1. Manuals
  2. Brands
  3. FARONICS Manuals
  4. Software
  5. DEEP FREEZE ENTERPRISE - PATCH MANAGEMENT...
  6. Manual

FARONICS DEEP FREEZE ENTERPRISE - PATCH MANAGEMENT 6-26-2009 Manual

Patch management
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Deep Freeze Enterprise - Patch Management
TECHNICAL WHITEPAPER
Last modified: June 26, 2009
Faronics
Toll Free Tel: 800-943-6422
Toll Free Fax: 800-943-6488
International Tel: +1 604-637-3333
International Fax: +1 604-637-8188
www.faronics.com
© 1999 - 2009 Faronics Corporation. All rights reserved. Faronics, Deep Freeze,
Faronics Core Console, Faronics Anti-Executable, Faronics Device Filter, Faronics
Power Save, Faronics Insight, Faronics System Profiler, and WINSelect are
trademarks and/or registered trademarks of Faronics Corporation. All other
company and product names are trademarks of their respective owners.

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the DEEP FREEZE ENTERPRISE - PATCH MANAGEMENT 6-26-2009 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for FARONICS DEEP FREEZE ENTERPRISE - PATCH MANAGEMENT 6-26-2009

Summary of Contents for FARONICS DEEP FREEZE ENTERPRISE - PATCH MANAGEMENT 6-26-2009

  • Page 1 International Tel: +1 604-637-3333 International Fax: +1 604-637-8188 www.faronics.com © 1999 - 2009 Faronics Corporation. All rights reserved. Faronics, Deep Freeze, Faronics Core Console, Faronics Anti-Executable, Faronics Device Filter, Faronics Power Save, Faronics Insight, Faronics System Profiler, and WINSelect are trademarks and/or registered trademarks of Faronics Corporation.

  • Page 2: Table Of Contents

    ENTERPRISE Contents Introduction ............................3 Scheduled Patch Maintenance ......................3 Scheduling Windows Updates ........................3 Scheduling Windows Updates in a Deep Freeze Maintenance Period ..........4 Scheduling Windows Updates through Group Policy ................5 Scheduling Antivirus Updates ........................7 Scheduling Additional Program Updates ....................7 Logon Patch Maintenance .........................

  • Page 3: Introduction

    ENTERPRISE Introduction A major concern for all systems administrators is maintaining the security of their computers. With new exploits and vulnerabilities being found all the time, a proper patch management strategy is critical to ensure the health and security of computer deployment. Deep Freeze allows systems administrators to ensure the integrity of their computers against exploits —...

  • Page 4: Scheduling Windows Updates In A Deep Freeze Maintenance Period

    ENTERPRISE Scheduling Windows Updates in a Deep Freeze Maintenance Period The first method involves setting up a Maintenance Period using the Deep Freeze Configuration Administrator. An option is selected so Deep Freeze will run Windows updates after the computer goes into Maintenance Mode. Complete the following steps to configure a Maintenance Period: In the Deep Freeze Configuration Administrator, click the Embedded Events tab.

  • Page 5: Scheduling Windows Updates Through Group Policy

    ENTERPRISE If there is an SUS or WSUS server, this can be specified using the following steps: Click the Maintenance tab. Check Use SUS/WSUS Server and enter the IP address of fully qualified domain name of the server. The screen should look similar to the following: The client computer with these settings would attempt to download and run updates from the specified SUS/WSUS server rather than from Microsoft’s web site.
  • Page 6 ENTERPRISE • Reschedule Automatic Updates scheduled installations: Disabled • No auto-restart for scheduled Automatic Updates installations: Disabled This policy will ensure that Windows updates are installed during the Maintenance Period and that any updates that are downloaded (but not installed) will not attempt to reinstall on the client computer while Frozen.

  • Page 7: Scheduling Antivirus Updates

    Symantec Anti-Virus Corporate Edition http://www.faronics.com/Faronics/Documents/DFEnt_SymantecAntivirus.pdf Trend Micro OfficeScan http://www.faronics.com/Faronics/Documents/DFEnt_TrendOfficeScan.pdf For additional white papers describing antivirus products that may have been added to the Faronics Content Library after publication of this white paper, refer to: http://www.faronics.com/library Scheduling Additional Program Updates The concepts outlined for the antivirus definition updates can also be applied to updating other applications.

  • Page 8: Logon Patch Maintenance

    ENTERPRISE Logon Patch Maintenance This option allows the administrator to install updates to the client computer when a certain user logs on. In an Active Directory environment, a logon script can be executed to update the client computer. Using Deep Freeze command line control (DFC), Deep Freeze can be disabled before the updates are run and re-enabled afterwards.

  • Page 9: Logon Patch Maintenance Example

    Group Policy to call this script when a user logs on. A full version of the script can be downloaded from the following location: http://www.faronics.com/Faronics/Documents/DFEnt_ADUpdateScript.zip Creating the Update Script This script checks to see if the computer requires updates. If the computer requires an update, it prompts the user.
  • Page 10 ENTERPRISE Enter the following text to create the main routine: ‘ ********** MAIN ********** ‘ Calls all of the other routines... If UpdateRunning = True Then RunPatch RemoveMarker BootFrozen Else If UpdateComplete = False Then If UserPatchPrompt = True Then InsertMarker If Frozen = True Then BootThawed...
  • Page 11 ENTERPRISE Enter the following text to create the UpdateComplete function: ‘ ********** UPDATE COMPLETE? ********** ‘ Checks for completed marker file. If it exists, the update has already run. Function UpdateComplete Set objFS = CreateObject(“Scripting.FileSystemObject”) Set objFolder = objFS.GetFolder(strUNCPath) Set objRE = new RegExp objRE.Pattern = strMarkerCompleteFile objRE.IgnoreCase = True For Each objFile In objFolder.Files...
  • Page 12 ENTERPRISE Enter the following text to create the RunPatch routine: ‘ ********** RUN PATCH ********** ‘ The code to run the patches would occur here. Sub RunPatch ‘ Enter code to execute the patch(es) MsgBox “Patch has been applied” InsertCompleteMarker End Sub The RunPatch routine is used to run the patch.
  • Page 13 ENTERPRISE Enter the following text to create the BootThawed routine: ‘ ********** BOOT THAWED ********** Sub BootThawed Set objShell = CreateObject(“Wscript.Shell”) objShell.Run(“DFC password /BOOTTHAWED”) End Sub The BootThawed routine is used to set computers in a Thawed state. The password in the DFC command line must be modified to match the password created for the command line control.
  • Page 14 ENTERPRISE Enter the following text to cleanup the script objects: ‘ ********** CLEANUP ********** Set objNet = Nothing Set objFile = Nothing Set objRE = Nothing Set objFolder = Nothing Set objTS = Nothing Set objFS = Nothing Set objTextFile = Nothing Set objFSO = Nothing This code cleans up all the objects that have been created throughout the script.

  • Page 15: Creating The Group Policy

    ENTERPRISE Creating the Group Policy Before the policies are created, ensure the server has been updated to use the Group Policy Management Console. The following documentation assumes this patch has been downloaded and installed on the server. The utility can be found by searching Microsoft’s Web site for Group Policy Management Console.

  • Page 16: Modifying The Group Policy

    ENTERPRISE Modifying the Group Policy Now that the GPO has been created, it needs to be modified. In this case, the user Logon script is modified using the following steps: 1. Right-click on DfLogonPatchManagement and select Edit. The Group Policy Object Editor opens. 2.

  • Page 17: Real Time Patch Maintenance

    For more information about the different switches offered by the command line control, refer to the following document: http://www.faronics.com/Faronics/Documents/DF_RemoteAdministration.pdf Configuring Software to Update in a Thawed Location It is possible to update software that resides in a Thawed location. In these cases, the software would have to exist entirely on the Thawed partition.

  • Page 18: Appendix A: Deep Freeze And Sus/Wsus Faq

    If you are using Deep Freeze to install the updates, you can view the status of the updates in the DFWuLogfile.log in the Faronics folder. The location and name of this file can be changed on the Maintenance tab of the Deep Freeze Configuration Administrator.

  • Page 19: Appendix B: Deep Freeze Update Script

    ADUpdateScript.zip ‘ **************************************************************** ‘ *** DF SIMPLE UPDATE SCRIPT SAMPLE ‘ *** ‘ *** Author: Faronics Corporation ‘ *** Date: 12/29/2005 ‘ *** ‘ *** Associated Files: ‘ *** <ComputerName>.mar - Used to indicate patch is running ‘ *** COMPLETE-<ComputerName>.fin - Indicates patch complete ‘...
  • Page 20 ENTERPRISE End If End If ‘ ********** UPDATE RUNNING? ********** ‘ Check for marker file. If exists, the update is running. Return True. Function UpdateRunning Set objFS = CreateObject(“Scripting.FileSystemObject”) Set objFolder = objFS.GetFolder(strUNCPath) Set objRE = new RegExp objRE.Pattern = strMarkerFile objRE.IgnoreCase = True For Each objFile In objFolder.Files If objRE.Test(objFile.Name) Then...
  • Page 21 ENTERPRISE ‘ ********** RUN PATCH ********** ‘ The code to run the patches would occur here. Sub RunPatch ‘ Enter code to execute the patch(es) ‘ The next two lines would run a program by the name of update.exe ‘ Set objShell = CreateObject(“Wscript.Shell”) ‘...
  • Page 22 ENTERPRISE ‘ ********** REMOVE MARKER ********** ‘ Remove the marker file to indicate the patch is complete Sub RemoveMarker Set objFSO = CreateObject(“Scripting.FileSystemObject”) objFSO.DeleteFile(strUNCPath & strMarkerFile) End Sub ‘ ********** INSERT UPDATE COMPLETE MARKER ********** ‘ This inserts an update completed file to prevent update looping Sub InsertCompleteMarker Set objFSO = CreateObject(“Scripting.FileSystemObject”) Set objFile = objFSO.CreateTextFile(strUNCPath &...

  • Page 23: Appendix C: Common Update Scenarios

    ENTERPRISE Appendix C: Common Update Scenarios The following section presents some update scenarios and possible solutions to these scenarios. Scenario 1: Updating Clients in a Dynamic Update Environment Requirement: The policy in the organization is to update the computers as soon as possible with the latest critical updates and antivirus definitions. Using management software, the updates are delivered to the client computers as soon as the updates are available.

This manual is also suitable for:

Deep freeze enterprise

Table of Contents