Selective Updates for SBS 2008 & Network with all Win 7 computers.

Posted on 2013-01-23
Last Modified: 2013-01-23

I have been tapped on the shoulder to remotely do our server updates (SBS 2008) and office machine updates (5 machines Running WIN 7).

Currently, the Server+Machines are updated on-site once a month. I was told that the current "tech" does select updates because he "knows" which updates to do that won't cause problems.

I know you can Google for "Buggy Win 7 updates" or Buggy SBS 2008 Updates"  But I really need someone to give me concise points to look for. I am not a total noob, just have been out of the server/client machine field for a while.

Can someone validate what they are saying about the tech makes sense?
Also they said something about the tech said you have to wait until like the 3rd week of every month for the non-buggy updates to come out or something to the effect.

Now, to me that last paragraph sounds a little bit more like a tech excuse as to WHEN he wants to update whether it be due to his schedule or what.

Can someone please validate this info and point me in the right direction as to the best mode of operation to do this via RDP since I am not on-site?

Thanks in advance.
Question by:Korelian-
  • 4
  • 2

Accepted Solution

albelo earned 250 total points
ID: 38812049
Microsoft usually releases updates on the 2nd Tuesday of the month.  The tech is most likely waiting until the 3rd week of the month to do the updates to see if there are any reported problems within the last week with the updates MS released.

In a small environment like that, I would make sure you have a good backup of the server before applying updates.  I'd also notate which Patches / Updates were applied in case you have to roll back.

As for the Win 7 machines, always good to make a restore point before applying updates for the same reason.

In a larger environment, good practice to have a few test users/systems to apply patches to first to verify there are no problems before applying to all other systems.

Author Comment

ID: 38812259
So the best way to do this after having appropriate backups would be

{}- Do an inventory of the last updates/patches done by previous tech.
{}- Keep a log of patches/updates for Server & a log for each machine seperately
{}- Get list of Updates to be applied after 2nd week release and then watch for bugs from users until third week.

Are there updates/patches you WOULDN'T worry about? like "non-critical" or "non-Security"
What isn't broke don't fix it so to speak except for security patches?

what's your advice on that?
LVL 24

Assisted Solution

smckeown777 earned 250 total points
ID: 38812263
I would agree to a certain extent...I do the same for some client environments as well, sometimes updates cause issues, so by delaying the process it means you have time to 'hear about' certain update issues and therefore you can then 'select' the good ones from the bad...

As for determining what updates are dodgy there are forums you can check out, or in my case I subscribe to - its a mailing list that individuals can send in known issues and through that process you will be informed of the current bugs/issues related to certain updates each month...great resource if you want to stay ahead of the patching problems that will occur from time to time...

So again its not always done, but I'd rather have control over my client environments than just letting the patch rollout happen automatically...and get into trouble
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline


Author Comment

ID: 38812300
I am DEFINITELY marking you as the solution, and thank you for the added info about subscribing to that list.. very helpful...   but I meant to ask the following also so I didn't want this to close out as RESOLVED before I got all the info I need....

Keep in mind I am doing this all remotely....

access the server, and access each local machine via the server? Does this have to be done via LOCAL admin or can these be installed by the users profile on the machine? or do I log in to any admin profile on THAT particular network machine... (by accessing the users machine through the desktop function on the server, thus logging in as the server admin )

does that make sense?

Thanks so much for your help
LVL 24

Expert Comment

ID: 38812319
Oh...just re-read your original post...

Ok, looks like the tech was manually doing this process to a certain extent...
The best way to do this is WSUS(are you familiar with that?)

WSUS runs on the server(is included with SBS 2008/2011 by default)
It downloads the updates to the server, then the client machines get their updates from the run everything from the server WSUS console...

So in terms of installing the updates you don't do anything, once you 'Approve' the updates from the WSUS console they get installed on the client machines on a schedule(usually 3AM in the morning but this can be changed)

So its not as much work as you think, you approve the updates from the console and the rest takes place in the background...

Def check it out on the server to see if its already up and running, if not you need to start using it - its a life saver for time as well!

Author Comment

ID: 38812445
Ok I thought this was the case but they said the tech goes on each machine and runs MBR defrag and disk check.. which I think it's more to collect the $200 visit than anything because I didn't think it was that complicated.

i'm just doing a refresher course so to speak I used to use Server 2000 and then 2003.(and learning the new feature that they didnt have in those editions)

Author Closing Comment

ID: 38812823
Both of the responders gave me the answers I needed (2 answers needed)

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now