N1K Posted January 4, 2008 Share Posted January 4, 2008 I have one server which is in DMZ. I'd like to patch it but since it's in DMZ he can't access the internet or WSUS server on our network.I've downloaded all updates that I need for it and now I'd like to know if can run automatic update somehow instead of running every update manually, one by one smile.gifThere's about 150 hotfixes to be installed and big part of them are already installed.. How can I install updates automatically from one folder, is that possible?Thx Link to comment Share on other sites More sharing options...
ebouza Posted January 12, 2008 Share Posted January 12, 2008 You can set a local policy object that points to your WSUS server. The only thing is it needs to beable to do is resolve the name (dns, wins, local hosts file) and connect onwhatever http port wsus is running on. Link to comment Share on other sites More sharing options...
eyeball Posted January 12, 2008 Share Posted January 12, 2008 No the problem is that DMZ to LAN traffic is obviously blocked so a policy would not work, however a very tight temporary firewall rule might do the trick.Or the safer option, can you physically unplug this server and connect it to the LAN temporarily? Link to comment Share on other sites More sharing options...
cluberti Posted January 12, 2008 Share Posted January 12, 2008 Well, configuring the firewall to allow port 80 traffic to/from the machine in the DMZ's IP address would do the trick. He may have to put the WSUS server's name in the HOSTS file if DNS lookups will fail from the DMZ, but otherwise you only need port 80 (or 443, if you configured WSUS to use SSL). Link to comment Share on other sites More sharing options...
legionaire Posted January 12, 2008 Share Posted January 12, 2008 How can I install updates automatically from one folder, is that possible?Just use a .cmd file with these commands:for %%i in (*.exe) do (start /wait %%i /q /n /zerase %%i)Place it in your updates folder and execute at will. It'll delete any update once it has been applied. Link to comment Share on other sites More sharing options...
N1K Posted January 12, 2008 Author Share Posted January 12, 2008 Thank you all for your replies. Since our network administrator can't open required ports for this issue (since we're working for a bank), I might try legionare suggestion. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now