Steve, I haven't loaded WSUS yet, but in SUS you could have it force boot the workstations after installation. You could also tell it what time to install the updates. So, if you set the installs to happen automatically at 7:00pm with a forced reboot, no need to run your script. I would hope that WSUS has the same features. Amy Harbor Computer Services Small Business Computer Specialists -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Friday, September 16, 2005 9:31 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org Well.......I don't know about that I use a wmi shutdown / reboot script at a few of my clients as I do most of my work remotely. It's very handy to be able to reboot 30 workstations from a central point after I have approved the monthly WSUS updates and the pc's need restarted, You can't always rely on the clients to do this. Some of my clients would just leave their pc's logged on for months if they could get away with it. S -----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Friday, September 16, 2005 10:19 AM To: ISA Mailing List Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org Maybe that's where it came originally to me then too. I don't know. All I got was a please include this in the ISA chapter in the SBS Unleashed book from the editor. Apparently someone somewhere had CSS tell them to uncheck it to enable remote boot of workstations. I didn't want to include it, so what I really wanted you to tell me was don't do it. So, OK it's not dangerous but seeing how changing system policy doesn't effect how ISA functions I don't think it belongs in my chapter anyway. That's going to be my push back. Amy Harbor Computer Services Small Business Computer Specialists Client Blog: http://smalltechnotes.blogspot.com/ Tech Blog: http://isainsbs.blogspot.com/ Website: http://www.harborcomputerservices.net/ -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, September 15, 2005 9:52 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org I got a mail fwd from Marie via Steve Maddox asking about this very thing. too coincidental for my taste.. :-) -----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Thursday, September 15, 2005 4:25 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org No not me. I just questions when I don't get it. Who needs to remotely shutdown workstations anyway? Marie doesn't trust you? Amy -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, September 14, 2005 11:38 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org You talked to Marie, didn't you? <snif> - you don't trust me any more... -----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, September 14, 2005 6:42 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org The kb talks about configuring the RPC filter for a particular rule. What if I uncheck it in system policy configuration, under Authentication, Active Directory. Will this disable it for all rules since System Policy is higher up than Firewall Policy? Obviously I'm not getting how changing this setting in System Policy effects my RPC settings in firewall policy rules where I can still, say in the Internet access rule, have enforce strict RPC compliance checked even though in system policy it's unchecked. What's the interaction? Or is there any? Amy Harbor Computer Services Small Business Computer Specialists Client Blog: http://smalltechnotes.blogspot.com/ Tech Blog: http://isainsbs.blogspot.com/ Website: http://www.harborcomputerservices.net/ -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, September 14, 2005 8:07 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org http://support.microsoft.com/default.aspx?scid=kb;en-us;833704 talks about it a little. So long as you're not server publishing RPC (Exch MAPI), you haven't exposed your workstations to anything except the ISA itself. -----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, September 14, 2005 2:28 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org Restart a PC from the server. With Enforce Strict RPC Compliance checked in system policy you cannot remotely reboot a PC. If you uncheck it you can. PSS recommended unchecking it but I'm wondering what the security consequences are beyond you can now remotely reboot a PC. Amy ________________________________ From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Wednesday, September 14, 2005 5:26 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org I'm not understanding....you need to restart a pc, or you need to restart the sbs server. Or you need to restart a pc from the SBS server? S ________________________________ From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, September 14, 2005 6:08 PM To: ISA Mailing List Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org Yes, but if I uncheck that box, then I can bring down RPC. ________________________________ From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] Sent: Wednesday, September 14, 2005 4:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org I don't think so, because the workstation booted because you could bring down RPC, right? Since that's corrected there's no need to worry. Tiago de Aviz SoftSell - Curitiba (41) 3340-2363 www.softsell.com.br Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável pelo conteúdo ou a veracidade desta informação. >>> amy@xxxxxxxxxxxxxxxxxxxxxxxxxx 14/9/2005 17:41 >>> http://www.ISAserver.org In system policy if I uncheck Enforce strict RPC compliance, I'm told that you can now remotely shut down workstations. What else have I opened my workstations up to? Blaster? Amy Harbor Computer Services Small Business Computer Specialists Client Blog: http://smalltechnotes.blogspot.com/ Tech Blog: http://isainsbs.blogspot.com/ Website: http://www.harborcomputerservices.net/ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp <http://www.isaserver.org/pages/newsletterasp> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tiago@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ________________________________ The correct technical term for haggis stalking is "havering". <http://haggishunt.scotsman.com/haggisclopedia.cfm?part=5> ________________________________ All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx The correct technical term for haggis stalking is "havering". ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx