St. Bernard Software v7.01 User manual

Brand: St. Bernard Software

Model: v7.01

Type: User manual

This manual is also suitable for

Webcam v7.01

UpdateEXPERT

®

Premium

v7.01EvaluationGuide

St.BernardSoftware,Inc.

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide

Informationinthisdocumentissubjecttochangewithoutno tice.Thisdocumentmaybe

distributed freely only in whole, however no altera tions are allowed without the

expressedwrittenconsentoftheauthor,St.BernardSoftware,Inc.

©20012005St.BernardSoftware,Inc.Allrightsreserved.

UpdateEXPERT is a registered tra demark of St. Bernard Software, Inc. St. Bernard

SoftwareandtheSt.BernardSoftwarelogoaretrademarksofSt.BernardSoftware,Inc.

Mic rosoft, Windows, Windows NT, W indo ws 2000, .NET a nd Windows XP are either

registered trademarks or trademarks of Microsoft Corporation in the USA and other

countries.

Allotherproductandcorporate na mesmaybetrademarksorregisteredtrademarks,and

areusedonlyforidentification,withoutintenttoinfringe.

Duringinstallationyoumustagreewiththeenduserlicenseagreement(EULA)before

usingUpdateEXPERT.

FormoreinformationaboutSt.BernardSoftwareandUpdateEXPERT,checkusouton

the Weba t http://www.stbernard.comandhttp://www.updateexpert.com.

Note: IfyouneedassistanceevaluatingUpdateEXPERT,pleasecontactourTechnical

Supportdepartment.

ContactInformation

St.BernardSoftware(NorthAmerica,SouthAmerica,PacificRim)

15015AvenueofScience

SanDiego,CA,92128

SalesPhone:800.782.3762

SalesFax:8586762299

SalesEmail: sales@stbernard.com

TechnicalSupportPhone:858.676.5050

TechnicalSupportFax:858.676.5055

TechnicalSupportEmail:support@stbernard.com

St.BernardSoftware(Europe,Asia,Africa)

Unit4

RiversideWay

WatchmoorPark,Camberley

Surrey,UK

GU153YQ

44.1276.401.640

Sales:44.1276.401.640

TechnicalSupport:44.1276.401.642

Fax:44.1276.684.479 

TechnicalSupportEmail:[email protected]ernard.com

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 1

TableofContents

Note:TOCitemsarehyperlinks,useMouseRollover,thenclick.Also,anyreferenceto

UpdateEXPERTinthismanualimpliesUpdateEXPERTPremium.

TableofContents........................................................................ ....................................1

Purpose.............. ...................................... ...................................... .................................3

UpdateEXPERTPremiumOverview .................................................. .............................3

InstallUpdateEXPERTPremium...... ...................................... ...................................... ...4

IdentifytheWebProxy(ifapplicable) ................................ ...................................... ......10

DownloadtheLatestUpdateEXPERTDatabase ................ ...................................... .....11

Enumerate(Discover)Machines ...... .................................................................... .........11

Que ryyourUpdateEXPERTMachine.................................................................. ..........12 

AgentlessQueryRequirements.................................................................. ...................13

DownloadPatches .. ...................................... ................................................................14

NamedPolicies(“InstallRequired”command).......................... .....................................16

ConformanceReporting .................................................................... ............................17

OtherReports.............................................................. ...................................... ............1 8

InstallingMasterorLeafAgents....................................................................................19

LeafAgentConfiguration .......................................... ...................................... ..............21

What’sNext?.................................................................. ...................................... .........22

ValidatingPatches .................................................. ......................................................23

Logging .......... ...................................... ...................................... ...................................24

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 2

SecurityEXPERTOverview ............................................................ ...............................25

ConfigureSecurityEXPERTWebProxy ...................... ..................................................26

DownloadSecurityEXPERTTemplates.......................................................... ...............27

CreatingaSecurityEXPERTPolicy ............ ...................................... .............................28

AssigningtheSecurityEXPERTPolicy ..........................................................................31

