Solved

Windows Updates in Network Environment (Keep Off or ON?)

Posted on 2011-03-09
9
223 Views
Last Modified: 2012-05-11
Hi guys,

I run a small SBS 2003 server network with about 40 Lenovo laptops. Most laptops have Win 7 and a few have XP. I was wondering if i should keep the windows updates TURNED OFF or TURNED ON. In the past i always kept them turned off but since Microsoft comes out with so called CRITICAL updates i was wondering  if i should turn them back on. THANKS
0
Comment
Question by:MXU2011
9 Comments
 
LVL 1

Expert Comment

by:IWillHelp
ID: 35085349
The answer you need completely depends on you own internal patch management policy.  There are many critical security updates that should be installed and maintained, but some are not.

In my personal experience, I too have run it both ways and seem to find less issues when the group internal policy dictates what patches / updates are installed and which are not.  But that does take a lot more time on personnel (you) than just allowing all updates to load in middle of the night.

So in conclusion, I would suggest all updates to be installed immediately after the nightly backup policy is completed.
0
 
LVL 8

Accepted Solution

by:
jawa29 earned 32 total points
ID: 35085372
Hi MXU2011

As I was sadly one of the many Sysadmins hit by Conficker back in the day (through no fault of my own I'd like to add) I'm a strong believer of installing updates shortly after they are released.

The best way to do this is to install WSUS from Microsoft on your server http://technet.microsoft.com/en-us/windowsserver/bb332157, this will require some additional disk space but it allows you to have a local repository of updates on your network, you can then configure your clients to look at that instead of Windows Updates.

This will also allow you to create groups of PC's allowing you to deploy updates to test PC's first.

Jawa29

0
 
LVL 1

Assisted Solution

by:IWillHelp
IWillHelp earned 31 total points
ID: 35085474
I would as well, agree with jawa29 in the repository of updates with the WSUS tool.  It saves headache but adds time when deploying to a group of 40 units since you are able to test common deployment scenerios prior to them going live.

Downside to this is attempting to deploy to a group that has differing setups, as many small companies / deployment would since many at <50 units will all have a different setup and machine, so thus the number of tests would be exaggerated.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 31 total points
ID: 35085546
WSUS comes with SBS 2003 R2 and later and if the systems have been installed properly, should be working.

Should you patch?  Only IF:
 - You want to ensure viruses cannot spread easily
 - You want to ensure your data is not stolen
 - You want to ensure the stability and reliability of your systems.

If you don't want any of that, then don't patch.

It's always possible updates will break something else ... an office patch caused issues in December... but it was pulled a couple of days after its release.  If you want to wait a week, I wouldn't fault you... but by the third tuesday of the month (considering MS typically releases patches on the second tuesday) I would patch.  And testing isn't bad either - setup or designate a guinea pig PC to always patch first and make sure it doesn't have problems... much less hassle repairing a single system from a failed patch than a office full of systems.
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 31 total points
ID: 35087027
Among one of the other benefits not mentioned is reduced bandwidth. With WSUS the updates are all downloaded to your WSUS server and your clients pull from there. If you were to enable just Windows Updates and had 40 clients all downloading updates at the same time, your network would start to crawl. WSUS/windows updates uses BITS(Idle network bandwidth) which can also be throttled to your needs as well.

As far as taking extra personnel time, that's what automatic approval rules were designed for.
0
 

Author Comment

by:MXU2011
ID: 35087898
THANK YOU VERY MUCH GUYS. YOU GUYS ARE AWESOME!! I DONT KNOW WHAT I WOULD DO WITHOUT EXPERTS-EXCHANGE
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 35390549
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question