What is the most common practice (in companies) for applying critical windows updates?
For the most part, does everyone just apply them as soon as they are released? Or is there testing done first to ensure the critical updates do not cause any issues with the servers?
August 17th, 2011 10:16am

The recommended approach is to first test the updates, then release them to the rest of the computers. Generally, you'll have two slightly different procedures with regard to workstations and servers. So, I would take a random sampling of about 10% of all the computer in the network and consider them your "test/control" systems. When patches are released on MS Tuesday, you will want to review the information in the bulletins, and then apply the patches to this test group. Allow the users to work on these systems as they normally would. Have them report any issues in "X" amount of time. I would say that a few days should be enough. Then, if no issues are reported, release the patches to the rest of the systems. Make sure that you have a process defined for handling possible issues or concerns with deployed patches. Generally, most patches apply just fine. Follow this cycle month after month. Make sure that you are working with your application vendors to ensure that they conform to this practice. Many app vendors like to tell their customers that certain patches are not supported or that you have to follow their process. That may or may not be acceptable to your organization. To deploy patches, you would use WSUS, or Microsoft's System Center Configuration Manager (SCCM). WSUS is free, SCCM is not. However, you get what you pay for. There are other 3rd party tools readily avaiable for deploying patches. Visit anITKB.com, an IT Knowledge Base. Follow me on Facebook.
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2011 10:31am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics