Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Should I run Microsoft Updates on Windows Servers?

Posted on 2009-02-09
Medium Priority
Last Modified: 2012-05-06
I look after a small network of around 100 client PC's and 3 Windows 2003 servers.  The version of windows are as follows..

SIMS and SQL Server 2005 = Server 2003 R2 - Standard Edition - Service Pack 1
Terminal Server and AD = Server 2003 R2 - Standard x64 Edition - Service Pack 2
Exchange 2003, Sophos and AD = Server 2003 R2 - Standard Edition - Service Pack 1

I have an upgrade to the Sophos Pure Message that is on the Exchange Server and it requires Service Pack 2.  So my question is.. is it safe to upgrade to Service Pack 2 on that server?  I am very nervous about messing up Exchange in any way.  Also the SIMS server could do with Service Pack 2 as well.. what do you think?

Also the automatic windows updates fail on the servers as we are behind a proxy.  Is it safe to run Windows Updates once to let them catch up on Security Patches and stuff?  I really don't want to corrupt anything.. or change the way somethings work.  

Any help and advice would be most welcome.
Thanks in advance.
Question by:Pricess_Bonjella
  • 2
LVL 14

Accepted Solution

agriesser earned 1600 total points
ID: 23589339
Usually it's a good solution to keep your servers up-to-date too. Plan some downtime for the update and if it doesn't work afterwards, you can simply rollback to the previous state on the server operating systems.

Regarding the internet access via proxy: Have you ever thought about installing a WSUS server in this environment? This would be interesting for the clients too, because they don't have to fetch the updates directly from the internet. Just one server (the WSUS Server which does not need to be a physical machine, you can probably re-use one of your existing servers) downloads the updates and all clients and servers poll the updates from this machine then.

That usually saves a lot of traffic and administrative overhead.

Author Comment

ID: 23589352
Thats brilliant advice. Thankyou!  One thing... do you roll back the server in the same way you would XP?
LVL 65

Assisted Solution

Mestha earned 400 total points
ID: 23589387
As far as I am concerned, service packs are not optional.
Not installing an update as critical as a service pack is foolish in the current security environment.
I give them a week to ten days at most then install the updates. With the updates that are released on a monthly basis, similar amount of time and then I install the updates.
What you need to realise is that as soon as Microsoft release an update the bad guys start looking at it, to reverse engineer it and then use it to exploit servers. Exchange servers are a particular target as they can then be used to send spam, which is the main reason that machines are attacked.

So I would suggest that you bring everything you have up to date, both on service packs and then the automatic updates.

LVL 14

Expert Comment

ID: 23589400
Yes, that usually works this way. In my personal experience (I have the same problems with service packs and medical applications at my employer's site) simply uninstalling the Service Pack in the Software Control Panel is enough so you don't have to do a full rollback. We once had a medical application that stopped working after we installed SP2 on 2003.

Doing backups before is never a bad idea, though.

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have put this article together as i needed to get all the information that might be available already into one general document that could be referenced once without searching the Internet for the different pieces. I have had a few issues where…
Microsoft has released remote PowerShell capabilities to all commercial Office 365 customers. So you can be controlled via PowerShell and not from the Office 365 admin center Download Windows PowerShell Module for Lync Online http://www.micros…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question