Should I run Microsoft Updates on Windows Servers?

Posted on 2009-02-09
Last Modified: 2012-05-06
I look after a small network of around 100 client PC's and 3 Windows 2003 servers.  The version of windows are as follows..

SIMS and SQL Server 2005 = Server 2003 R2 - Standard Edition - Service Pack 1
Terminal Server and AD = Server 2003 R2 - Standard x64 Edition - Service Pack 2
Exchange 2003, Sophos and AD = Server 2003 R2 - Standard Edition - Service Pack 1

I have an upgrade to the Sophos Pure Message that is on the Exchange Server and it requires Service Pack 2.  So my question is.. is it safe to upgrade to Service Pack 2 on that server?  I am very nervous about messing up Exchange in any way.  Also the SIMS server could do with Service Pack 2 as well.. what do you think?

Also the automatic windows updates fail on the servers as we are behind a proxy.  Is it safe to run Windows Updates once to let them catch up on Security Patches and stuff?  I really don't want to corrupt anything.. or change the way somethings work.  

Any help and advice would be most welcome.
Thanks in advance.
Question by:Pricess_Bonjella
    LVL 14

    Accepted Solution

    Usually it's a good solution to keep your servers up-to-date too. Plan some downtime for the update and if it doesn't work afterwards, you can simply rollback to the previous state on the server operating systems.

    Regarding the internet access via proxy: Have you ever thought about installing a WSUS server in this environment? This would be interesting for the clients too, because they don't have to fetch the updates directly from the internet. Just one server (the WSUS Server which does not need to be a physical machine, you can probably re-use one of your existing servers) downloads the updates and all clients and servers poll the updates from this machine then.

    That usually saves a lot of traffic and administrative overhead.

    Author Comment

    Thats brilliant advice. Thankyou!  One thing... do you roll back the server in the same way you would XP?
    LVL 65

    Assisted Solution

    As far as I am concerned, service packs are not optional.
    Not installing an update as critical as a service pack is foolish in the current security environment.
    I give them a week to ten days at most then install the updates. With the updates that are released on a monthly basis, similar amount of time and then I install the updates.
    What you need to realise is that as soon as Microsoft release an update the bad guys start looking at it, to reverse engineer it and then use it to exploit servers. Exchange servers are a particular target as they can then be used to send spam, which is the main reason that machines are attacked.

    So I would suggest that you bring everything you have up to date, both on service packs and then the automatic updates.

    LVL 14

    Expert Comment

    Yes, that usually works this way. In my personal experience (I have the same problems with service packs and medical applications at my employer's site) simply uninstalling the Service Pack in the Software Control Panel is enough so you don't have to do a full rollback. We once had a medical application that stopped working after we installed SP2 on 2003.

    Doing backups before is never a bad idea, though.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    When you are trying to access the server, have you ever encountered "The terminal server has exceeded the maximum number of allowed connection" error?  or "The user is attempting to log on to a Terminal Server in Remote Administration mode, but the …
    This is a fairly complicated script that will install the required prerequisites to install SCCM 2012 R2 on a server.  It was designed under the functional model in order to compartmentalize each step required, reducing the overall complexity.  The …
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now