Inventorying Software
After you create an update team, you must inventory the software on your network. Specifically, you need to know which operating systems and applications you have installed to identify updates that need to be deployed. You also need to understand the security requirements for each computer system, including which computers store highly confidential information, which are connected to the public Internet, and which will connect to exterior networks.
For each computer in your environment, gather the following information:
- Operating system Document the operating system version and update level. Remember that most routers, firewalls, and switches have operating systems. Also document which optional features, such as IIS, are installed.
- Applications Document every application installed on the computer, including versions and updates.
- Network connectivity Document the networks to which the computer is connected, including whether the computer is connected to the public Internet, whether it connects to other networks across a virtual private network (VPN) or dial-up connection, and whether it is a mobile computer that might connect to networks at other locations.
- Existing countermeasures Firewalls and virus checkers might already protect a computer against a particular vulnerability, making the update unnecessary. For firewalls, document the firewall configuration, including which ports are open.
- Site If your organization has multiple sites, you can choose to deploy updates to computers from a server located at each site to optimize bandwidth usage. Knowing at which site a computer or piece of network equipment is located allows you to deploy the updates efficiently.
- Bandwidth Computers connected across low-bandwidth links have special requirements. You can choose to transfer large updates during nonbusiness hours. For dial-up users, it might be more efficient to bypass the network link and transfer updates on removable media, such as CD-ROMs.
- Administrator responsibility You must understand who is responsible for deploying updates to a particular device and who will fix a problem if the device fails during the update process. If others are responsible for individual applications or services, make note of that as well.
- Uptime requirements Understand any service-level agreements or service-level guarantees that apply to a particular device and whether scheduled downtime counts against the total uptime. This will enable you to prioritize devices when troubleshooting and testing updates.
- Scheduling dependencies Applying updates requires planning systems to be offline. This can be a disruption for users, even if the device requires only a quick reboot. Understand who depends on a particular device so that you can clear downtime with that person ahead of time.
Some of this information, including operating system and installed applications, can be gathered in an automated fashion. Most network management tools have this capability, including Configuration Manager 2007 R2. You can also inventory Microsoft software on a computer by using Microsoft Software Inventory Analyzer (MSIA), a free download.
More Info For information about MSIA, visit http://www.microsoft.com/resources/sam/msia.mspx.
In this tutorial:
- Managing Software Updates
- Methods for Deploying Updates
- Windows Update Client
- Windows Server Update Services
- System Center Configuration Manager 2007 R2
- Manually Installing, Scripting, and Removing Updates
- Overview of Windows 7 Update Files
- How to Script Update Installations
- How to Remove Updates
- Deploying Updates to New Computers
- Other Reasons to Use a Private Network for New Computers
- Managing BITS
- BITS Behavior
- BITS Group Policy Settings
- Configuring the Maximum Bandwidth Served For Peer Client Requests Policy
- Managing BITS with Windows PowerShell
- Windows Update Group Policy Settings
- Configuring Windows Update to Use a Proxy Server
- Tools for Auditing Software Updates
- The MBSA Console
- MBSACLI
- Scheduling MBSA
- Troubleshooting the Windows Update Client
- The Process of Updating Network Software
- Assembling the Update Team
- Inventorying Software
- Creating an Update Process
- Discovering Updates
- Evaluating Updates
- Speeding the Update Process
- Retrieving Updates
- Testing Updates
- Installing Updates
- Removing Updates
- Auditing Updates
- How Microsoft Distributes Updates
- Security Updates
- Update Rollups
- Service Packs
- Microsoft Product Life Cycles