TestingSecurityEXPERTCompliance............................................................ ...............31

ModifyingtheSecurityEXPERTPolicy.......................................... .................................33

EnforcingtheSecurityEXPERTPolicy.............................. ...................................... .......33

UsingProfileswithSecurityEXPERT........................................ .....................................35

ThankYou!........................ ...................................... ...................................... ................37

AppendixA–CustomInstallOptions .. ...................................... ....................................38

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 3

Purpose

The Evaluation Guide exists to assist in the initial installation, basic usage, and evaluation of

UpdateEXPERT Premium.  This is speci fically intended to help evaluators make an informed

decisiontowardstheacquisitionofasuitablepatchandsecuritysettingsmanagementproduct.

UpdateEXPERTPremiumOverview

Easy Installation – A “Typical” UpdateEXPERT Premium installation now includes settings

management(SecurityEXPERT)inadditiontopatchmanagement.MSDEisincluded(oryoumay

useSQLServerifavailable)forstori ngNetworkTreedata(suchasmachines&queryresults)

and settings managementdata(security points & machinescansetc.). YoumayInstall on any

versionofWin2K,XPPro,andWin2003.IISisrequiredforSetti ngsManagement.

Unified MasterAgents – New for UpdateEXPERT Premium is support for simultaneous

MasterAgent connections, easing administration in enterprise networks. See “What’s New in

UpdateEXPERT Premium”foramenuofnewUpdateEXPERTPremium features.

Agentless Patch Deployment – this al lows patch deployment without installing Agents on

clientmachines.Agentlessdeploymentisappropriateforrapidpatchdeploymentwithminimal

installationoverhead.Agentlessletsyoumeeturgentsecuritypoli cyrequirementsquickly.

OptionalAgentsLeafAgentsarenotrequired,butarerecommendedforspecificconditions

orneedssuchas:

HardenedEnvironments

Disconnectedand/orWakeonLanMachineSupport

LowBandwidthConnections

Scaling(reducednetworkbandwidthuse)

LeafAgents and additional MasterAgent deployments can be combined to support large or

delegated patch management needs.  The Administrator can deploy Agents to meet network

needs,withoutincurringadditionaldeploym entcosts.

Deployable Console  You can delegate patch management by deploying the console

componenttoothers.User“Roles&Rights”supportgranularaccesstocapabilities.

Comprehensive Patch Database  SBS provides its own highquality, independent and

proprietary database for detection of installed vs. notinstalled patches, and intelligent

presentationofapplicabl epatchesforclientmachines.ThePatchInstallWizardintegrateswith

the database for grouping patches, presenting patch options, displaying diagnostic patch

deploymentmessages,andcontrollingreboots.SeethelatestinformationonsupportedOSes,

ApplicationsandLanguages(2pagePDF).

Private&CustomFixes–Companyspecific(private)hotfixesfromMicrosoftcanbeaddedto

thedatabaseuponrequest,thendeployedcompanywideforyourconvenience.Nonsupported

orinhousepatchesmaybedeployablewi thCustomFix.

InstallerService SBSprovidesitsowninstaller/schedulingservice(ratherthanMicrosoft’s)

thatispersistentacrossrebootsand shutdowns,ensuringpatchinstallationoccurs.

Disconnecte d Networks – SBS provides its own utility (upon request, at no charge) for

updatingUpdateEXPERTinstancesi nstalledinnoninternetconnectednetworks.

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 4

InstallUpdateEXPERTPremium

ThisEval Guideexampleillustrates a new installati on of UpdateEXPERTPremium.Loginwith

Administrator privileges. Download the UpdateEXPERT Trial Software. When prompted, click

SAVEtodownloadthecompressedfile(~120MB)toyourlocaldisk.Whenpromptedagainclick

RUNtolaunchtheselfextractiondialogue(screenshot).Inthe examplebelowanewfolderwith

installationfilesinitwillbecreatedonthedesktopforeasyaccesstoSetup.exe.

DoubleclickonSetup.exe. ClickNext.

