Re: [squid-users] Redirecting Windows Update

From: Peter Lustig <peter_lustig@dont-contact.us>
Date: Sun, 22 Feb 2004 00:26:37 +0100

You are quite Off-Topic :-)

I would recommend to use tell the clients to use your SUS server by a
Domain-Policy (i guess you have a domain when you speak of 3000+
clients). This what MS recommends in their guide and it just works
without ugly hacks.

Greetings

Mark A. Lewis wrote:
> You are both right.
>
> Yes, if you attempt to impersonate the Windows update site it will not
> work.
>
> Yes, you can redirect a request for windowsupdate.microsoft.com to
> sus.mydomain.com and let them use that for updates, so long as you don't
> try to impersonate the Windows Update site.
>
> My suggestion would be to use SquidGuard to redirect these users to a
> page explaining that they should use the SUS site instead. This will
> work just fine.
>
> -----Original Message-----
> From: Serassio Guido [mailto:guido.serassio@acmeconsulting.it]
> Sent: Saturday, February 21, 2004 2:14 PM
> To: Scott Phalen; squid-users@squid-cache.org
> Subject: RE: [squid-users] Redirecting Windows Update
>
> Hi,
>
> At 20.08 21/02/2004, Scott Phalen wrote:
>
>
>>My original question is dealing with SQUID. All I am asking here is
>>can a URL be redirected?
>>I have been running MSUS for almost a year now. I TOO KNOW HOW IT
>
> WORKS!
>
>>75% of my clients are configured to get updates from my two servers.
>>The other 25% go directly to Microsoft.
>>Security Features in the Software Update Services solution
>> Software Update Services. A server running SUS can download packages
>
>>from either the public Microsoft Windows Update servers or from another
>
>
>>server running SUS. During any of these downloads, there is no
>>server-to-server authentication carried out. All content downloaded by
>>SUS is signed by Microsoft. SUS does not trust any content that is not
>>signed or is incorrectly signed. Since SUS 1.0 Service Pack 1 supports
>>only Windows critical updates and security rollups, all content is
>>checked to see that it has a been correctly signed by Microsoft.
>> Automatic Updates client. The Automatic Updates client can download
>>packages from either the public Windows Update site or from a server
>>running SUS. Before installing any packages that have been downloaded,
>>SUS checks to confirm that the package has been signed by Microsoft. If
>
>
>>the package is not correctly signed, it will not be installed.
>
>
> Ok, You say that You know all, so You don't need any recommendations
> from me ... :-)
>
> So, please try an let to know to the list if You are right.
>
> Regards
>
> Guido
>
>
>
> -
> ========================================================
> Guido Serassio
> Acme Consulting S.r.l.
> Via Gorizia, 69 10136 - Torino - ITALY
> Tel. : +39.011.3249426 Fax. : +39.011.3293665
> Email: guido.serassio@acmeconsulting.it
> WWW: http://www.acmeconsulting.it/
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.
>
>
>
>
Received on Sat Feb 21 2004 - 16:26:52 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:02 MST