About 5 minutes ago, DisplayLink announced the availability of an LGPL Library for Linux. Check out the Press Release for more info. Exciting times ahead! 🙂
The cat’s out of the bag 🙂 If you’re geeky enough to read release notes, you may have spotted this in our 4.6 release notes:
Support for corporate deployment of DisplayLink software
It is now possible to obtain a DisplayLink software installation solution that supports automated and remote installation scenarios. This kind of installation requires specific installation steps, detailed in the User Guide that is part of the Corporate Installer.
Yup, it’s true: we’re releasing an MSI installer very soon.
I’m excited about this news on two fronts. Firstly, this is the first time that I’ve contributed directly to a software release; I wrote the Deployment User Guide, gave advice on what IT Administrators want from a corporate installer, and helped steer testing scenarios. Secondly, this feature will allow IT Administrators to deploy DisplayLink’s software onto thousands of PCs simply and easily, further strengthening our ease-of-use message. And I don’t need to tell you how awesome GPSI+MSI is for us IT admins! 🙂
The “Corporate Install” package is different to the standard software release and will require you to register with DisplayLink in order to obtain the MSI files and sign the EULA. Once obtained, you can then deploy DisplayLink software to all the computers in your network via Group Policy Software Installation. Of course, you can perform silent/unattended installs manually via msiexec if you wish as well.
It’s worth mentioning again that the MSI installer has not been released yet, but it is coming.
Stay tuned for more info! 🙂
PC Magazine just awarded DisplayLink a Technical Excellence Award for our DL-160 chip 🙂
There are several technologies available today that can send a video signal through a computer’s USB port to a monitor or projector, but DisplayLink is by far the most impressive. The combination of software (to redirect video through the USB port), and hardware (in the form of a chip in the display device or external video adapter) lets you connect, and expand your desktop to cover, up to six monitors by way of a single USB port on your PC. With the DL-160 chip, DisplayLink adds support for monitors with up to 1,600-by-1,200 resolution, and it works with Windows XP, Vista, Vista 64-bit, and Vista Aero. There’s even a beta version of the software for Mac OS X.
Yesterday evening, at 6pm BST, Microsoft released an ‘Emergency’ Security Update MS08-67, for Windows-based Operating Systems. The update plugs a hole in Windows that could allow a Virus/Worm to automatically infect a Windows PC without any user intervention.
I thought I’d document what actions I took, in case it helps out anyone in the future. I’d also be interested to hear how you handled the situation, particularly if you did something I missed, or if you think I could have done things better!
Although I remember the impact of Sasser and MyDoom, I’ve never been in the trenches when such a critical update has been launched for Windows.
No-one likes working late at night, but I didn’t fancy the chances that a 0-day exploit may be released and in the wild before we can patch our mission critical servers; so as soon as I found out, I started working on a plan.
The plan was relatively simple: Get the update to as many PCs as possible, as soon as possible; with an emphasis on any Servers that provide business-critical services.
Simple enough, but what next?
About a month back we setup an internal WSUS server to centralise Windows Updates – quite handy for this type of scenario! The main thing here is to ensure that WSUS has the updates downloaded and approved, ready for deployment. Fortunately it had, as it performs a sync every evening, and automatically approves Critical Updates.
To ensure PCs get the update as fast as possible, we needed to open up GPMC and re-configure all existing Group Policy Objects (GPOs) that address Windows Update configuration.
The Windows Updates settings are under Computer Configuration > Administrative Templates > Windows Components > Windows Update.
Note that, if you don’t have WSUS, you can still make the changes outlined below in order to minimise Time-to-Patch. If you haven’t set “Specify intranet Microsoft update service location”, PCs will automatically ask Microsoft’s update servers on the internet.
What we’re looking to do is:
– Set all PCs to download and schedule updates. This is abnormal for us as we allow our Engineers to dictate when to install updates as it can interfere with Software development and testing.
– Make sure each PC checks for updates with our WSUS server every hour, as opposed to every 22 hours.
– Set PCs to install the updates at 11am. This gives time for people to turn on their PCs, for the PCs to update their Group Policy settings and pick up the new settings, and then to check in with the WSUS server for the new update.
– If the PC missed the 11am deadline (e.g. it wasn’t on) it’ll check whether or not it has updates, and then install the updates after 30 minutes.
A notification email was crafted to all employees, informing them of the severity of the update, what was being done, and what actions they should take. I’ll include a copy of the email I sent out at the end of the post
Protecting the business
Last night, we couldn’t wait for WSUS to “offer” the update to our servers so I grabbed the Update and manually installed it on each business-critical server, rebooting them promptly.
That was last night out of the way. This morning and this afternoon I’ve been checking WSUS’s reports to see which PCs have the update installed. As of 1pm, at least 90% of PCs had installed and rebooted. I’ll be chasing the rest later 😉
As promised, here’s the Email notification sent out to employees:
Microsoft has just released a very serious critical security update for Windows operating systems.
To see how this affects you, please see below.
Tomorrow we will be rolling out an essential security update to all Domain-connected Windows PCs. This update is mandatory. If you press Control+Alt+Delete to log in, you are on the domain. If you do not press Ctrl+Alt+Del to log in you should follow the advice for Non-Cambridge employees below.
Although we will be trying our best to force this update out. It’s advisable that if you see the “Yellow shield” in your Task Bar, you should click it and install all updates reboot as soon as possible.
Not doing so poses a serious risk to DisplayLink’s networks.
Servers in the UK will have the update installed and be rebooted as soon as possible to ensure we’re protected.
Further information on this Critical update can be found on Microsoft’s KB article.
Thanks go to Dave Hill for spotting this one on The Register!
How did you handle it?
As I said earlier, I’d also be interested to hear how you handled the situation, particularly if you did something I missed, or if you think I could have done things better! Let me know in the comments 🙂