But the problem is when downloading from windowsupdate.microsoft.com, you can not just down load and then install later. It is done at the same time. What you can do, but is much more work, is run windows update, make a list of all Q articles and patches listed, then go to Microsoft Downloads and download them one by one. The new corporate edition of Microsoft update, awaiting release of SP3, will solve that as you will be able to download the patches, then approve them and then install. BTW, I have been talking to a member of the Microsoft Southern California Consulting team about the issue with unsigned updates. Basically, the patch/package itself is signed by Microsoft, but elements within that package are not necessarily signed. John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -----Original Message----- From: Alfonso Lopez de Ayala [mailto:alopezdeayala@xxxxxxxxxxxx] Sent: Thursday, May 23, 2002 8:04 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Critical Updates and hot-fixes http://www.ISAserver.org I know this doesn't solve your problem... but just to relate my experience: I recently had finished configuring a box with W2k AD DC, Exchange and ISA in it (including the stringent HISECDC.inf high security settings)... last thing I did was connect the server to the Internet (with a static public routable IP address) and run Windows Update... well, it did its thing, downloading and installing patches and hotfixes and among other things it asked a couple of times for that familiar "Digital signature not found, do you want to install?", to which I just clicked ok... after Windows Update finished I reboot the computer (and disconnect it from the Internet)... it starts up fine... then I start noticing odd errors... I explore around and see that the GUEST account had been enabled and made a member of the ADMINISTRATORS group!!! ...explore around some more and notice lots of group policy and registry settings relating to rights and permissions totally changed... my computer had been hacked and taken control of!!! ...only way this could have happened is thru some program that came from the net and I let run in my server... I decided to wipe out the whole server and reinstall everything from scratch after a disk scrub and reformat... lesson learned: NEVER DO ANYTHING ON THE WEB WHEN LOGGED IN AS ADMINISTRATOR... DOWNLOAD (in another machine) ANY UPDATES AND FIXES AND SERVICE PACKS FROM MICROSOFT AND THEN, OFFLINE, RUN THOSE SPECIFIC FILES TO INSTALL THEN IN THE SERVER... -----Original Message----- From: Chhatwal, Raminder S. [mailto:Raminder.Chhatwal@xxxxxxxxxxx] Sent: Thursday, May 23, 2002 7:30 AM To: [ISAserver.org Discussion List] Subject: [isalist] Critical Updates and hot-fixes http://www.ISAserver.org I just used Windows Update to put on the latest Critical Updates and hot-fixes on the server. Soon after that event log is filled with errors about the ISA Server Control Service failing to start. I tried to start the service manually and it says invalid handle. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: alopezdeayala@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')