1 Reply Latest reply on Dec 16, 2016 3:44 AM by phoffmann

    Patching Windows Embedded Operating Systems - Advisable or not?




      We are planning on deploying several Windows endpoints installed with Embedded OS (Disk Size is only 16Gb). Question, is it advisable to install LANDesk so that they also get patched during patch tuesdays? Or just leave them as is and just harden them?


        • 1. Re: Patching Windows Embedded Operating Systems - Advisable or not?
          phoffmann SupportEmployee

          That depends on your preference / your security assessment, and so on.


          Personally, I'd *ALWAYS* prefer to have the option to patch a machine if/as needed -- even if you end up not doing it for a long time.


          With a mere 16 GB of space, do be aware that the WinSXS directory will (eventually) bloat up quite a bit, so you may run into space issues there ... (something I suspect you're keenly aware of) - and we all know how much Windows loves running out of disk space .


          There's no right/wrong choice here - only a decision / taking of options ... but I've yet to see an allegedly hardened system that can't be hijacked a year after it's sealing - with the constant throng of vulnerabilities coming out. And that's - "just the OS". It gets MUCH, much worse if you have certain 3rd party stuff up there - (things like Java & Flash have been hemorrhaging security issues over the last decade) ...


          So ... up to you / your security team really.


          I don't think that in your situation there's a "good" call to make - there's only a "less bad one" to accept as a risk ... with 16 GB of total disk, you're not likely to be patching for the lifetime of the device I suspect.