Sınırlı kullaıcıda ...
 
Bildirimler
Hepsini Temizle

Sınırlı kullaıcıda windows update  

  RSS
 Anonim

Merhaba arkadaşlar. Yapımda server 2003 kurulu üzerinde de ad kurulu. Clientlar power users grubuna dahil. Böyle bir yapıda power users gruba ait olan kullanıcılarda wsus kurmadan windows updatelerini almam mümkün olurmu. Yardımlarınız için taşekkürler kolay gelsin.

Alıntı
Gönderildi : 22/05/2010 19:59
Hüseyin Sevin
(@huseyinsevin)
Üye

[quote user="hepgele"]

Merhaba arkadaşlar. Yapımda server 2003 kurulu üzerinde de ad kurulu. Clientlar power users grubuna dahil. Böyle bir yapıda power users gruba ait olan kullanıcılarda wsus kurmadan windows updatelerini almam mümkün olurmu. Yardımlarınız için taşekkürler kolay gelsin.

[/quote]

 

 

WSUS Windows'un güncelleme sunucusudur sizinde bildiğiniz üzere, eğer ki Clientların updateleri merkezi olarak sizi lokasyonunuzdaki bir bilgisayardan çekmesini istiyorsanız ortamınızda WSUS olmalı. Her client a WSUS kurma diye bir şey yok zaten.

 

WSUS ile ilgili formumuzda bir çok makale mevcut göz atmanızı öneririm.

CevapAlıntı
Gönderildi : 22/05/2010 21:56
Rıza ŞAHAN
(@www-rizasahan-com)
Değerli Üye Forum Yöneticisi

MErhaba,


Domain yapısı varsa gpo üzerinden yoksa ise kullanıcıların local policy ayarlarından windows update policysi ile "admin olmayanların güncelleme yapmalarına izin ver" seçeneği ile güncelleme almalarını sağlayabilirsiniz.



Saygılarımla.

CevapAlıntı
Gönderildi : 23/05/2010 01:51
 Anonim

Grup ilkesi kullanmıyorsanız aşağıdaki .reg dosyası faydalı olabilir :

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"ElevateNonAdmins"=dword:00000001
"WUServer"="http://WSUSsunucu"
"WUStatusServer"="http://WSUSsunucu"
"TargetGroupEnabled"=dword:00000001
"TargetGroup"="KULLANICI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:0000000c
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"AutoInstallMinorUpdates"=dword:00000001
"UseWUServer"=dword:00000001

Yöneticiler grubuna üye olmayan kullanıcıların WSUS hizmetinden yararlanabilmeleri için ElevateNonAdmins ifadesi, dword:00000001 olarak ayarlanmalıdır.

WSUS hizmetinin kurulu olduğu sunucuda ilgili gruplar tanımlanmış
olmalıdır.

CevapAlıntı
Gönderildi : 23/05/2010 16:57
Rahmi DILLI
(@rahmidilli)
Tecrübeli Üye

Merhabalar,

Farklı uygulamalar da dağıtma ihtiyacı hissediyorsanız. GFI Languard'ı öneririm.

http://www.gfi.com/lannetscan

Features

VM supportFreeware Version Available

GFI
has released a freeware version of GFI LANguard, in line with our ‘We Care’ initiative to offer a
helping hand in these hard economic times. Using the freeware version,
companies can scan up to five IPs for free using the product’s full
feature set – with no restrictions whatsoever. Click
here
for more information.

Vulnerability
Scanning

During security audits, over 15,000 vulnerability
assessments are made, scanning the network IP by IP. GFI LANguard™ gives
you the capability to perform multi-platform scans (Windows, Mac OS,
Linux) across all environments including Virtual Machines and to analyze
your network’s security set-up and status. We give you the power to
identify and correct any threats before hackers can exploit them.

Detection
of Virtual Machines

GFI LANguard can now detect whether a
scanned machine is rear or virtual. Currently both VMware and Virtual PC
software are supported.

Set up your own Custom
Vulnerability Checks

GFI LANguard allows you to easily
create custom vulnerability checks through simple wizard-assisted set-up
screens. The wizard powerful enough to allow building of complex
vulnerability checks and the scripting engine is compatible with Python
and VBScript. GFI LANguard includes a script editor and debugger to help
with script development.

Extensive, Industrial Strength
Vulnerabilities Database

GFI LANguard ships with a complete
and thorough vulnerability assessment database, including standards such
as OVAL (2,000+ checks) and SANS Top 20. This database is regularly
updated with information from BugTraq, SANS Corporation, OVAL, CVE and
others. Through its auto-update system, GFI LANguard is always kept
up-to-date with information about newly released Microsoft security
updates as well as new vulnerability checks issued by GFI Software and
other community-based information repositories such as the OVAL
database.

