Barney's Blog

Blog archive

Doug's Mailbag: Your Patch Ritual

Readers share their thoughts on applying Windows updates:

I test all patches. The testing is geared to getting a feel for what might break. Other patches we test for two weeks. The only 'updates' that do not get installed at release are application dumb stuff like IE upgrades.  In general, our view is that security patches are released for a reason.
-Anonymous

Here are my brief thoughts on Microsoft patching -- as a Microsoft partner and VAR -- for most of our customers (but not all) that do not have their own in-house IT staff. In 95 percent of circumstances we install and configure WSUS 3.0 to automatically download, approve and install the updates. We have been doing this strategy for about three years -- ever since WSUS 3.0 came out.

That means as long as a computer is on it gets updates. Here are the results:

  • Randomly some older Server 2003 servers hang at 'Windows is shutting down,' but not most
  • Only time we've been burned was an update that killed Exchange 2007 OWA on Server 2003 x64

Otherwise, I run on the assumption that the updates do more good than harm.
-Doug

Our practice is to apply all new patches to I/T workstations and a few non-production servers, and let them run for a day or two.

If no problems occur, we have a small set of 'regular users' that get all patches (one or two from each office) for a day or two.

If no problems there, then all patches are pushed out to remaining computers.

Probably takes a week to ten days to get everything patched -- 350 PCs and 40 servers.
-Jim

Share your thoughts with the editors of this newsletter! Write to dbarney@redmondmag.com. Letters printed in this newsletter may be edited for length and clarity, and will be credited by first name only (we do NOT print last names or e-mail addresses).

Posted by Doug Barney on 08/31/2011 at 1:18 PM


Featured

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

  • First Stable Chromium-Based Microsoft Edge Browser Released

    Microsoft on Wednesday announced the first release of its Chromium-based Microsoft Edge browser at the "stable" commercial-release stage.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.