Lesson 2: Deploying Updates on New Clients
Security Considerations :
Computers are under attack from the moment they connect to the Internet. Worms and viruses are constantly active, probing every IP address for vulnerabilities. Microsoft Windows Server 2003 is much more resilient to attacks that might occur during the installation process than earlier versions of Windows because it adheres to the “secure by default” ideal. However, vulnerabilities have been discovered in unpatched computers running Windows Server 2003, and these vulnerabilities might be exploited during the setup process.
Although it is possible to update and secure a computer running Windows so that it can be connected directly to the Internet without becoming infected by a worm or a virus, a computer does not have the benefit of updates or security hardening during the installation process. If you attempt to install Windows on a computer while it is connected to the Internet, there is a high probability that it will be attacked, and possibly exploited.
Integrated Installation :
You can apply service packs, but not necessarily other types of updates, directly to Windows 2000, Windows XP, and Windows Server 2003 installation files. The process of integrating a service pack into the original setup files for an operating system is called slipstreaming. Slipstreaming creates an integrated installation—including the latest service pack—that can be used when installing the operating system on new computers. Using this process improves the security of new computers, and reduces the time required to apply updates after completing the initial installation. You can either perform the installation from a shared folder or create a CD with the integrated setup files.
Because the integrated installation replaces individual files, the space requirements for this installation type are almost identical to the space requirements for the base operating system. After you slipstream a service pack into the operating system setup files, you cannot remove the service pack.
Lesson Summary :
■ Computers should not be connected to the Internet or even to a private network with other hosts, until after the operating system and all updates have been installed.
■ Computers can be built while connected to the network if you create an isolated network segment with a minimal number of trusted computers that have been scanned for worms, viruses, and other malicious software.
■ You can reduce the time required to install new updates by slipstreaming a service pack into operating system installation files and configuring other updates to be automatically applied.