Selective Updates for SBS 2008 & Network with all Win 7 computers.


I have been tapped on the shoulder to remotely do our server updates (SBS 2008) and office machine updates (5 machines Running WIN 7).

Currently, the Server+Machines are updated on-site once a month. I was told that the current "tech" does select updates because he "knows" which updates to do that won't cause problems.

I know you can Google for "Buggy Win 7 updates" or Buggy SBS 2008 Updates"  But I really need someone to give me concise points to look for. I am not a total noob, just have been out of the server/client machine field for a while.

Can someone validate what they are saying about the tech makes sense?
Also they said something about the tech said you have to wait until like the 3rd week of every month for the non-buggy updates to come out or something to the effect.

Now, to me that last paragraph sounds a little bit more like a tech excuse as to WHEN he wants to update whether it be due to his schedule or what.

Can someone please validate this info and point me in the right direction as to the best mode of operation to do this via RDP since I am not on-site?

Thanks in advance.
Who is Participating?
albeloConnect With a Mentor Commented:
Microsoft usually releases updates on the 2nd Tuesday of the month.  The tech is most likely waiting until the 3rd week of the month to do the updates to see if there are any reported problems within the last week with the updates MS released.

In a small environment like that, I would make sure you have a good backup of the server before applying updates.  I'd also notate which Patches / Updates were applied in case you have to roll back.

As for the Win 7 machines, always good to make a restore point before applying updates for the same reason.

In a larger environment, good practice to have a few test users/systems to apply patches to first to verify there are no problems before applying to all other systems.
Korelian-Author Commented:
So the best way to do this after having appropriate backups would be

{}- Do an inventory of the last updates/patches done by previous tech.
{}- Keep a log of patches/updates for Server & a log for each machine seperately
{}- Get list of Updates to be applied after 2nd week release and then watch for bugs from users until third week.

Are there updates/patches you WOULDN'T worry about? like "non-critical" or "non-Security"
What isn't broke don't fix it so to speak except for security patches?

what's your advice on that?
smckeown777Connect With a Mentor Commented:
I would agree to a certain extent...I do the same for some client environments as well, sometimes updates cause issues, so by delaying the process it means you have time to 'hear about' certain update issues and therefore you can then 'select' the good ones from the bad...

As for determining what updates are dodgy there are forums you can check out, or in my case I subscribe to - its a mailing list that individuals can send in known issues and through that process you will be informed of the current bugs/issues related to certain updates each month...great resource if you want to stay ahead of the patching problems that will occur from time to time...

So again its not always done, but I'd rather have control over my client environments than just letting the patch rollout happen automatically...and get into trouble
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Korelian-Author Commented:
I am DEFINITELY marking you as the solution, and thank you for the added info about subscribing to that list.. very helpful...   but I meant to ask the following also so I didn't want this to close out as RESOLVED before I got all the info I need....

Keep in mind I am doing this all remotely....

access the server, and access each local machine via the server? Does this have to be done via LOCAL admin or can these be installed by the users profile on the machine? or do I log in to any admin profile on THAT particular network machine... (by accessing the users machine through the desktop function on the server, thus logging in as the server admin )

does that make sense?

Thanks so much for your help
Oh...just re-read your original post...

Ok, looks like the tech was manually doing this process to a certain extent...
The best way to do this is WSUS(are you familiar with that?)

WSUS runs on the server(is included with SBS 2008/2011 by default)
It downloads the updates to the server, then the client machines get their updates from the run everything from the server WSUS console...

So in terms of installing the updates you don't do anything, once you 'Approve' the updates from the WSUS console they get installed on the client machines on a schedule(usually 3AM in the morning but this can be changed)

So its not as much work as you think, you approve the updates from the console and the rest takes place in the background...

Def check it out on the server to see if its already up and running, if not you need to start using it - its a life saver for time as well!
Korelian-Author Commented:
Ok I thought this was the case but they said the tech goes on each machine and runs MBR defrag and disk check.. which I think it's more to collect the $200 visit than anything because I didn't think it was that complicated.

i'm just doing a refresher course so to speak I used to use Server 2000 and then 2003.(and learning the new feature that they didnt have in those editions)
Korelian-Author Commented:
Both of the responders gave me the answers I needed (2 answers needed)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.