Identify Security Vulnerabilities and Take
Remedial Action

GFI LANguard scans computers, identifies and
categorizes security vulnerabilities, recommends a course of action and
provides tools that enable you to solve the problem. GFI LANguard comes
with a graphic threat level indicator that provides an intuitive,
weighted assessment of the vulnerability status of a scanned computer or
group of computers. Wherever possible a web link or more information on
a particular security issue is provided, such as a BugTraq ID or a
Microsoft Knowledge Base article ID.

Ensures Third Party
Security Applications (anti-virus and anti-spyware) Offer Optimum
Protection

GFI LANguard ensures that supported security
applications such as anti-virus and anti-spyware software are updated
with the latest definition files and are functioning correctly. For
example, you can check to be certain that supported security
applications have all key features (such as real-time scanning) enabled.

Easily
Creates Different Types of Scans and Vulnerability Tests

You
can easily configure scans for different types of information; such as
open shares on workstations, security audit and password policies and
machines missing a particular patch or service pack. You can scan for
different types of vulnerability to identify potential security issues.
These include:

  • Open ports: GFI LANguard
    scans for unnecessary open ports and checks that no port hijacking is in
    force
  • Unused local users and groups: Remove or
    disable User accounts no longer in use
  • Blacklisted
    applications:
    Identify unauthorized or dangerous software and
    add to blacklists of applications you want to associate with a high
    security vulnerability alert
  • Dangerous USB devices,
    wireless nodes and links:
    Scans all devices connected to USB or
    wireless links and alerts you of any suspicious activity

And
much more!

Easily Analyze and Filter Scan Results
GFI
LANguard enables you to easily analyze and filter scan results by
clicking on one of the default filter nodes. This enables you to
identify, for example, machines with high security vulnerabilities or
machines that are missing a particular service pack. Custom filters can
also very easily be created from scratch or customized from and existing
script. Also, you can export scan results data to XML.

Patch Management and Remediation

When a scan is
complete, GFI LANguard gives you all the functionality and tools you
need to effectively install and Manage Patches
on all machines across different Microsoft operating systems and
products in 38 languages. Click Here
to view a full list.

GFI LANguard also allows auto-downloads of
missing patches as well as patch roll-back and custom software can be
deployed, resulting in a consistently configured environment that is
secure against all vulnerabilities.

Automatically Deploy
Network-wide Patch and Service Pack Management

With GFI
LANguard you can easily deploy missing service packs and patches
network-wide. GFI LANguard is the ideal tool to ensure that Microsoft
WSUS is working properly and it performs tasks WSUS does not, such as
deploying Microsoft Office and custom software patches. GFI LANguard
also provides you with new features such as patch auto-download and
patch rollback. It is also Unicode compliant and able to support patch
management in all the 38 languages currently supported by Microsoft. The
network administrator has the option to either manually approve each
patch or set all Microsoft updates as approved. If patches are approved
manually the network administrator can choose to receive email
notifications when new Microsoft updates are available.

Automatic
Remediation of Unauthorized Applications

Remediation
operations can be triggered automatically at the end of scheduled scans.
Apart from reporting on all installed applications, GFI LANguard allows
the user to define which applications are authorized or not authorized
to be installed on the network. This list of applications can be easily
defined for each scanning profile using the Applications Inventory Tool.
During a scan, any unauthorized applications are identified and
(optionally) uninstalled automatically by GFI LANguard. An integrated
Auto-Uninstall Validation tool is provided to help identify which of the
detected applications support silent uninstall and can thus be safely
and automatically uninstalled.

Remote Desktop Connection
GFI
LANguard allows the useful option of a remote desktop connection to fix
security issues on scanned computers that cannot be fixed
automatically.

Deploys Custom and Third Party Software and
Patches Network-wide

Besides Deploying
Patches and Service Packs
, GFI LANguard enables you to easily deploy
third party software or patches network-wide. You can use this feature
to deploy client software, update custom or non-Microsoft software,
virus updates and more. The custom software deployment feature means you
can do without Microsoft SMS, which is complex and tooexpensive for
small to medium sized networks.

Network and
Software Auditing

GFI LANguard’s Network
Auditing
function tells you all you need to know about your network
– what USB devices are connected, what software is installed, any open
shares, open ports and weak passwords in use and hardware information.
The solution’s in-depth reports give you an important and real-time
snapshot of your network’s status. Scan results can be easily analyzed
using filters and reports, enabling you to proactively secure the
network by closing ports, deleting users or groups no longer in use or
disabling wireless access points.

Extended Hardware
Auditing Facility

GFI LANguard can now show detailed
information about the hardware configuration of all the scanned machines
on your network. All devices from the Device Manager
tool from Windows operating systems are retrieved including
motherboard, processors, memory, storage devices, display adapters, and
much more. Using baseline comparisons you can now check whether any
hardware was added or removed since the last scan.

