Congratulations – you survived the keynote with Stan & Ollie 10 min is all it takes - Managing Microsoft & 3rd party updates with SC 2012 Configuration Manager Kent Agerlund Who am I Kent Agerlund Chief System Management Architect Coretech A/S, Denmark Microsoft MVP: Enterprise Client Management Microsoft Certified Trainer, MCITP Enterprise Admin I love questions – but DON’T ask me about hockey and the world cup Agenda Patch Tuesday Let’s spend 5 min together Why worry about 3rd party updates What are your options SCUP 2011 (System Center Updates Publisher) Solarwinds Secunia So….What is patch management? Patch Creation Vulnerability Intelligence VI VS Vulnerability Scanning PC PD Patch Deployment PM Plan for Software Updates Define you Update process Pilot environments Servers with automatic restart Servers with manual requirements Logically grouped servers Workstations in production Excluded devices Define you SLA’s When is your Boss a “Happy Camper” Can you track compliance Collection design Maintenance Windows CD+IT+RT=MW Workstation restarts Automatic restart? No restart = No compliance = No Make sure you have a restart plan Create custom report Last Computer Restart Give me 5 minutes DEMO Wake up it’s, Patch Tuesday or early Wednesday Why worry about 3rd party Business View Third Party Programs 86% Microsoft Programs 14% Vendors What do you patch today Business critical programs Programs you know about Programs you don’t know about Criminals View What criminals attack The numbers speaks for themselves – TOP 50 apps Vulnerabilities in 2012 TOP 50 Apps 1137 Cybercriminals know: patch available 229 in 2007 421 in 2009 ≠ patch installed Where to begin Percentage of risk remediated by patching N programs Patching N of 200 programs Strategy 1: Static Risk remediated by patching the N most prevalent programs Percentage of risk remediated 100% 80% Strategy 2: By Criticality 60% Risk remediated by patching the N most critical programs 40% 20% 12 0% 0 10 20 37 30 Number of programs patched 40 50 60 80% risk reduction achieved by either patching the 12 most critical programs, or by patching the 37 most prevalent programs Are we doomed? SCUP 2011 SCUP 2011 What is SCUP Authoring tool Publishing tool 3rd Party Updates with SCUP Same experience for all updates in ConfigMgr Supports EXE, MSI and MSP based updates MSU workaround : http://blogs.technet.com/b/dominikheinz/archive/2011/10/17/deployingcustom-msu-updates-with-sccm-and-scup.aspx SCUP Process Flow Catalogs downloaded from web Import Updates Author Updates Author custom SCUP catalog Publish Updates SCUP Console Sync Updates WSUS Server Scan Updates ConfigMgr Server Deploy Updates ConfigMgr Clients The signing certificate Used by SCUP to sign updates Trusted Publishers Trusted Root Configure WSUS GPO Allow self signed certificates Create the self-signed certificate with SCUP External certificate http://blogs.msdn.com/b/steverac/archive/2011/09/18/usingsystem-center-update-publisher-2007-with-verisign-certificates.aspx KB2720211 & KB2661254 Available Catalogs Free catalogs Adobe Reader and Flash Dell Client and Server updates Hewlett-Packard Client and Server updates Fujitsu ConfigMgr Cumulative updates $$ catalogs SCUPdates from Shavlik, VMWARE no wait today it’s LANDESK PatchMyPC SCUP DEMO Patch ConfigMgr clients…..the easy way Secunia Secunia Products CSI – Corporate edition SSB – Small Business edition PSI – Consumer and free Cloud Based solution Database contains vulnerabilities in software products since 2003 40k+ programs, applications and plug-ins from thousands of software vendors Automated patch repackaging Fully integrated with 2012 Reporting Integrated with Configuration Manager Custom Dashboard Custom reports E-Mail subscriptions Deploying patches Custom created Secunia packages Silent installations Can detect running applications like JAVA Script support PowerShell VB Java Updates are injected into WSUS Secunia DEMO 3rd party patching UTVÄRDERING KVÄLLSMINGEL Fyll i utvärderingen så att vi kan bli ännu bättre till nästa gång! Antigen via länken du fick med din biljett eller vid någon av datorerna i TrueSec:s monter Best of MMS avslutas med ett gigantiskt mingel på närliggande Dubliner direkt efter dagens sista session! Tävla samtidigt om en HP Elitepad 900 (Vinnaren presenteras i Utställarfoajén direkt efter sista sessionen). Microsoft och LabCenter bjuder på god öl och ett unikt tillfälle för experter, branschkollegor och eventdeltagare att mingla tillsammans. Vi ses väl där?