|
Posted by rusga on December 6, 2007, 6:11 am
If you were Registered and logged in, you could reply and use other advanced thread options
Had to find time to read about what a WSUS server is ;-)
Is that the only way to do it? No registry hacks?
Seems a bit of an administrative overload and target prone for poisoning a
whole LAN.
Also, isn't that a way of bypassing MS's responsability on clean update
sources?
Thank you,
rusga
> If you run WSUS then you can use group policy to configure
> your machines' autoupdate client to use only your WSUS
> servers. If those servers are not configured to support SSL
> on tcp 443 then the update clients will be forced to use tcp
> 80 (in policy you would point them to http://yourWsus not
> to https://yourWsus)
>
> > Hi,
> >
> > Is there any way of setting the AU repository so it never uses https
(tcp
> > 443) and only uses http (tcp 80)?
> > Or, it uses only admin allowed update servers?
> >
> > This might be a bit strange, but on a highly security strict LAN with
> > content filtering proxy (as in this case), this imposes a security risk
> > since https doesn't permit content parsing. Meaning that tcp 443 rules
> > *must* be set at the routers/firewalls and so, default configured http
> > clients (browsers on out-of-the box installs for instance) end up
> > rendering
> > content that they weren't suposed to.
> >
> > Thank you,
> > rusga
> >
> >
>
>
| 
XML site map