C. Run QChain to install the hotfixes.
D. Installed each hotfix individually and then performed one reboot of your server.
Answers to Review Questions
1. B. During the installation of a service pack, you can choose to archive the files that will be over- written. When you do this, the old files are placed in a special folder and kept there in the event that you want to uninstall the service pack. During the uninstallation process, the current files are replaced with the old, saved files and then deleted.
2. B. Although the HFNetChk tool will give you a list of all the updates and hotfixes that have not been installed on your servers and workstations, only the MBSA tool will give you a complete report that includes IIS and SQL server platforms as well as other items such as weak passwords and platform-specific vulnerabilities. To get the most complete report, you need to run MBSA. Update.exe is the command used to install a service pack, and hotfix.exe is the command used to install a hotfix.
3. D. You cannot install the MBSA tool using the Terminal Services client.
4. B, C. When running the MBSA tool, you can group your target computers based on either domain name or IP address range. Because all four octets of the IP address range are available for configuration, it would not be fair to say that you can specify only an IP subnet. You need to specify the exact starting and ending IP addresses, even if this means specifying the starting and ending address for a given subnet.
5. B. HFNetChk is a great tool for pinpointing which updates need to be applied to the scanned computers. If you don’t need the additional scanning options that MBSA offers, use the HFNetChk tool.
6. D. The -s switch is the integrated mode switch. You can also think of this as the slipstream switch. When you specify a folder path and name after the -s switch, the service pack files are expanded and then copied over the current installation files. Then, when the installation is run from these files, the service pack will be installed along with the rest of the operating system.
7. A. Only answer A meets every need of the scenario described in this question. Answer D would be correct if the scenario described did not require the updated files to be installed at the time of initial installation. The batch file also doesn’t meet the requirements of the scenario because this is a series of individual installations.
8. C, D, E, F. By installing a Parent server, you can accomplish two goals at the same time. First, you can further protect the isolated network by placing a firewall between the Parent and Child servers and ensure that the Child server is never connected to the Internet. Second, you can use the Parent server and another workstation as a test bed to test the updates before they are syn- chronized to the internal Child server. Also, this architecture keeps the SUS server on the isolated network from ever having any direct Internet connectivity.
9. B, E. When Service Pack 3 is installed on a Windows 2000–based computer, the Software Update Services client is installed as well. Although you can use SMS to perform the same func- tion, pushing out a software update and assigning it to the workstation or server at the next reboot is the easiest way to get this software out to all your computers in a consistent and uni- form manner.
Answers to Review Questions 129
10. B, C, D. The Critical Notification Service is the old iteration of the current Software Update Services. The Windows Update service is the client-side service that works with the Windows Update service from Microsoft’s website. The Windows Update service on the client is installed with the operating system and exists whether the Software Update Services client is installed or not.
11. D. You cannot install the Software Update Services on a domain controller or a Small Business server. In addition, the server must have at least a PIII/700 processor, 512MB RAM, and 6GB of disk space. You must also be running Windows 2000 Server with Service Pack 2 or later (which includes Windows Server 2003) and be using the NTFS file system. Only answer D meets some of the criteria for server requirements for Software Update Services.
12. A, C, E. Answer B is incorrect because the Notify option means that someone must log on as an administrator and approve the installation. Answer D is incorrect because a policy applied only to the domain controllers OU would be applied only to the domain controllers and not to the computer accounts that exist in other OUs. A policy applied to the domain object will be inher- ited by all your computers in all OUs. The correct answers outline the basic steps that you need to take to make sure that the software updates are pulled from your local SUS server and not from the Windows Update server on the Internet.
13. B, C. In order to log only SUS traffic on the SUS server, you’ll need to turn off IIS logging of that website and then enable logging on the wutrack.bin file.
14. D. When Automatic Updates are configured through Group Policies, the policy will override the preferences set by the local administrator. However, if the policy is removed, the old settings will take effect and be used once again.
15. A, B. For Windows NT 4 workstations, you can use the CUN to set Registry entries on each workstation that will tell the workstation to pull its updates from your internal SUS server. For the Windows 2000 workstations in the East OU, a Group Policy that assigns the package to the computer is the easiest way to install the client.
16. A, D, E. The three main parts to back up on an SUS server are the websites, the metabase, and the update content. Obviously, you’ll need to restore this information to fully restore an SUS server. 17. B. When working with legacy clients, it is best to use SMS to push out update installations and
assign the installation to run at a specific time. Because many people leave their computers turned on most of the time, you can select to have the software installed at logon.
18. B. QChain is designed to run after a series of hotfixes has been installed. Only answer B fits the purpose for running QChain.
19. C. What you are doing in answer C is updating the source installation files with the latest service pack and hotfixes. Because you can’t use imaging here, the fastest way to get all these updates installed on new workstations is to use a combination of slipstreaming and hotfix expansion into the source files.
20. C. QChain is designed to eliminate version conflicts between system files that have been updated by different hotfixes. RIS installs an entirely new operating system, and the wutrack.bin file is designed to help track calls between SUS servers and SUS clients.