Windows Server 2000/2003 Thread, Windows Updates Policy in Technical; Something I've not really seeen talked about on these forums, which is surprising... What policy do you use for applying ...
19th December 2010, 02:19 PM #1
- Rep Power
Windows Updates Policy
Something I've not really seeen talked about on these forums, which is surprising... What policy do you use for applying MS updates to servers and desktops?
Do you auto download and install all critical and security updates to servers? Sounds like a reasonable compromise. But what about the other updates, how do you decide which to apply and when? And how do you deal with updates that have an unwanted affect?
What policy do you have for desktops?
My main concerns are to make sure security and critical updates don't get missed, but I am unsure of what is best practice on this and the other updates.
We use WSUS on Windows 2008 Standard to push out updates.
19th December 2010, 03:12 PM #2
Critical updates are automatically approved by our WSUS server, and rolled out automatically, forced to install on a Thursday. To avoid them hogging all our network bandwidth, The bandwidth settings in the updates section of group policy are set very low, so the updates trickle feed to our machines as they are downloaded by WSUS.
Other updates are installed when we update our build images, unless there's a specific one we require to be installed in which case we'll manually approve it on WSUS.
19th December 2010, 05:25 PM #3
WSUS box is set to download everything and bar updates for already approved ones and Forefront Client Security Upgrade (IE Anti-virus definitions and Anti-Virus software update) it waits for approval of them all. We tend to do this a week after patch Tuesday to give time for me to read Edugeek or pickup on issues off the web related to them.
Servers are not set via WSUS (never got around to it) and they are set to notify me what they want and are all manual, and I tend to do them once a month in an evening when I remember.
20th December 2010, 01:31 PM #4
Bandwidth costs would kill us if we let it download automaticly so we just go into the "needed updates" section of the WSUS server and download the required updates which are then pushed out and installed automaticlly.
20th December 2010, 01:36 PM #5
Servers are done manually, nothing is installed automatically. I would rather watch them install and make sure noting goes wrong.
WSUS id setup for all clients. We issue updates as they come after testing.
21st December 2010, 04:30 PM #6
- Rep Power
So does the WSUS work pretty well?
22nd December 2010, 09:33 AM #7
Does with all our computers.
Originally Posted by siadam
By neilmc in forum Windows
Last Post: 3rd June 2010, 11:08 AM
By Jon88 in forum Windows 7
Last Post: 5th February 2010, 10:57 AM
By chrbb in forum Windows
Last Post: 22nd April 2009, 09:33 PM
By nawbus in forum Windows
Last Post: 8th November 2005, 01:31 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)