How to bypass blocked ports

Charles Newman schrieb:

User must not install software or updates.

Wolfgang

"Charles Newman" wrote in news: snipped-for-privacy@comcast.com:

The point here is that any good network admin wouldn't allow it to happen. The second point is the FW and Security NG and no one (that's not you) with any kind of a brain would give up that information in the NG or even try to help. It's flat out a no no. That's the first thing I learned after being here a couple of months.

Duane :)

Duane :)

I just want to make a correction. It does look like I am point at you and saying you have no brains. If it looks that way, I apologize.

Duane :)

It would not have worked for two reasons - we strip attachments that can be executed or that can't be scanned, and a firewall allow list that permits the MS Updates sites would not allow the users to update to a fake site that contained malicious updates.

I hate to jump in here, but with more than 1000 systems around the country, all running Automatic Updates (2000 or XP) we've not encountered a single problem with the workstations allowing them.

With servers we download but manually install them after testing.

• Charles Newman :

Gawd no, who knows what thier "updates" will screw up on our systems.

Jason

*always* remember that when you want to bypass a firewall or security policy to post the question in a group whose members are responsible for firewalls and security policies. They just *love* to help users who want to unethically violate security and screw up some other admins network. If you have ever wondered why admins often treat users like the enemy within, grab a mirror. E.

Install a local SUS and point the Windows Update clients to that server. Cleanest and fastest way to handle patches.

Juergen Nieveler

Actually, Microsoft makes available a fully supported server application called Software Update Services that allows corporations to make a "mirror" image of the Windows Update site for internal use. Combine this product with the Automatic Updates client (found by default in Windows 2000 SP3 and Windows XP) and Group Policy from Active Directory, and you have a fully automated way to download, approve, and distribute patches to clients, all WITHOUT a single client ever having to go to the Windows Update site. This particular solution saves end users' time (users don't have to waste time downloading patches when they could be working), bandwidth (updates are downloaded only once across your Internet connection and then sent out across your LAN), and administrators' time (patches are approved once for all users after sufficient testing and all clients receive them automatically).

HTH.

Your thinking like a simple user, not an admin.

For starters, you don't seem to know about the Windows Update Catalog. It allows you to download updates outside of the mechanism of the Windows Update service.

If fw allows ssh, you could create a tunnel using it and redirect all the traffic through this tunnel.