Skip to main content

Windows Patch Management Workflow Summary

______________________________________________________________________________________________________

Script examples written by Travis Hutchings

thutch901@gmail.com

971.226.6732

Server and OS patch management: Microsoft Windows

_______________________________________________________

Introduction:

  • User device patch management.
  • Network and Appliance Device patch management.
  • KIOSK patch management.
  • Hand Held device patch management, Windows CE or Linux CE or embedded OS patch management.
Due to making it a brief and not a full implementation plan and exercise, it is certainly not an exhaustive recommendation on a patching strategy. The concepts will work with any managed environment possible minor modifications to process and requirements.

I have used just scripts and good old fashioned native OS schedulers and scripted jobs and inventory results. That really is dependent on the tools used for patching. I had hands-on experience at WSUS patching mechanism. I was also using a Solarwinds Patch manager;  it would update Flash, Winzip utilities. Adobe updates on Windows. I have also used SCCM with WSUS to do the patching on Windows as well. 

This question is easy to ask and harder to answer. There are a lot of ways to apply patches and a lot of reasons too. 

1. Security and compliance for one thing. 
2. The other thing is to fix a support or functional issue.  
3. Provide new functionality to current products. 

Windows Patching:

I also incorporated this option and through SCCM as some places were running this method previously or had the tools sets to run it.

1. Windows Powershell:
This will list Windows Updates command line: 
This will retrieve the update: Get-WindowsUpdate
This will apply the retrieved update: Install-WindowsUpdate

2. Windows Command Line:
Detect new updates
wuauclt /detectnow
Install new updates
wuauclt /updatenow

3. The get-wmiobject -class win32_quickfixengineering and writing the contents to a csv is so I can review against a Nessus scan or other scan based system and output both results to CSV and do an excel compare to contrast the results.

4. In combination and coordination a list of applied patches can be reviewed, new ones downloaded, and those downloaded patches applied in Windows. These are options I have used when having a WSUS server was a large requirement and I needed a down and dirty way to apply windows patches. I also used a combination scripted method like this when doing DMZ windows based servers. This call is also utilized when puppet or some other method of automation is utilized by the organization and generally supported by the business.


Comments

Post a Comment

Popular posts from this blog

Qradar Scripts and Results Part 1. Disk Space and Qradar Persistent Queue

______________________________________________________________________________________________________ Script examples written by Travis Hutchings thutch901@gmail.com 971.226.6732 _______________________________________________________ Disk Space and Alerting Results specific to Qradar servers and environments. General Linux script concepts can also be applied to system administration concepts. This disk space script utilizes a few Qradar support functions. 1. Disk Space Alerting and results in /store volume List disk space for all Qradar servers: df- h /opt/qradar/support/all_servers.sh -a '15%' 'df -h /store' >> $listFile List the top of the directory to see file dates and times to determine if Persistent Queue is processing: /opt/qradar/support/all_servers.sh -a '15%' 'ls -l /store/persistent_queue/ecs-ec-ingress.ecs-ec-ingress | head -6' >> $listFile Bottom of the Persistent Queue and seeing if results are processing: /opt/qradar/suppor...
Post a Comment
Read more

Qradar- PSQL Report Development for EPS by log source result

EPS by logsource with QRADAR PSQL query tests and research By Travis Hutchings thutch901@gmail.com 971.226.6732  psql -A -F"," -U qradar -c "select sensordevice.id, sensordevice.hostname, sensordevice.devicename, sensordevicetype.devicetypename, to_timestamp(sensordevice.timestamp_last_seen/1000) from sensordevice, sensordevicetype where sensordevice.devicetypeid = sensordevicetype.id and sensordevice.deviceenabled = 't' and sensordevice.devicename not ilike '%wincollect%' and to_timestamp(sensordevice.timestamp_last_seen/1000) > now() - interval '30 days' order by to_timestamp(timestamp_last_seen/1000) desc" psql -A -F"," -U qradar -c "select sensordevice.id, sensordevice.hostname, sensordevice.devicename, sensordevicetype.devicetypename, to_timestamp(sensordevice.timestamp_last_seen/1000), to_timestamp(round(sensordevice.creationdate/1000) from sensordevice, sensordevicetype where sensordevice.devicetypeid = sensordevicety...
Post a Comment
Read more

Splunk Log Forwarding Configuration Steps

Splunk Log Forwarding Configuration Steps: There are multiple ways to send linux logs to splunk like using splunk linux app, splunk universal forwarder or syslog. Best and performance reliable way is to install splunk universal forwarder on linux machines for which you wish to forward data.Splunk universal forwarder will act as agent for log collection.It will collect logs and will forward to indexer.We can  also use syslog for log collection and then install splunk forwarder on it and then forward data from syslog server to splunk indexer.Below we have provided steps for most reliable method to add linux logs to splunk For syslog installation and configuration follow steps give at below link: Refer below steps to add linux logs to splunk Step 1: On Splunk server (receiver) Download/install Splunk TA for Unix and Linux to the Splunk server (receiver) and enabled it by going to Manager|Apps|Enable Step 2: On host you want to collect data from (sender) Download and install the Splu...
Post a Comment
Read more