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 5

ClickNext

EntertheTrialSerialNumberfromtheemailcalled“UpdateEXPERTDowloadRequest.”You

mayalsorequestatrialserialnumberusingthebuttonshownbelowtolaunchawebform.

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 6

Typical will instal l all components, i.e., Console Application, Patch Management Server and

SettingsManagementServer.CustommaybeusedtoinstalltoanexistingLocalSQLinstance,

exclude“SettingsManagem ent”,orinstalltheConsoleandAgentInstaller Applicationsonly. For

examplescreenshotsandnotes,see“ AppendixA–CustomInstallOptions.”

ClickInstall

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 7

You will see a “Performing Initialization Check … Please Wait” message.  In 12 minutes

status m essages and the status bar will become active. UpdateEXPERT and MSDE files are

loaded...

FileLoadingresult sin3UpdateEXPERTdirectories…

1. C:\ProgramFiles\St.BernardSoftware\UpdateEXPERT

2. C\ProgramFiles\CommonFiles\UpdateEXPERT

3. %Systemroot%\UEAgent

Note:%Systemroot%willbeC:\WINNTorC:\WINDOWS.

…andcreationofanMSDEdirectory,oruseofanexistingSQLdirectory:

· C:\ProgramFiles\MicrosoftSQLServer\MSSQL$SBSDBorMSSQL$LocalSQLInstance

Note:TheMasterAgentisstartedautomatically... lookforUEAgentintask manager,ortheserviceslist.Therearealso

severalchildprocessesspawnedbyUEAgent,theirnamesallstartwith"UE"suchasUEFile,UELogetc.

PatchTargetsusethisworkingdirectoryduringpatching:

· %Systemroot%\ue_i nstalls

If SettingsManagem entis included,therewillbe3Settings Management di rectories,and they

willbemappedasVi rtualDirectoriesinIIS:

1. C:\inetpub\wwwroot\SecurityEXPERT

2. C:\inetpub\wwwroot\SEServerWS

3. C:\inetpub\wwwroot\SBSCorporateClientWS

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 8

LaunchUpdateEXPERT...clickFinish

Doubleclickthe‘agentsconnected’messageonthestatusbartose econnectedagents(1atthis

point).Below,twoconnectedMasterAgentsare shownasanexampleofmultipleconnections.

Note: If you didn’t login with Administrative rights, you may be prompted for credentials. The

display areas include Network Pane (upperleft), Updates Pane (upperright), and Browser

Pane(bottom).TheJobStatus Taballowsviewingjobandtaskhistoryinformation.

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 9

Note:WhenyoudeployadditionalMasterAgents (usingFile>Agent>InstallWizard)youcan

connecttothemusingFile>Agent>Connect/Configure.AdditionalMasterAgentsaretypically

deployedfordelegationorscalingreasons.

The Network Pane (upperleft) is where you “discover” machines, simply by expanding the

WindowNetworkorActiveDirectoryobjects.Theseviewsareidenticaltoviewingyournetwork

from“NetworkNeighborhood”.Unixmachinescanalsobediscoveredwith“Network>IPScan”,

andaddedtotheUNIXobject.IPScanworksforWindowsmachinesalso, buttheyareaddedto

the Domain tree. Groups and Profiles are empty till  you create a Group, or run the Profile

Wizard.See“Help>Contents”toaccesstheonlineUserGuideformoreinformation.

The Updates Pane on the right (empty on initial launch, as shown above) populates with

machinespecific patch information (installed & notinstalled patches) when you Query one or

more machines. Note: configure your Web Proxy (next topic), then Download the latest

databasebeforequeryingtargetmachinesforameaningfulandaccuratepatchinventory.

TheWebBrowsertab(shownonpriorpage)displays:

· Announcements(upgrades,etc.)

· Linktothe“UpdateEXPERTKnowledgebase”

· Linktothe“PatchInformationDatabase”

· KBArticlesforWindows,Solaris,RedHatLinuxplatforms

· HTMLreports

Linksontheleft(shownonpriorpage)allow:

· Checkingyoursubscription

· DownloadingtheDeploymentGuide(moredetailonAgentArchitecture)

· Submittingsupportrequestswithaform

TheJobStatustaballowsdisplayofUpdateEXPERTeventhistory.Thisisa3leveldrilldown.

