Windows updates on Ward computers

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
pricer
New Member
Posts: 18
Joined: Thu May 08, 2008 2:25 pm

Windows updates on Ward computers

Postby pricer » Tue Aug 19, 2008 10:08 pm

My last question was not answered in the last posting, Question: Should I run the Windows XP updates once are ward computers are connected to the internet? I am sure there are many updates and patches for XP that have not been installed. Should I let the OS updates be installed by Microsoft updated? Thanks --- Roger

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Tue Aug 19, 2008 11:21 pm

pricer wrote:My last question was not answered in the last posting, Question: Should I run the Windows XP updates once are ward computers are connected to the internet? I am sure there are many updates and patches for XP that have not been installed. Should I let the OS updates be installed by Microsoft updated? Thanks --- Roger
You may find that you are not able to do Windows updates because the icons have been removed and the Windows Update feature has been disabled in the registry. When you access the Windows Update Web site or the Microsoft Update Web site directly, you receive an error message that is similar to the following:
Access Denied
Network policy settings prevent you from using Windows Update to download and install updates on your computer. If you believe you have received this message in error, please check with your system administrator.


Since most of the updates needed are part of the Windows XP SP3 you should not try to install this either until word comes down from SLC with instructions. There may be compatiblity issues between Church software and these updates. This is true also with Internet Explorer 7.

If you have already installed SP3 or IE7 I recommend you uninstall them.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

russellhltn
Community Administrator
Posts: 20757
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Aug 20, 2008 3:39 am

jdlessley wrote:If you have already installed SP3 or IE7 I recommend you uninstall them.


Is that based on knowledge of problems or is that just being cautious? As far as I have heard, there are no known problems, but you are being a beta tester if you install them.

User avatar
Mikerowaved
Community Moderators
Posts: 3131
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Wed Aug 20, 2008 12:23 pm

As we move more admin PCs on to the Internet, CHQ should realize that as good as Desktop 5.5, Symantec AV, and the ASA firewall might be, they are still inadequate if an OS and installed software have not applied all the upgrades and security patches available from the manufacturer(s). If they haven't given the green light for IE7, Adobe Reader 9, Windows XP SP3, etc. they are asking for problems that I don't think many units are equipped to handle.

Mike
So we can better help you, please edit your Profile to include your general location.

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Wed Aug 20, 2008 2:22 pm

RussellHltn wrote:Is that based on knowledge of problems or is that just being cautious? As far as I have heard, there are no known problems, but you are being a beta tester if you install them.
Yes I did and started having minor problems. I did not record them nor do I remember exactly what they were. I do remember that IE7 kept returning the security setings back to a less secure configuration and the message bar at the top of the window kept asking if I wanted it to 'fix' the settings. I remembered reading a post that said not to install SP3 or IE7 and so I went through the trouble to uninstall them just to avoid some real issues I had not yet run into.

I've also installed Adobe Reader 9 and have had no problems - yet. I did have to unistall two tag-along installs. One was something to do with adobe.com. The other one I don't recall what it was. This is my policy - uninstall any additional entries found in Control Panel | Add or Remove Programs after determining they are not necessary for the install I did want. In this case both were not necessary and were only tag-along installs.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

eyoungberg-p40
New Member
Posts: 31
Joined: Thu Jan 31, 2008 3:45 pm

I vote yes, run the updates.

Postby eyoungberg-p40 » Wed Aug 20, 2008 4:07 pm

Our stake has been online for several months now. As a matter of routine I perform all updates. None of our workstations have exhibited any issues with any updates, IE7, or SP3.

I would recommend against connecting to the LAN/Internet unless you plan to have all of the udates performed, and Symantec AV installed. Case in point: previous to connecting to the LAN/Internet, more than one of our workstations had been infected by viruses or malicious software (floppy disks? USB drives?). Symantec had not caught them. But the instant the Windows updates had been put in, the Malicious Software detection update from Microsoft Update caught them. If we had not done the Windows/Microsoft updates, we could easily have infected every machine on the LAN.

I think you are simply asking for trouble connecting a Windows client to the Internet without all of the Windows updates.

russellhltn
Community Administrator
Posts: 20757
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Aug 20, 2008 4:31 pm

It's been a while, but I know of some machines that got infected via the phone call. This was back when the admin machines ran XP SP1. (Pre-Desktop 5.5). At some point the ACL on the ISP that MLS uses failed and machines got infected via the Internet.

I was lucky because I saw the early warning signs and installed SP2 which included a firewall before that was all approved.

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Wed Aug 20, 2008 8:48 pm

eyoungberg wrote:Our stake has been online for several months now. As a matter of routine I perform all updates. None of our workstations have exhibited any issues with any updates, IE7, or SP3.
How did you get all the updates? Was SP3 installed from a CD or from the Windows Update site?

