> JBrixey wrote:
> I had a series of Windows XP security updates that were approved for
> deployment to my update testing group. When I returned to work after the
> weekly maintenance cycle, I noticed that Windows Internet Explorer 7 had
> gotten approved for installation without getting an explicit approval.
> This caused the update to be deployed to over 600 computers.
Oooops.
> While not a terrible incident to occur, I would rather it not happen
> again.
Hmm.. considering that IE6 is now two revs old, and IE7 has been pretty
stable for a long time, I'm surprised you haven't already upgraded your XP
systems to IE7.
But then... I was surprised when there were still Windows 2000 Pro systems
running IE 5.x product in 2004. :-)
> Anyone have some idea of how/why an update might get an approval without
> being specifically approved?
It can't. Somebody *did* approve it, or else the update was not installed
via WSUS.
The approval history log can be found in %programfiles%\Update
Services\Logfiles\Change.log on the WSUS Server.
The specific vector of installation is logged in each client's
%windir%\WindowsUpdate.log
Review the logs for the forensics.
--
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
MS WSUS Website:
http://www.microsoft.com/wsus
My Websites:
http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile:
http://mvp.support.microsoft.com/pro...awrence.Garvin
Linear Mode
