Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Windows Updates in Network Environment (Keep Off or ON?)

Posted on 2011-03-09
9
Medium Priority
?
236 Views
Last Modified: 2012-05-11
Hi guys,

I run a small SBS 2003 server network with about 40 Lenovo laptops. Most laptops have Win 7 and a few have XP. I was wondering if i should keep the windows updates TURNED OFF or TURNED ON. In the past i always kept them turned off but since Microsoft comes out with so called CRITICAL updates i was wondering  if i should turn them back on. THANKS
0
Comment
Question by:MXU2011
7 Comments
 
LVL 1

Expert Comment

by:IWillHelp
ID: 35085349
The answer you need completely depends on you own internal patch management policy.  There are many critical security updates that should be installed and maintained, but some are not.

In my personal experience, I too have run it both ways and seem to find less issues when the group internal policy dictates what patches / updates are installed and which are not.  But that does take a lot more time on personnel (you) than just allowing all updates to load in middle of the night.

So in conclusion, I would suggest all updates to be installed immediately after the nightly backup policy is completed.
0
 
LVL 8

Accepted Solution

by:
jawa29 earned 128 total points
ID: 35085372
Hi MXU2011

As I was sadly one of the many Sysadmins hit by Conficker back in the day (through no fault of my own I'd like to add) I'm a strong believer of installing updates shortly after they are released.

The best way to do this is to install WSUS from Microsoft on your server http://technet.microsoft.com/en-us/windowsserver/bb332157, this will require some additional disk space but it allows you to have a local repository of updates on your network, you can then configure your clients to look at that instead of Windows Updates.

This will also allow you to create groups of PC's allowing you to deploy updates to test PC's first.

Jawa29

0
 
LVL 1

Assisted Solution

by:IWillHelp
IWillHelp earned 124 total points
ID: 35085474
I would as well, agree with jawa29 in the repository of updates with the WSUS tool.  It saves headache but adds time when deploying to a group of 40 units since you are able to test common deployment scenerios prior to them going live.

Downside to this is attempting to deploy to a group that has differing setups, as many small companies / deployment would since many at <50 units will all have a different setup and machine, so thus the number of tests would be exaggerated.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 124 total points
ID: 35085546
WSUS comes with SBS 2003 R2 and later and if the systems have been installed properly, should be working.

Should you patch?  Only IF:
 - You want to ensure viruses cannot spread easily
 - You want to ensure your data is not stolen
 - You want to ensure the stability and reliability of your systems.

If you don't want any of that, then don't patch.

It's always possible updates will break something else ... an office patch caused issues in December... but it was pulled a couple of days after its release.  If you want to wait a week, I wouldn't fault you... but by the third tuesday of the month (considering MS typically releases patches on the second tuesday) I would patch.  And testing isn't bad either - setup or designate a guinea pig PC to always patch first and make sure it doesn't have problems... much less hassle repairing a single system from a failed patch than a office full of systems.
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 124 total points
ID: 35087027
Among one of the other benefits not mentioned is reduced bandwidth. With WSUS the updates are all downloaded to your WSUS server and your clients pull from there. If you were to enable just Windows Updates and had 40 clients all downloading updates at the same time, your network would start to crawl. WSUS/windows updates uses BITS(Idle network bandwidth) which can also be throttled to your needs as well.

As far as taking extra personnel time, that's what automatic approval rules were designed for.
0
 

Author Comment

by:MXU2011
ID: 35087898
THANK YOU VERY MUCH GUYS. YOU GUYS ARE AWESOME!! I DONT KNOW WHAT I WOULD DO WITHOUT EXPERTS-EXCHANGE
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 35390549
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Suggested Courses

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question