Hi experts,
I had a problem that was driving me mad, I was getting the Generic Host Process for Win32 Services Error and I opened a call to report it, since I wasn't getting any help I decided to do it myself and started searching a solution that I found in the microsoft website.
The solution was to install the updates, so I decided to install all the updates available from microsoft.
After I did it my technology consultant warned me that it was not a wise move (well the server that was unusable is now working again), but I didn't get any explanation.
The server is acting solely as DC and has no applcations installed.
So what I am asking is "is there any reason whyyou shouldn't install windows updates?"
in particular if there are no application running on that server
Thanks and sorry for the lenghty post
Samasrl
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Years ago, I would have said to test every patch on a test machine first. Today, it has gotten much better and patching is almost a non-issue.
You should patch as soon as possible to prevent you server from being compromised.
Unless there are non-standard applications running on the server you're pretty safe.
I concur with Netman66... we *still* do a "test burn" of updates before we release them to the wild (via WSUS). However, in recent living memory, there has never been an issue with an update... and therefore we have always "approved" the updates after testing.
Which leads me to the same conclusion... yes you can test 'em first, but if the results are always positive, then why test at all? And more importantly, you might be better off patching immediately to protect yourself from a "zero-day" exploit
I'd disagree with graye about a couple of points. The first "in recent living memory, there has never been an issue with an update" isn't correct. See http://www.microsoft.com/t
Also the statement "you can test 'em first, but if the results are always positive, then why test at all?" isn't really a strong position to take. It's like arguing that you're not going to install security patches at all because you've never been hacked or that you're not going to drop your insurance because you've never had an accident. All it's going to require is for a single instance of a significant problem with a patch and you'll think more carefully about it next time.
I agree with the general sentiment though. Testing all patches isn't really viable any longer. It's theoretically what should be done but with the frequency of patches released, it's just not feasible. I guess it's debatable whether you intall them immediately or wait some period of time after they're released to install them but the answer to the original question posted here is yes, you should install all patches.
Business Accounts
Answer for Membership
by: jebeckhamPosted on 2006-09-21 at 13:41:02ID: 17572774
As a general rule of thumb, you should install all service packs and patches as they are released. Not only do they contain bug fixes, but they also contain security fixes.
What you should also be doing though, before installing updates on your production systems as soon as they are released, is to install and test the patches in a lab environment first. With diligent testing, chances are good that if a patch breaks something in the lab, it's going to break in production and will save you from a lot of grief.
Now it always isn't feasible, depending on hardware, software and staff budget, to perform such testing on all patches that MS releases. You could setup a lab using virtual technology that saves money on hardware and software, but you still have to staff it. If you don't have the staff for a lab either, you're back left with installing directly on your production systems.
In the event that you do have to continue this practice, consider:
Don't install patches immediately. Install them on a regular cycle such as once every 2 weeks or 1 month.
When you DO install patches, make sure that you have a backup of your system first so you can roll-back if necessary.