Patching servers that are way out of date


My environment was last updated 2 years ago, and I want to start applying patches as per Microsoft security Bulletin Summary.

The plan is to start patching and not stress about getting up to date with the patch level.

I'm planning on manually installing about 3 security updates release for September, and continue every month with new releases.

Please advise if this is good or bad.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Neil RussellTechnical Development LeadCommented:

The only way to be secure and safe is to apply ALL patches up to date.

Set up a WSUS server to download all updates to a local store and then patch from that to your servers.  You really need to be completely up to date.

With wsus you will always have the latest patches on site ready to install as well in the future.
Just use automatic Windows Updates, and patch it in one go. There are no problems with installing patches in one go.
momtoelihleAuthor Commented:
I'm afraid that once I install all of them on the go I might break some of the third party applications functionality.

And if they break, I will have to roll back one patch at a time.

Please advise
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

There is always a small possibility an update can break something.

You don't have to install all the patches in one go, in windows update tick the one you want to do and install it, check everything is ok. Repeat for each of the other updates. Slow going if you have lots of updates, but I think its easier then installing all updates and then having to rollback updates until you find the culprit, then having to install the other updates again.

What I do on my servers is run a duplicate server and patch that to latest version and check it thoroughly, make sure everything worked as before and only then apply the update to the live server.

If I don't have a duplicate server, I make a image of the server when no one is using it and run the updates, check everything is ok. If there's anything wrong I restore the image and try each update until I find the one causing the issue.

As always a good backup routine along with some trusted server images can be a life saver

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Neil RussellTechnical Development LeadCommented:
"There are no problems with installing patches in one go."

Have you worked with Microsoft servers before???
momtoelihleAuthor Commented:
Thank you Vortex. I will try that.
Neilsr, yes I've been working with Microsoft servers for the past 7 years, but have never had to work with out od date patches of 2 years.
Neil RussellTechnical Development LeadCommented:
Then your comment is not very relevant to the question if you have no experience of this is it.
momtoelihleAuthor Commented:
Thank you.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.