Windows Update

[murray654]

Hi Security Gurus,

I have a network of +/- 20 XP / Win7 computers which I need to have access to Windows Update.

I need specific Windows Update URLs to "allow" (all other requests are denied)

At the moment Automatic updates never seem to happen, but if I manually go to Windows Update, then Windows finds lots of updates to download, sometimes > 250mb.

How can I get the automatic updates working?

Is there a list of URLs for windows update available somewhere?

Cheers,

Murray

 

[Nod]

Maybe set up WSUS (http://technet.microsoft.com/en-us/wsus/default.aspx) in order to download updates only once?
Here is a PDF with details on firewall settings to allow access to MS update services.

 

[murray654]

Maybe set up WSUS (http://technet.microsoft.com/en-us/wsus/default.aspx) in order to download updates only once?
Here is a PDF with details on firewall settings to allow access to MS update services.

Hi

Should have mentioned that this is peer to peer network, no server.

I will compare the list of URLs in the PDF with my list... Thanks for that.

Cheers,

Murray

 

[murray654]

Added *ntservicepack.microsoft.com*, *v5.windowsupdate* to my allowed list, waiting to see what happens.

 

[paul5186]

Are any of your computers running through a firewall or proxy? There should be no real reason why automatic update is not working? Or is it just a few computers that dont?

 

[Conradl]

Try this: http://www.autopatcher.com/

 

[murray654]

Are any of your computers running through a firewall or proxy? There should be no real reason why automatic update is not working? Or is it just a few computers that dont?

I use a proxy server. The rules are built into the proxy server. The box (winxp) running the proxy server has a software firewall (norton). Then the router is also a firewall. The ISP also runs a (transparent) proxy server, or they did in the past.

There is a rule to allow a list of URLs (windows update) This is the contents of the list:

*windowsupdate.microsoft.com*, *download.windowsupdate.com*, *windowsupdate.microsoft.com*, *update.microsoft.com*, *ntservicepack.microsoft.com*, *wustat.windows.com*, *v4.windowsupdate*, *v5.windowsupdate*, *www.microsoft.com/isapi/redir.dll*, *microsoft.com/officeupdate*, *crl.microsoft.com*, *download.microsoft.com*, *support.microsoft.com*, *officeupdate.microsoft.com*, *productactivation.one.microsoft.com*

The bold items are new. Then these entries also appear to allow various security updates/ software downloads....

*eset.com*, *grisoft.cz*, *grisoft.com*, *akamai.net*, *antivir.de*, *avgate.net*, *verisign.com*, *symantecliveupdate.com*, *liveupdate.symantec.com*, *update.symantec.com*, *community.norton.com*, *symantec.com*, *vmn.net*, *teamviewer.com*, *dyngate.com*, *cyberpatrol.com*, *malwareremoval.com*, *lavasoft.com*, *download.com*

 

[murray654]

Try this: http://www.autopatcher.com/

Hi Conradl,

I took a look but decided it would require too much of my time. Once a month I would have to download all the updates and then run this tool on each machine.

I think "autopatcher" is miss named: theres nothing automatic about it.

I just want automatic updates thanks.

It would be useful if you re-format your windows partition every 2 weeks, but who has time for that?

There is a chance that I have to eat my words when the occasional hard drive fails, but I'll take my chances.

Cheers,

Murray