Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Windows security patches standard procedure?

Posted on 2007-11-30
4
Medium Priority
?
147 Views
Last Modified: 2010-04-13
Hi Guys,
I would like to know best practice of installing windows updates on production SQL/Web servers. We have Windows 2000 Advanced servers installed on 10 servers. Should auto download from WSUS and auto install be set and reboot the machine in maintenance window or auto download and manual install in maint window? What is the best practice before installing these updates meaning are these updates supposed to be tested before applying to production?
Please provide some details. Thanks
0
Comment
Question by:Rainbow002
  • 2
4 Comments
 
LVL 52

Accepted Solution

by:
Vitor Montalvão earned 1000 total points
ID: 20382909
If you tested them before applying to production environment, then you should apply it at the best time you can find without interfering with normal work day. And check if no jobs are running too.
I usually use SMS to apply security patches during the night, but if you don't have SMS then you must install it manually.

Good luck
0
 
LVL 6

Assisted Solution

by:chuck-williams
chuck-williams earned 1000 total points
ID: 20382951
If you tested the patches then you can set WSUS and group policy to install and reboot the servers. I currently use that in a production environment and use two policies to update and reboot two sets of servers (using different update groups)  at different times. I have not had any problems with that as of yet since I test my patches ahead too.
0
 

Author Comment

by:Rainbow002
ID: 20382983
Since, there won't be any service pack or major enhancement coming from MS, is it still a best practice to test?
0
 
LVL 6

Expert Comment

by:chuck-williams
ID: 20383076
I usually only test service packs and major upgrades (like IE7). I dont test every single patch and usually wait until about a week after they come out to approve them. Usually by that time if there is a bug in the patch microsoft has replaced it. When it comes to service packs becuase of our large environment it may take us up to 6 months before we deploy those due to many different departments with different applications.

I DO NOT recomment automatically approving patches through WSUS. I approve all of the manually. Takes 5 minutes out of your week. If you stay on top of them by approving at least once a week you should be able to stay up to date before any vulnerabilty is exploited.

Hope that helps.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is possible to export the data of a SQL Table in SSMS and generate INSERT statements. It's neatly tucked away in the generate scripts option of a database.
An alternative to the "For XML" way of pivoting and concatenating result sets into strings, and an easy introduction to "common table expressions" (CTEs). Being someone who is always looking for alternatives to "work your data", I came across this …
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question