At the top level one or more MasterAgents are listed. Next/Back allow drillingdown to Job

StatisticsandTaskStatisticslevelsfordetailsaboutvariousoperations.Allstatusinformationcan

bedeletedfromJobStatustab.Machinespecificstatusinformationcanalsobedeletedfromthe

DeploymentStatuswindow.

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 10

IdentifytheWebProxy(ifapplicable)

IfyourorganizationusesaWebProxyServeryouneedtoidentifyitsothatUpdateEXPERT can

successfullysubmitURLrequeststoSt.BernardandMicrosoftwebsitesfordatabaseupdates,

andpatchdownloads.

Navigateto"File>Agent> Settings>Internet"andidentifyyourwebproxyserver.Itisbestto

enter t he information for the "Global Agent". The Global Agent represents default settings

appliedautomaticall ytoaMasterAgentandallofitsLeafAgents.

Asbrowsershaveevolved,theFTPsettingshavebecome“legacy”itemsthatdon’tusuallyneed

tobespecified. TestProxiesbuttonisusefulfortestinginternetaccess.

Note:ThefollowingURL'smustNOTbeblockedbyaWebProxyorbyaFirewall,forsuccessful

UpdateEXPERTdatabase/productupdates.Thisisusuallynotanissuebutismentionedjustin

casetherearefirewallorwebfilteringrestrictionsinyourenvironment.You’llreceiveadownload

errormessage(seethenextsection)iffirewallrestri ctionsarepreventingadatabaseupdate.

http://www.stbernard.com

http://ueupdates.stbernard.com

http://patches.stbernard.com (forRedHatLinuxpatchdownloadsonly)

Iffirewallissuespersist,seeInternetFirewallRequirementsformoretips.

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 11

DownloadtheLatestUpdateEXPERTDatabase

Do“Help > UpdateDatabaseNow”andwaitat least aminuteforadialogueboxtocomeup

asking if you want toupdate your database. Cl ick Yes to update(actually replace)theexisting

database files with new database files immediately, or simply wait for the countdown timer to

expire

After this initial database update, UpdateEXPERT will automatically checkfor a new database

every 6 hours by default. You may reconfigure this by going to “File > Agent > Settings >

Updates”andchangingtheschedulingoftheautomateddatabasecheck.

Confirmyouhavethelatestdatabaseandproductbuildbyl ookingfor"CurrentUpdateEXPERT

Database: XXXX"onthe database Information webpagemaintainedbySt. BernardSoftware.

This information is updated frequently by our internal TechSupport staff, informing the

UpdateEXPERTcommunityaboutrecentlyaddedpatchestotheUpdateEXPERTdatabase.You

can"bookmark"thislocationtohelpduring“PatchTuesdays”(Microsoft’smonthlysecuritypatch

releases). AlinkisalsoavailableintheUpdateEXPERTUserWebframe.

IfthereisaWebProxy,Firewall,orsom eotherconnectivityissue,youwill likelygetthemessage

"Unable to request update information from St. Bernard Software". Please contact your

internal network support stafffor assistanceand providethemwiththeURLs that mustnotbe

blocked.andultimatelyUpdateEXPERTTechSupportiftheissuepersists.

Enumerate(Discover)Machines

Enumerateyournetworkbyexpandingthe"MicrosoftWindowsNetwork"toseeyourdomains.

Expand the domain with your UpdateEXPERT machine in it. Expanding the network objects

initiallypopulatesthenetworktree.InthefutureyoucanEnumerateondemandtopickupnewly

added hosts, as shown below. The command is available (rightclick) at the Domain and OU

level,andthenetworkobjectlevel(forexample,ActiveDirectory).Youmaydeletedomainsor

machinesfromyourviewwithrightclick>Delete.Youmayalsouse“View>MachineFilter”for

definingmachinedisplaycriteria(name,agenttype,etc.)Thesesettingsaresavedonaperuser

basis.

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 12

QueryyourUpdateEXPERTMachine

Begin by querying a machine you have Administrative rights on, i.e., your UpdateEXPERT

MasterAgent machine, as a means of testing and learning.  Select (highlight) your

UpdateEXPERT machine,rightclick,do1)“Setcredentials...”andentervalidcredentials.Then

do2)ManageSelected(decrementslicensecount).Themachinenamewillboldandmeansthe

machine is eligible for querying and patch deployment.  Then do 3) Query to get a patch

inventory. Note:aGloballyUniqueMachineID(“GUID”)iswrittentothetargetmachinewhen

you“m anage”it.Ifyougetpromptedforcredentialsusi ng“ManageSelected”itisbecauseyou

havenotused “ SetCredential”atthedomain/ADcontainerlevel,orthemachinelevelyet,orthe

credentialsareinvalid.Enteradmincredentialswhenneeded,andtheMachineIDwillbewritten.

ThendotheQuerycommandagain.

Next,see"Icons"quickreferencetoquicklygetfamiliarizedwithUpdateEXPERTicons.Usethe

applicationTabs(below)toseehowpatchesaregrouped,clickanyofthecolumnheadersfor

sorting. Patchesaresortedby Release Date(new to old) by defaul t. Sortingonthe “balloons”

(GreenBalloonsrepresentinstalled patches. GreyBalloonsrepresent uninstalled patches.), or

patchtype(see“key”i consbelowforsecurit ypatches)areuseful,forexample.

Whenyouwishtoquerymoremachines,youwillneedtoselectadomain/ADcontainer,oroneor

more individual machines, and use Set Credential to specify a domain or local machine

administrativeaccountthatwillallowyoutoquery.

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 13

AgentlessQueryRequirements

Theserequirementsaretheresultofdefaultinstall ationsforNT4/W2K/XP.Youwouldhaveto

disabletheseservicesandshares,andrestrictaccess,tofallshort oft herequirements.Inorder

toinstallOSupdatesremotelyyoumusthavetheaccessrightstoremotelyaccessandmodify

theregistryandsystemfilesonthetargetsystems.

AdministratorAccount(DomainorLocal)withadministratorrightsontargetmachines

RequiredServices,inadditiontothebaselineRPCService(ConsoleandTargetmachines):

RemoteRegistry

Server

Netlogon

FileandPrintSharing(NICconfiguration)

ShareAccess:

Admin$enabledandaccessiblebyUEaccount

IPC$shareenabledandaccessiblebyUEaccount

Adminsharesforotherdriveswhoseinstalledcomponentsmaybequeried.

RemoteRegistryAccess–"FullControl"permissiontotargetmachineregistry.

TheaccountusedforaccessmusthaveFullControlremoteaccesstot heregistryofthetarget

system.YoumustbeabletoopentheremoteregistryofthetargetsysteminREGEDT32onthe

UpdateEXPERT Console Machine. T his procedure will confirm remote registry access and

accesstoIPC$:

1) Launch REGEDT32 on the UpdateEXPERT Console Machine. Choose "RegistrySelect

Computer"andenterthenameofthetargetsystem.Inthisremoteregistry,goto:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg

2)Withtheabovekeyhighlighted,choose"SecurityPermissions"fromthetopmenu.Youmust

beamemberofthegroupthathasFullControlaccesstothiskeyanditssubkeystosuccessfully

Queryasystem.

WindowsXP/2003RemoteL oginAccess policymustbeset to“Classic”mode:GotoStart>

Programs > Administrative Tools > Local Security Settings > Local Policies > Security

Optionsandclickthe"Networkaccess–SharingandSecurityModelforLocalAccoun ts"

item. Change the policy to the "Classic" selection. This al lows a remote login to remain

themselvesinsteadofbeingmappedtotheguestaccount.

Windows XP/SP2 tightens security. Please see t his XP/SP2 article which tells you how to

configurethefirewalltoallowqueries(ofcourse,youcanturnofft hefirewallontheclientsideif

youwish,temporarilyorpermanently).

Formoredetailontheissuesabove, clickhere.

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 14

DownloadPatches

Note:Patches which arenot downloadedalready,areautomatically downloaded bythe Patch

InstallWizard.Herewedoitmanuallyprimarilyasalearningexercise.

Select(highlight)oneormoreuninstalledpatches,rightclickand“Download”. DisketteIcons

willturnbluewitharedarrowwhiledownloading,andwillturnsolidblue(shownbelow)when

successfullydownloaded. Greymeansnotdownloaded.

Thedisketteswillturnorangeifthedownloadfails.Thisistypicallyaproxyorfirewallissueifthe

problem persists. By default, patches are downloaded to %systemroot%\UEAgent\Download

and given a unique RepositoryID that can be easily crossreferenced to the Microsoft name

usingtheNameandRepositoryIDcolumnsintheUpdateEXPERTinterface(shownabove).

ThedownloadRepositorycanbereconfigured ( File>Agent>Settings)tobeanonbootdrive

(D:forexample),oranetworkshare(UNCsyntaxonly,notmappeddrivelett ers).

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 15

InstallPatches

Suggestion:Forthemoment, installpatchesonyourUpdateEXPERTmachine.Later,youcan

deploytoothermachines.

Select(highlight)oneormoreuninstalledpatches,rightclickand“Install”. T hiswilllaunchthe

PatchInstallWizard,whichintegrateswiththedatab aseforgroupingpatches,presentingpatch

options(seebelow),displayingdiagnosticpatchdeploymentmessages,andcontrollingreboots.

Setaninstall timeafewminutesinthefuture(uncheck“InstallNow”andsettheminutesvalue

ahead).

When you “Finish” the wizard, patch instal lation instructions, the persistent installer, and the

patchesthemselvesaretransferredto%systemroot%\ue_installsonthetargetmachine.

When the transferiscomplete, the “DeploymentStatus” commandwill showPending. Also,

thereisaJobStatusTabwhereahistoryofUpdateEXPERTeventsiskeptperMasterAgent.

Note that the files in ue_installs are deleted after the installati on, and the installation serv ice

uninstallsitself,leavingacleanmachine.ThislogicappliestoLeafAgenttargetsalso,exceptthat

theinstallerservicefilepermanentlyresidesontheLeafAgentmachine.DeploymentStatusor

JobStatuswillnowshowCompleted,orpossiblyanerroriftherewasanissue.

Nowquerythemachineagainandverifythepatchesareinstalled(greenballoons).

Note:Itisalwaysrecommended(forthisevaluation,andasageneralrule)thatallpatchesbe

testedbeforedeploymentintheproductionenvironment.

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 16

NamedPolicies(“InstallRequired”command)

Togetstarted,selectyourUpdateEXPERTmachineandopenthePol icyEditorfortheDefault

policyasfollows;Policy>Open>Default>Open. Youmaynowcheckoneormorepatchesas

required(examplebelow). Atthispoint,youshouldbeinthePolicyEditorfor“Default”,assho wn

below.  Checking an update makes it “global” in the sense that it will update all applicable

machines(ignoringnonapplicablemachines)whenyoudoInstallRequired. Policy>Newlets

you create additional named policies if you wish.Once policies are created and saved (Policy

Editor>Save),userightclick>AssignPolicytoassociateanamedpolicytoyourmachine.

Beforedeployingrequiredupdates,let’srunaconformancereporttoseeifyourmachineis“out

ofcompliance”(asitshoul dbe,untilpatched).Basically,weneedto1)“check”anupdateforthe

Default Policy (and save it), 2) assign the Default policy to the machine, 3) configure

Conformance Report options, and 4) run the report. So, pick a “notinstalled” patch for your

machine,checkthepatchinthePolicyEditorineithermachineorResearchView(asexplained

next),andassi gntheDefaultpolicytoyourmachine.ThenseeConformanceReporting(below).