Automatically
Receive Alerts of New Security Holes

GFI LANguard can
perform routine scheduled scans and can automatically compare results to
previous scans. Any new security holes or security set-up changes
discovered on your network are emailed to you for analysis. This enables
you to quickly identify newly-created shares, installed services,
installed applications, added users, newly-opened ports and more. GFI
LANguard will generate specific reports and email notification whenever
there are software or hardware changes detected within the audited
network. Our reports also show what remediation operations were
performed.

Check to Ensure Security Auditing is Enabled
Network-wide

GFI LANguard checks if each NT/2000/XP/VISTA
machine has security auditing enabled. If not, GFI LANguard alerts you
and allows you to enable auditing remotely. Security event auditing is
highly recommended as it detects intruders in real time.

Scan
and Retrieve OS data from Linux Systems

It is possible to
remotely extract OS data from Linux-based systems and scan results are
presented in the same way as for Windows-based computers. This means
that both Linux and Windows-based computers can be analyzed in a single
scanning session! GFI LANguard includes numerous Linux security checks
including rootkit detection. GFI LANguard can use SSH Private Key files
instead of the conventional password string credentials to authenticate
to Linux-based target computers.

Additonal
Features

A Fresh New Look
GFI LANguard now
ships with a new user interface which allows network administrators to
easily scan the network, perform vulnerability assessment, retrieve
relevant security information, analyze the results, generate reports and
remediate the security issues that were detected.

Monitoring
Dashboard

The GFI LANguard dashboard shows summarized
results of all scans from the database and provides and overview of the
most vulnerable computers and security status trends of the network.

Multiply
the Value of GFI LANguard with Powerful Reporting

Reports
are designed to satisfy the requirements of both management and
technical staff. We deliver a graphical snapshot of the security status
of your network. From trend reports for management (ROI) to daily
drill-down reports for technical staff; GFI LANguard provides you with
the easy-to-view information you need to fully keep on top of your
network’s security environment. Executive reports are now available
directly from within GFI LANguard.

We Help You Comply with
PCI DSS and Other Regulations

Starting in September 2007
all businesses handling cardholder data, regardless of size, have to be
fully compliant with strict security standards drawn up by the world’s
major credit card companies. GFI LANguard provides complete
vulnerability management coupled with an extensive ReportPack add-on.
That makes GFI LANguard the essential, cost-effective solution that your
organization needs to safeguard your network and gauge the
effectiveness of your PCI compliance program.

Silent
Installation Support

You can perform an unattended default
installation of GFI LANguard on multiple computers in the background
without any user interaction or intervention. Customization of the
deployment parameters is also possible through the creation of Microsoft
Transform (MST) files.

More
Information about MST files

Predefine
Authentication Details

GFI LANguard allows you to store
separate authentication details for every target computer on your
network, avoiding the need to specify authentication credentials prior
to every scan. In a single scanning session, it is possible to audit all
the targets in your network, even if they require different
authentication details and/or methods.

Support for Virtual
Environments

Organizations that are currently using or plan
to use virtualization on their network can still install and use a
range of GFI products with confidence. GFI LANguard supports and runs on
the most common virtualization technologies in use, namely VMware,
Microsoft Virtual Server and Microsoft Hyper-V.

Localization
GFI
LANguard has now been localized into Italian and German.

Other
Features:

  • Automatically checks the password policy
    for all machines on the network
  • Checks for programs that run
    automatically (potential trojans)
  • Finds out if the OS is
    advertising too much information
  • Performs simultaneous scans
    through the multithread scan engine
  • Provides NetBIOS hostname,
    currently logged username and MAC address
  • Provides a list of
    shares, users (detailed info), services, sessions, remote TOD (time of
    day) and registry information from remote computer (Windows)
  • SNMP
    device detection, SNMP Walk for inspecting network devices like
    routers, network printers and more
  • Offers alternative command
    line deployment tool
  • Identifies all installed Windows services
  • Support
    for Microsoft Windows Vista

You're in Great
Company...

Over 20,000 companies have chosen GFI LANguard.
Click
here to view Case Studies and Testimonials

 

CevapAlıntı
Gönderildi : 23/05/2010 22:30
 Anonim

Herkese çok teşekkür ederim yardımlarından dolayı. Rıza Şahan bey aktarmış olduğunuz konu hakkında biraz daha açıklayıcı bilgi verebilirseniz çok sevinirim. Teşekkürler kolay gelsin.

CevapAlıntı
Gönderildi : 24/05/2010 12:18
Rıza ŞAHAN
(@www-rizasahan-com)
Değerli Üye Forum Yöneticisi

Merhaba 


Bu ayarı yapmak istediğiniz kullanıcı üzerinde Başlat-->Çalıştır-->gpedit.msc yazın.Aşağıdaki ayarı etkin ederek.Gpupdate /force komutunu çalıştırın.


a.jpg

CevapAlıntı
Gönderildi : 24/05/2010 12:32
 Anonim

Yardımlarınız için teşekkürler kolay gelsin.

CevapAlıntı
Gönderildi : 25/05/2010 23:52
Paylaş: