Improve company productivity with a Business Account.Sign Up

x
?
Solved

Windows Updates in Network Environment (Keep Off or ON?)

Posted on 2011-03-09
9
Medium Priority
?
242 Views
Last Modified: 2012-05-11
Hi guys,

I run a small SBS 2003 server network with about 40 Lenovo laptops. Most laptops have Win 7 and a few have XP. I was wondering if i should keep the windows updates TURNED OFF or TURNED ON. In the past i always kept them turned off but since Microsoft comes out with so called CRITICAL updates i was wondering  if i should turn them back on. THANKS
0
Comment
Question by:MXU2011
7 Comments
 
LVL 1

Expert Comment

by:IWillHelp
ID: 35085349
The answer you need completely depends on you own internal patch management policy.  There are many critical security updates that should be installed and maintained, but some are not.

In my personal experience, I too have run it both ways and seem to find less issues when the group internal policy dictates what patches / updates are installed and which are not.  But that does take a lot more time on personnel (you) than just allowing all updates to load in middle of the night.

So in conclusion, I would suggest all updates to be installed immediately after the nightly backup policy is completed.
0
 
LVL 8

Accepted Solution

by:
jawa29 earned 128 total points
ID: 35085372
Hi MXU2011

As I was sadly one of the many Sysadmins hit by Conficker back in the day (through no fault of my own I'd like to add) I'm a strong believer of installing updates shortly after they are released.

The best way to do this is to install WSUS from Microsoft on your server http://technet.microsoft.com/en-us/windowsserver/bb332157, this will require some additional disk space but it allows you to have a local repository of updates on your network, you can then configure your clients to look at that instead of Windows Updates.

This will also allow you to create groups of PC's allowing you to deploy updates to test PC's first.

Jawa29

0
 
LVL 1

Assisted Solution

by:IWillHelp
IWillHelp earned 124 total points
ID: 35085474
I would as well, agree with jawa29 in the repository of updates with the WSUS tool.  It saves headache but adds time when deploying to a group of 40 units since you are able to test common deployment scenerios prior to them going live.

Downside to this is attempting to deploy to a group that has differing setups, as many small companies / deployment would since many at <50 units will all have a different setup and machine, so thus the number of tests would be exaggerated.
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
LVL 97

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 124 total points
ID: 35085546
WSUS comes with SBS 2003 R2 and later and if the systems have been installed properly, should be working.

Should you patch?  Only IF:
 - You want to ensure viruses cannot spread easily
 - You want to ensure your data is not stolen
 - You want to ensure the stability and reliability of your systems.

If you don't want any of that, then don't patch.

It's always possible updates will break something else ... an office patch caused issues in December... but it was pulled a couple of days after its release.  If you want to wait a week, I wouldn't fault you... but by the third tuesday of the month (considering MS typically releases patches on the second tuesday) I would patch.  And testing isn't bad either - setup or designate a guinea pig PC to always patch first and make sure it doesn't have problems... much less hassle repairing a single system from a failed patch than a office full of systems.
0
 
LVL 48

Assisted Solution

by:Don
Don earned 124 total points
ID: 35087027
Among one of the other benefits not mentioned is reduced bandwidth. With WSUS the updates are all downloaded to your WSUS server and your clients pull from there. If you were to enable just Windows Updates and had 40 clients all downloading updates at the same time, your network would start to crawl. WSUS/windows updates uses BITS(Idle network bandwidth) which can also be throttled to your needs as well.

As far as taking extra personnel time, that's what automatic approval rules were designed for.
0
 

Author Comment

by:MXU2011
ID: 35087898
THANK YOU VERY MUCH GUYS. YOU GUYS ARE AWESOME!! I DONT KNOW WHAT I WOULD DO WITHOUT EXPERTS-EXCHANGE
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 35390549
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question