HP Windows Update Perspective
HP officially discourages customers from using Windows Update because of the known limitations with the Microsoft implementation.
The client pull servicing schema that Windows Update offers is not consistent with the way thin clients are typically serviced industry wide. A server push schema is the more deterministic and successful way to manage thin clients in the enterprise environment.
For all the virtues of the client pull servicing scenario, risks are still involved with user managed devices. Best examples are:
•Users can opt to not install QFEs for vulnerabilities, if they don’t want to (disable WU or change settings to ignore availability notices).
•Microsoft does not guarantee that QFEs and updates will not harm or conflict with your system or configuration.
•Administrator rights and privileges are required.
•The device is end
•More than one reboot may be required to complete full installation of QFEs on WES 7.
•Modifications of system environment variables may be required to install QFEs and the restore system to prior state.
•The Windows Update agent will be disabled via system policies by default in the HP WES 7 image.
HP recommends that HP customers use the Microsoft Base Line Security Analyzers to identify needed QFEs, and then utilize a server push model to deliver QFEs and updates to deployed units. Preferably, all QFEs and updates would be pretested and qualified against a Golden Master image before being mass deployed. HP strongly recommends this model to prevent QFEs and updates from corrupting or adversely modifying deployed images.
See Microsoft Baseline Security Analyzer 2.2 for more information.
19