailed guidance for patching specific Microsoft Detailed guidance for patching specific Microsoft technologies:technologies:
Office 2000, Office XP, and Office 2003Office 2000, Office XP, and Office 2003
SQL Server 2000SQL Server 2000
Virtual Server and Virtual PCVirtual Server and Virtual PC
Do you want Do you want to see how this solution to see how this solution can help your company?can help your company?
Solution Example:Solution Example:Assessing Virtual Server and Virtual PC InstallationsAssessing Virtual Server and Virtual PC Installations
Problem: Problem:
Assessing and enumerating Virtual Server and Virtual PC Assessing and enumerating Virtual Server and Virtual PC guest installations on managed and unmanaged systemsguest installations on managed and unmanaged systems
Solution Deliverables:Solution Deliverables:
Sample scripts to identify managed and unmanaged hosts Sample scripts to identify managed and unmanaged hosts
Sample Windows® Management Instrumentation (WMI) Sample Windows® Management Instrumentation (WMI) scripts to assess Virtual Server/Virtual PC guest scripts to assess Virtual Server/Virtual PC guest installations installations
Sample XML-based report to expand data captured via Sample XML-based report to expand data captured via SMS 2003 SP1SMS 2003 SP1
Assessing Virtual Server Host and Guest Installations Assessing Virtual Server Host and Guest Installations How It WorksHow It WorksAssessing Virtual Server Host and Guest Installations Assessing Virtual Server Host and Guest Installations How It WorksHow It Works
Subnet excluded from SMS, or a test lab or subnet inaccessible by SMS
2. Script does subnet scan to ID hosts that are accessible
3. Script queries Virtual Server host using VirtualServer.Application API to identify virtual hosts and guests and their current state
4. Virtual Server/Virtual PC Assessment report (XML-based report) identifies managed, unmanaged, unreachable, and no-administrator-access installations
1. Script (WMI) queries Microsoft Active Directory, reads a user-defined subnet file or a user-defined IP file to determine what to scan
SMS-Managed Subnets
Inventoried via SMS Software Inventory
5. MBSA scan is run and a report is generated for all unmanaged machines
`
`
Sample Virtual Server ASSESS ReportSample Virtual Server ASSESS Report
Applying the Data Gathered…Applying the Data Gathered…
Virtual Server 2005 host running on Windows Server 2003
Virtual Server 2005 guest running on
Windows 2000 Server
Microsoft SQL Server
2000
1
2
3
Always patch the applications running on
the guest operating system first.
Next, patch the guest operating system.
Finally, patch the host operating system and
applications.
Solution Example:Solution Example:Extending SMS HINV to capture details about Microsoft Extending SMS HINV to capture details about Microsoft Office componentsOffice components
Problem: Problem:
Customers require more granular detail about the components Customers require more granular detail about the components of each Microsoft Office suite.of each Microsoft Office suite.
Solution Deliverables:Solution Deliverables:
Update SMS HINV to provide component-level details. Update SMS HINV to provide component-level details.
Collect information from the client to include language version, Collect information from the client to include language version, application and suite version, and native installation path.application and suite version, and native installation path.
Provide 48 custom .mof files for creating custom collections to Provide 48 custom .mof files for creating custom collections to improve targeting.improve targeting.
Provide 48 custom .mof files for custom reporting.Provide 48 custom .mof files for custom reporting.
Extending SMS 2003 SP1 Inventory to Capture Details about Office Extending SMS 2003 SP1 Inventory to Capture Details about Office Installations Installations How It WorksHow It Works
Extending SMS 2003 SP1 Inventory to Capture Details about Office Extending SMS 2003 SP1 Inventory to Capture Details about Office Installations Installations How It WorksHow It Works
1. Administrator updates SMS_Def.Mof on site servers to enable capture of Office component levels in the SMS database.
SMS Site Server
5. Administrator uses sample queries to create query-based collections, and reports and deploys to these target collections using SMS.
4. Clients report additional Office component-level information via HINV, including installation source location.
`
2. Administrator distributes a package to extend CIMv2 on clients via Client.Mof – this enables client to report additional info on Office via HINV.
`
SMS Clients
3. Client runs HINV at scheduled interval.
Solution RecapSolution Recap
Provides automation to assist with the Provides automation to assist with the ASSESS ASSESS phase of patch phase of patch managementmanagement
Targets Targets risk reductionrisk reduction by preventing an attack because “I didn’t by preventing an attack because “I didn’t know we had that installed on our network”know we had that installed on our network”
Provides a mechanism for IT administrators, management, and Provides a mechanism for IT administrators, management, and security to build plans for getting all machines security to build plans for getting all machines “managed”“managed”
Provides Provides best-practice guidancebest-practice guidance for patch management using for patch management using SMS 2003SMS 2003
Provides Provides in-depth detailsin-depth details for patching specific Microsoft for patching specific Microsoft technologiestechnologies
Community ResourcesCommunity Resources
Community ResourcesCommunity Resources
http://www.microsoft.com/communities/default.mspxhttp://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)Most Valuable Professional (MVP)
http://www.microsoft.com/communities/http://www.microsoft.com/communities/mvpmvp
NewsgroupsNewsgroups
Converse online with Microsoft Newsgroups,Converse online with Microsoft Newsgroups,including Worldwideincluding Worldwide
http://communities2.microsoft.com/communities/newsgroups/enhttp://communities2.microsoft.com/communities/newsgroups/en-us/default.aspx-us/default.aspx
User Groups - Meet and learn with your peersUser Groups - Meet and learn with your peers
http://www.microsoft.com/communities/usergroupsdefault.mspxhttp://www.microsoft.com/communities/usergroupsdefault.mspx
Assess your skillsAssess your skills
Take an eLearning course Take an eLearning course
Subscribe to Microsoft TechNet Subscribe to Microsoft TechNet
Get the latest information on IT Pro and Developer Books to purchase online or at your Get the latest information on IT Pro and Developer Books to purchase online or at your local bookstorelocal bookstore
Find the course right for you and a Microsoft Certified Partner for Learning SolutionsFind the course right for you and a Microsoft Certified Partner for Learning Solutionsin your areain your area
Learn about the Microsoft certifications that can enable and advance your careerLearn about the Microsoft certifications that can enable and advance your careerwww.microsoft.com/learningwww.microsoft.com/learning - - Learn more. Go FurtherLearn more. Go Further
Knowledge Needed. Knowledge Applied.Knowledge Needed. Knowledge Applied.Microsoft Products and Services for Lifelong Learning Microsoft Products and Services for Lifelong Learning
© 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.© 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.