Enterprise Update Server and Symantec AntiVirus
|
Instructions for Enterprise Update Server Deploys Microsoft Security Fixes and Hotfixes Automatically Please contact 955-HELP For Issues Enterprise Update Server – This enterprise server will allow systems connected to it the ability to obtain Microsoft hotfixes and security fixes automatically. Requirement for the Enterprise Update Server are: - Microsoft 2000 systems must have Service Pack 4.
- Microsoft XP systems must have Service Pack 1 or greater.
- PC’s MUST BE RESTARTED ON A FREQUENT BASIS (DAILY PREFERRED) TO ACTIVATE UPDATES.
Introduction Enterprise Update Server provides a solution to the problem of managing and distributing critical Windows patches that resolve known security vulnerabilities and other stability issues with Microsoft Windows operating systems. This software updates Windows® 2000, Windows XP, and Windows Server 2003 operating systems on any corporate network. It is not intended to serve as a replacement to your enterprise software-distribution solution, such as Microsoft Systems Management Server (SMS) or Microsoft Group Policy-based software distribution. The Auto-update client is included in Windows 2000 SP4, Windows XP SP1 or higher, and Windows 2003 Server Operating Systems. If a client was previously connected to the Enterprise SUS Server it will need to be updated with the latest Automatic Updates Client. Enterprise Update Server can automatically upgrade the client system and then it will begin to receive updates from Enterprise Update Server. For more information see the following FAQ on Enterprise Update Server:
http://www.microsoft.com/windowsserversystem/updateservices/evaluation/faqs.mspx Configuring client connections to Enterprise Update Server with Local Registry Settings Paste the text below into notepad and save the file as a .reg file to your local machine. Right click the file and chose ‘Merge.’ Or, click to download the text file and remove the .txt extension, then right click the file and chose ‘Merge.’ A) Sample registry file for East Baltimore network, Homewood network, and the remote sites that connect to each. Windows Registry Editor Version 5.00 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://jhsus.win.ad.jhu.edu"
"WUStatusServer"=http://jhsus.win.ad.jhu.edu [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"UseWUServer"=dword:00000001
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"RescheduledWaitTime"=dword:00000001
"NoAutoRebootWithLoggedOnUsers"=dword:00000000
This file will configure your computer to download all approved updates, and install them everyday at 3 AM. It will reboot the computer if the patch requires a reboot to become effective. It will prompt administrative and non-administrative users to initiate the shutdown. Administrative users can postpone the shutdown. If no action is taken the computer will restart in 5 minutes. If the computer is off during the scheduled install time, the computer will install the updates 1 minute after starting back up. If you are a member of the Enterprise Active Directory domain you can simplify your SUS deployment using Group Policy. Contact a member of the Enterprise Active Directory Management team at AD@jhmi.edu to setup your Group Policy. For more information and settings on client deployment download the Windows System Update Services Deployment White Paper, page 68 “Configure Automatic Updates in a Non-Active Directory Environment”.
http://www.microsoft.com/downloads/details.aspx Helpful links to Microsoft Enterprise Update Server information:
http://www.microsoft.com/windowsserversystem/updateservices/evaluation/faqs.mspx
http://www.microsoft.com/windowsserversystem/updateservices/evaluation/overview.mspx Technet information:
http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx
Managed Symantec Anti-Virus Client Installation Instructions Managed Symantec AntiVirus (SAV) Server – This server provides client systems the ability to obtain Symantec AntiVirus virus definition (signature) updates automatically. The server is configured to check with Symantec for new virus definition updates hourly, and propagate them to connected client systems as soon as they are received. Additionally, client systems are configured to check for their own virus definition updates if the previous set of definitions is more than three days old. Clients managed by the SAV server are required to use the "AutoProtect" setting to make sure that files are scanned for viruses as they are accessed. Software Requirements to use the SAV server are: Norton or Symantec AntiVirus Corporate Edition version 7.6 or greater
Setup instructions - Download the GRC.DAT file and follow the corresponding instructions below. Windows 2000 & XP - For SAV 9 and higher: Copy the GRC.DAT file to C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Antivirus Corporate Edition\7.5
- For NAV 7.6 and SAV 8: Copy the GRC.DAT file to C:\Documents and Settings\All Users\Application Data\Symantec\Norton Antivirus Corporate Edition\7.5
Windows NT - For SAV 9: Copy the GRC.DAT file to C:\WINNT\Profiles\All Users\Application Data\Symantec\Symantec Antivirus Corporate Edition\7.5
- For NAV 7.6 and SAV 8: Copy the GRC.DAT file to C:\WINNT\Profiles\All Users\Application Data\Symantec\Norton Antivirus Corporate Edition\7.5
NOTE: After copying the GRC.DAT file the PC can be rebooted or the Symantec AntiVirus service can be stopped and restarted for the change to take affect. The GRC.DAT file will disappear after this step. Troubleshooting If you need to uninstall a managed copy of SAV, the uninstall process will ask for a password. The password is symantec. | 
