Security Best Practices Guide for Cisco Unified ICM/Contact Center Enterprise & Hosted Release 9.0
Microsoft Windows
Downloads: This chapterpdf (PDF - 401.0KB) The complete bookPDF (PDF - 3.48MB) | Feedback

Microsoft Windows

Microsoft Windows


Note


For the currently supported Windows operating system software, see the latest Hardware & System Software Specification (Bill of Materials) for Cisco Unified ICM/Contact Center Enterprise & Hosted, Release 9.0(1) available at: http://www.cisco.com/en/US/products/sw/custcosw/ps1001/products_user_guide_list.html.

Microsoft security updates

Automatically applying security and software update patches from third-party vendors is not without risk. Although the risk is generally small, subtle changes in functionality or additional layers of code may alter the overall performance of Cisco Contact Center products.

Cisco recommends that Contact Center customers assess all security patches released by Microsoft and install those deemed appropriate for their environments. Customers are specifically cautioned not to automatically enable Microsoft Windows Update. The update schedule can conflict with other Unified ICM/ Unified CCE activity. Customers should consider using Microsoft Software Update Service or similar patch management products to selectively apply Critical and Important security patches and follow the Microsoft guidelines regarding when and how they should apply these updates.


Note


Cisco recommends that Contact Center customers assess the security exposure of the critical security patches released by Microsoft for Windows, IIS and SQL and apply critical security patches as deemed necessary for their site.

Refer to Cisco Customer Contact Software Policy for Third-Party Software/Security Updates at http://www.cisco.com/en/US/products/sw/custcosw/ps1844/prod_bulletins_list.html.

Microsoft service pack policy

Do not automatically apply Microsoft Service Packs for the Operating system or SQL Server. Cisco qualifies service packs through extensive testing and defines compatible service packs in the Hardware & System Software Specification (Bill of Materials) document for each product.

The Microsoft Windows Automatic Update Client can be configured to poll a server that is running Microsoft Software Update Services (SUS) or Windows Server Update Services in place of the default Windows Update website to retrieve updates.

This is the recommended approach to be able to selectively approve updates and determine when they get deployed on production servers.

To use Automatic Updates with a server that is running Software Update Services, see the Software Update Services Deployment white paper. To view this white paper, see the following Microsoft website: http://www.microsoft.com/windowsserversystem/updateservices/techinfo/previous/susdeployment.mspx.

Configure server to use alternate Windows Update Server

To configure the server to use an alternate Windows Update server:

Procedure
    Step 1   Select Start > Run and type regedit in the dialog box.
    Warning   

    If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Cisco cannot guarantee that you can solve problems that result from using the Registry Editor incorrectly. Use the Registry Editor at your own risk and make backups as appropriate.

    Step 2   Click OK.
    Step 3   In regedit, locate and then click the following key in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU.
    Step 4   Edit (or add) the following setting:

    Value name: UseWUServer

    Registry Value Type: Reg_DWORD

    Value data: Set this value to 1 to configure Automatic Updates to use a server that is running Software Update Services instead of Windows Update.

    Step 5   To determine the server that is running SUS that your client computers and servers go to for their updates, add the following registry values to the registry:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\.

    Value name: WUServer

    Registry Value Type: Reg_SZ

    This value sets the SUS server by HTTP name (for example, http://IntranetSUS).

    Value name: WUStatusServer

    Registry Value Type: Reg_SZ

    This value sets the SUS statistics server by HTTP name.