Hi, I am completely in a Server2008R2 environment. I have installed a WSUS server and after LAB testing it is the snapshot (repository from) to update Production. But what I have been asked is to proactively monitor Microsoft for Critical Security Updates. In order to maintain a repository that is LAB tested and yet also get updates to quickly recognize Critical Security notices, it seems I need 2 WSUS servers. One that is more static (tested) and one that updates everyday where I can "look" for Critical Security updates. Incorporating them is work but not the question here. Am I on the right track? (A SYS admin friend says yes... but I am looking for more opinions) BTW: I have to mention that RedHat send emails proactively about Critical Updates, and I do not see that Microsoft does this. Thank you so much for your comments.

It is a good practice to have your production applications and services in a lab environment for pre-production testing. If your production patching relies on WSUS, your pre-production patching should also utilize WSUS. The WSUS configurations should match (including how often they check for updates). Such a setup allows you to test the patches in a pre-production environment while also testing the distribution mechanism (WSUS). Regarding proactive emails and alerts, Microsoft offers exactly that. See the Microsoft Technical Security Notifications site: http://technet.microsoft.com/en-us/security/dd252948 Brian

Hello Brian... Thanks, Your first paragraph is a given and that is what I do. I thought that there was no email/rss service so I had to have a second WSUS repository to PULL everyday to see if there are any security alerts. (keeping the 1st WSUS untouched until the next update/test/deploy cycle) What you REALLY helped with here is the link to the Security Alerts (RSS or Email) information. I will be looking in to that. I hope this thread may help others. Everyone I spoke with said they didn't think Microsoft had a proactive alert service.