Patch Management In The Enterprise, Part I

Common Issues To Address

In an enterprise-level environment there are several issues that need to be addressed with respect to the application of security patches. These can often be dealt with through automated tools, or through manual processes. Let us run through a couple of the common issues.

Patching Remote Clients

When your organization has to deal with a large number of remote clients that are accessing your network via dial-up or VPN services, patching them could prove to be a problem. Depending on how many patches Microsoft (or other vendors) may release in any given month, you might have to apply several megaBytes of patches to a machine that is connected via a slow link.

On the technical side of the equation, several patch management tools are capable of leveraging the Background Intelligent Transfer Service (BITS) to "trickle" patches out to remote clients without immediately occupying all available bandwidth. If the user disconnects, that is no problem - the patch download will resume the next time the user connects.

If the above is not possible, there are manual processes that you can put in place. Certain organizations still create CDs each month and distribute them via snail mail to remote clients. The monthly security patches can be encapsulated in "Run-as Pro", which allows them to be installed by a user who does not have local administrative privileges.