Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 150
  • Last Modified:

Windows security patches standard procedure?

Hi Guys,
I would like to know best practice of installing windows updates on production SQL/Web servers. We have Windows 2000 Advanced servers installed on 10 servers. Should auto download from WSUS and auto install be set and reboot the machine in maintenance window or auto download and manual install in maint window? What is the best practice before installing these updates meaning are these updates supposed to be tested before applying to production?
Please provide some details. Thanks
0
Rainbow002
Asked:
Rainbow002
  • 2
2 Solutions
 
Vitor MontalvãoMSSQL Senior EngineerCommented:
If you tested them before applying to production environment, then you should apply it at the best time you can find without interfering with normal work day. And check if no jobs are running too.
I usually use SMS to apply security patches during the night, but if you don't have SMS then you must install it manually.

Good luck
0
 
chuck-williamsCommented:
If you tested the patches then you can set WSUS and group policy to install and reboot the servers. I currently use that in a production environment and use two policies to update and reboot two sets of servers (using different update groups)  at different times. I have not had any problems with that as of yet since I test my patches ahead too.
0
 
Rainbow002Author Commented:
Since, there won't be any service pack or major enhancement coming from MS, is it still a best practice to test?
0
 
chuck-williamsCommented:
I usually only test service packs and major upgrades (like IE7). I dont test every single patch and usually wait until about a week after they come out to approve them. Usually by that time if there is a bug in the patch microsoft has replaced it. When it comes to service packs becuase of our large environment it may take us up to 6 months before we deploy those due to many different departments with different applications.

I DO NOT recomment automatically approving patches through WSUS. I approve all of the manually. Takes 5 minutes out of your week. If you stay on top of them by approving at least once a week you should be able to stay up to date before any vulnerabilty is exploited.

Hope that helps.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now