With your machine selected, do View > Research View or click the button circled below, to

switchtoResearchView,whichisalistofeverypatchavailableintheUpdateEXPERTdatabase.

Required Updates canbespecified herealso.Most patches apply tomultipleplatforms.When

you check/uncheck the patch, multipl e line items will be automatically checked/unchecked for

you,formultipleplatforms.Below,asanexample,weselected898060forWindowsXP(yellow).

Uncheckinganyoneofthemunchecksthemall.

Note:UsetheCheckmarkbuttontofilteroutallbutthecheckeditems.Gobacktothemachine

detailviewbydeselectingthebuttoncircledabove(thebutt onhighlightgoesaway).

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 17

ConformanceReporting

ConformanceReportingtellsyouwhetherRequiredUpdateshave,orhavenot,beeninstalledon

specificmachines.Youcan,forexample,deployarequiredupdate,requerythemachines,and

runaConformancereporttoseeifanymachinesweremissed(thesecouldhavebeenofflinefor

example,orunreachablebecauseofhardening).

TochecktheConformanceReportconfiguration,gotoView>Options>ConformanceReport

>IncludeNotInstalled, andv erifythat “Includerequiredupdatesthatarenotinstalled”is

checked (as shown below). Make sure Include Installed options are unchecked. This will

simplifythereportforev aluationpurposes.

GotoReports>ConformanceReportandrunthereportforyourselectedmachine.

à

YoushouldgetoutputsimilartobelowintheWebBrowsertabofUpdateEXPERT.

St.BernardSoftware,Inc.  ProtectingYourNetworkInvestment

June19th,2006 UpdateEXPERTPremiumv7.01EvaluationGuide 18

Select only your machine, rightclick and Install Required to deploy required updates to all

selectedmachines(yourselfatthispoint).ThiswilllaunchthePatchInstallWizardagain.Click

throughthedialoguetoinstalltherequiredupdatesonyourmachine.Reruntheconformance

report,yourmachineshouldNOTshowupunder“DoesNotConform”.

Notethatyoumayexportacombinationmachine/conformancereporttoCSVform atwithFile>

Export. This is explained in more detail below. Finally, an important reporting benefit in

UpdateEXPERTPremiumistheabilityt oaggregatedatafromMultipleMasterAgents.Thislets

youproduceasi ngleconformancereportwhileconnectedto2ormoreMasterAgents.

OtherReports

Note: The console aggregates report data from all connected MasterAgents. This

consolidateddatacanalsobeexportedwithFile>Export(seebelow).

· TheMachineInfoReportprovidesalistofmanaged/queriedmachinesandtheupdates

installedandnotinstalledonthem.

· TheConformanceReportprovidesalistofthemachinesthatdoanddonotconformto

theRequiredPolicy.Itli ststhepatchesfromthePolicythataremissingandpresenton

themachines.

· TheErrorsReportprovidesinformationonanyqueryerrors.

· The Deployment Report provides information on deployment status, start times, stop

times,andanydeploymentorinstallationerrors.

· TheValidation Reportwillprovide alistofmachinesandtheir patcheswithvalidation

problems.

· TheDetectionErrorsReportprovidesinformationonanypatchdetectionprobl ems.

· "File>Export"combinesMachi neandConformanceintoasingleCSVoutputfilethat

canthenbemanipulatedinforreportingpurposes,orimportedtoaSQLdatabaseforthe

samereason.Administratorsmanagingdifferentnetworksornetworkregionscanruna

CSVreport,giveitastandardnamelike"machinename_mmddyy.csv",andplaceitina

central collection point where it can be imported into SQL, basically creating a patch

historyfortargetmachi nes.

Page is loading ...

St. Bernard Software v7.01 User manual

Brand: St. Bernard Software

Model: v7.01

Type: User manual

This manual is also suitable for

Webcam v7.01

Download PDF

report

St. Bernard Software v7.01 User manual

This manual is also suitable for

St. Bernard Software v7.01 User manual

Other documents