Barney's Blog

Blog archive

Doug's Mailbag: Your Patch Ritual

Readers share their thoughts on applying Windows updates:

I test all patches. The testing is geared to getting a feel for what might break. Other patches we test for two weeks. The only 'updates' that do not get installed at release are application dumb stuff like IE upgrades.  In general, our view is that security patches are released for a reason.
-Anonymous

Here are my brief thoughts on Microsoft patching -- as a Microsoft partner and VAR -- for most of our customers (but not all) that do not have their own in-house IT staff. In 95 percent of circumstances we install and configure WSUS 3.0 to automatically download, approve and install the updates. We have been doing this strategy for about three years -- ever since WSUS 3.0 came out.

That means as long as a computer is on it gets updates. Here are the results:

  • Randomly some older Server 2003 servers hang at 'Windows is shutting down,' but not most
  • Only time we've been burned was an update that killed Exchange 2007 OWA on Server 2003 x64

Otherwise, I run on the assumption that the updates do more good than harm.
-Doug

Our practice is to apply all new patches to I/T workstations and a few non-production servers, and let them run for a day or two.

If no problems occur, we have a small set of 'regular users' that get all patches (one or two from each office) for a day or two.

If no problems there, then all patches are pushed out to remaining computers.

Probably takes a week to ten days to get everything patched -- 350 PCs and 40 servers.
-Jim

Share your thoughts with the editors of this newsletter! Write to [email protected]. Letters printed in this newsletter may be edited for length and clarity, and will be credited by first name only (we do NOT print last names or e-mail addresses).

Posted by Doug Barney on 08/31/2011 at 1:18 PM


Featured

comments powered by Disqus

Subscribe on YouTube

Upcoming Training Events