Solved

Windows Updates in Network Environment (Keep Off or ON?)

Posted on 2011-03-09
9
230 Views
Last Modified: 2012-05-11
Hi guys,

I run a small SBS 2003 server network with about 40 Lenovo laptops. Most laptops have Win 7 and a few have XP. I was wondering if i should keep the windows updates TURNED OFF or TURNED ON. In the past i always kept them turned off but since Microsoft comes out with so called CRITICAL updates i was wondering  if i should turn them back on. THANKS
0
Comment
Question by:MXU2011
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 1

Expert Comment

by:IWillHelp
ID: 35085349
The answer you need completely depends on you own internal patch management policy.  There are many critical security updates that should be installed and maintained, but some are not.

In my personal experience, I too have run it both ways and seem to find less issues when the group internal policy dictates what patches / updates are installed and which are not.  But that does take a lot more time on personnel (you) than just allowing all updates to load in middle of the night.

So in conclusion, I would suggest all updates to be installed immediately after the nightly backup policy is completed.
0
 
LVL 8

Accepted Solution

by:
jawa29 earned 32 total points
ID: 35085372
Hi MXU2011

As I was sadly one of the many Sysadmins hit by Conficker back in the day (through no fault of my own I'd like to add) I'm a strong believer of installing updates shortly after they are released.

The best way to do this is to install WSUS from Microsoft on your server http://technet.microsoft.com/en-us/windowsserver/bb332157, this will require some additional disk space but it allows you to have a local repository of updates on your network, you can then configure your clients to look at that instead of Windows Updates.

This will also allow you to create groups of PC's allowing you to deploy updates to test PC's first.

Jawa29

0
 
LVL 1

Assisted Solution

by:IWillHelp
IWillHelp earned 31 total points
ID: 35085474
I would as well, agree with jawa29 in the repository of updates with the WSUS tool.  It saves headache but adds time when deploying to a group of 40 units since you are able to test common deployment scenerios prior to them going live.

Downside to this is attempting to deploy to a group that has differing setups, as many small companies / deployment would since many at <50 units will all have a different setup and machine, so thus the number of tests would be exaggerated.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 31 total points
ID: 35085546
WSUS comes with SBS 2003 R2 and later and if the systems have been installed properly, should be working.

Should you patch?  Only IF:
 - You want to ensure viruses cannot spread easily
 - You want to ensure your data is not stolen
 - You want to ensure the stability and reliability of your systems.

If you don't want any of that, then don't patch.

It's always possible updates will break something else ... an office patch caused issues in December... but it was pulled a couple of days after its release.  If you want to wait a week, I wouldn't fault you... but by the third tuesday of the month (considering MS typically releases patches on the second tuesday) I would patch.  And testing isn't bad either - setup or designate a guinea pig PC to always patch first and make sure it doesn't have problems... much less hassle repairing a single system from a failed patch than a office full of systems.
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 31 total points
ID: 35087027
Among one of the other benefits not mentioned is reduced bandwidth. With WSUS the updates are all downloaded to your WSUS server and your clients pull from there. If you were to enable just Windows Updates and had 40 clients all downloading updates at the same time, your network would start to crawl. WSUS/windows updates uses BITS(Idle network bandwidth) which can also be throttled to your needs as well.

As far as taking extra personnel time, that's what automatic approval rules were designed for.
0
 

Author Comment

by:MXU2011
ID: 35087898
THANK YOU VERY MUCH GUYS. YOU GUYS ARE AWESOME!! I DONT KNOW WHAT I WOULD DO WITHOUT EXPERTS-EXCHANGE
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 35390549
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

First some basics on Windows 7 Backup.  It has 2 components one is a file based backup which is stored in .zip files each zip is split at around 200 Megabytes and there is the Image Backup which is as the name implies a total image of the partition …
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question