In my previous post I mentioned that IE7 would give me information bar warnings on every new web page I opened that said the Internet security settings should be changed for better security. I tried countless times to change the settings. I even clicked on the option to allow IE7 to change them. The changed settings never took and always reverted back to the settings inherited from IE6 on each new web page I opened. How did you get IE7 to accept changes to the Internet Options | Security | Internet Zone settings? I assumed there was a registry setting that had to be changed. Since I figured any changes I made would be contrary to what the Church wanted the computer to have for security reasons, I gave up trying to make the changes stay where I wanted them.

Did you have any issues with security warnings from Symantec Client Security after installing SP3? Or did you have any Internet access issues or difficulties after the updates? I experienced all of these. But because these updates had not been tested and approved for install I assumed that these issues would not be solvable. I therefore did not investigate them but rather uninstalled SP3. I did however install some security updates that were a part of SP3 - just not all of the updates - after I uninstalled SP3.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

eyoungberg-p40
New Member
Posts: 31
Joined: Thu Jan 31, 2008 3:45 pm

Postby eyoungberg-p40 » Thu Aug 21, 2008 2:51 pm

jdlessley wrote:How did you get all the updates? Was SP3 installed from a CD or from the Windows Update site?


The Microsoft Update process, after the workstation is connected to the LAN/Internet. This is the upgrade to Windows Update, which extends the update process to all Microsoft products (MS Office, etc)

jdlessley wrote:In my previous post I mentioned that IE7 would give me information bar warnings on every new web page I opened that said the Internet security settings should be changed for better security. I tried countless times to change the settings. I even clicked on the option to allow IE7 to change them. The changed settings never took and always reverted back to the settings inherited from IE6 on each new web page I opened. How did you get IE7 to accept changes to the Internet Options | Security | Internet Zone settings? I assumed there was a registry setting that had to be changed. Since I figured any changes I made would be contrary to what the Church wanted the computer to have for security reasons, I gave up trying to make the changes stay where I wanted them.


The only time I've seen this issue is when I have a spyware problem. One of the things I also do is download and configure Windows Defender for a full scan. This stays resident on the workstation and is configured to update itself and scan during a planned, weekly overnight maintence process.

You might also download and run Spybot and Adaware, two excellent feebee spyware and adware killers which each find stuff the other, and Defender, do not. I run these once when I feel the need to look for spyware, but use Defender on a consistent basis.

jdlessley wrote: Did you have any issues with security warnings from Symantec Client Security after installing SP3? Or did you have any Internet access issues or difficulties after the updates? I experienced all of these. But because these updates had not been tested and approved for install I assumed that these issues would not be solvable. I therefore did not investigate them but rather uninstalled SP3. I did however install some security updates that were a part of SP3 - just not all of the updates - after I uninstalled SP3.


Nope - all of this smacks of spyware that is looking to protect itself, but is having a problem because it can't call home through the CHQ firewall. If the system is as "hosed:" as it sounds, I would be prepared to do a complete reinstall of the image - Windows, MLS, etc.

Also, if this is a Dell Dimension OptiPlex GX270, you may very well have a known hardware problem.

Good luck - please share with us what you find!

Eric

User avatar
mkmurray
Senior Member
Posts: 3241
Joined: Tue Jan 23, 2007 9:56 pm
Location: Utah
Contact:

Postby mkmurray » Thu Aug 21, 2008 3:08 pm

jdlessley wrote:How did you get all the updates? Was SP3 installed from a CD or from the Windows Update site?

In my previous post I mentioned that IE7 would give me information bar warnings on every new web page I opened that said the Internet security settings should be changed for better security. I tried countless times to change the settings. I even clicked on the option to allow IE7 to change them. The changed settings never took and always reverted back to the settings inherited from IE6 on each new web page I opened. How did you get IE7 to accept changes to the Internet Options | Security | Internet Zone settings? I assumed there was a registry setting that had to be changed. Since I figured any changes I made would be contrary to what the Church wanted the computer to have for security reasons, I gave up trying to make the changes stay where I wanted them.

Did you have any issues with security warnings from Symantec Client Security after installing SP3? Or did you have any Internet access issues or difficulties after the updates? I experienced all of these. But because these updates had not been tested and approved for install I assumed that these issues would not be solvable. I therefore did not investigate them but rather uninstalled SP3. I did however install some security updates that were a part of SP3 - just not all of the updates - after I uninstalled SP3.

I think I've seen or heard of this before, I'm not convinced it's spyware. I wonder if I can dig up anything on it...


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest