Should I run Microsoft Updates on Windows Servers?

I look after a small network of around 100 client PC's and 3 Windows 2003 servers.  The version of windows are as follows..

SIMS and SQL Server 2005 = Server 2003 R2 - Standard Edition - Service Pack 1
Terminal Server and AD = Server 2003 R2 - Standard x64 Edition - Service Pack 2
Exchange 2003, Sophos and AD = Server 2003 R2 - Standard Edition - Service Pack 1

I have an upgrade to the Sophos Pure Message that is on the Exchange Server and it requires Service Pack 2.  So my question is.. is it safe to upgrade to Service Pack 2 on that server?  I am very nervous about messing up Exchange in any way.  Also the SIMS server could do with Service Pack 2 as well.. what do you think?

Also the automatic windows updates fail on the servers as we are behind a proxy.  Is it safe to run Windows Updates once to let them catch up on Security Patches and stuff?  I really don't want to corrupt anything.. or change the way somethings work.  

Any help and advice would be most welcome.
Thanks in advance.
Pricess_BonjellaAsked:
Who is Participating?
 
agriesserCommented:
Usually it's a good solution to keep your servers up-to-date too. Plan some downtime for the update and if it doesn't work afterwards, you can simply rollback to the previous state on the server operating systems.

Regarding the internet access via proxy: Have you ever thought about installing a WSUS server in this environment? This would be interesting for the clients too, because they don't have to fetch the updates directly from the internet. Just one server (the WSUS Server which does not need to be a physical machine, you can probably re-use one of your existing servers) downloads the updates and all clients and servers poll the updates from this machine then.

That usually saves a lot of traffic and administrative overhead.
0
 
Pricess_BonjellaAuthor Commented:
Thats brilliant advice. Thankyou!  One thing... do you roll back the server in the same way you would XP?
0
 
MesthaCommented:
As far as I am concerned, service packs are not optional.
Not installing an update as critical as a service pack is foolish in the current security environment.
I give them a week to ten days at most then install the updates. With the updates that are released on a monthly basis, similar amount of time and then I install the updates.
What you need to realise is that as soon as Microsoft release an update the bad guys start looking at it, to reverse engineer it and then use it to exploit servers. Exchange servers are a particular target as they can then be used to send spam, which is the main reason that machines are attacked.

So I would suggest that you bring everything you have up to date, both on service packs and then the automatic updates.

-M
0
 
agriesserCommented:
Yes, that usually works this way. In my personal experience (I have the same problems with service packs and medical applications at my employer's site) simply uninstalling the Service Pack in the Software Control Panel is enough so you don't have to do a full rollback. We once had a medical application that stopped working after we installed SP2 on 2003.

Doing backups before is never a bad idea, though.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.