Wndows Update for Servers

General Question regarding Windows 2008 and 2012 Servers - Windows Updage

Is it recommended and safe to keep Windows 2008/2012 Server updated with Windows Update?
Or is it better to never update servers?

THis is a general question, I understand that there is no clear answer. Microsoft recommends to keep "Windows Update" for automated updates.

But was are IT specialists best practices ?

Thanks
gadsadAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

convergintCommented:
The absolute best practice is to have a test environment that is mirrored to your production environment as close as possible and then apply the updates to the test environment to test if anything breaks.

Obviously, in many organizations depending on the size it is not always practical/affordable to have this test environment.  I have applied windows updates to servers usually a few days after the release date for the past 8 years in my career and only once did it ever break our Sharepoint site.  That was with an optional update which was not critical so it was really my fault for being lazy and not testing it first.
0
KimputerCommented:
Updates are needed for security reasons. However you can wait one or two days after patch Tuesday to see if any big forum has a downpour of complaints about an update before installing. But install you must!
0
gadsadAuthor Commented:
what do you mean by patch Tuesday?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

convergintCommented:
From Wikipedia.....

Patch Tuesday is an unofficial term used to refer to when Microsoft regularly releases security patches for its software products. It is widely referred to in this way by the industry.[1][2][3]

Patch Tuesday occurs on the second, and sometimes fourth, Tuesday of each month in North America. As far as the integrated Windows Update (WU) function is concerned, Patch Tuesday begins at 18:00 or 17:00 UTC (10:00 PST (UTC-8) or 10:00 PDT (UTC-7)).[4] The updates show up in Download Center before they are added to WU, and the KB articles and the Technet bulletin get unlocked even earlier.

Microsoft has an apparent pattern of releasing a larger number of updates in even-numbered months, and fewer in odd-numbered months.[5][6][7] Minor updates are also released outside Patch Tuesday. Daily updates consist of malware database refreshes for Windows Defender and Microsoft Security Essentials. Sometimes there is an extraordinary Patch Tuesday, two weeks after the regular Patch Tuesday. Some updates could be released at any time.[8]
0
Sasha KranjacCommented:
If it is only one server the best practice will be to use Windows Update to notify if there are any updates, applying updates only after checking possible conflicts.
You should test the updates in a sandboxed environment before updating live production server.
0
gadsadAuthor Commented:
I have no way to "test" updates, and I am talking about a large number of production single servers with no mirror servers. Is there way to know about potentially dangerous updates ? How do I know that an update should or should not be installed?

Thanks
0
KimputerCommented:
You will never know 100%, so you depend on people who installed it before you and reported problems. That's why you need to monitor some popular forums.
Actually, none of the updates should be potentially dangerous. They're supposedly been tested thoroughly by Microsoft. In my own experience, you will get a bad update once or twice in 5 years or so.
0
Scott MillerIT ManagerCommented:
I've got 40-50 servers and no testing environment, either.  Even if I did have a testing environment, I could never mimic what 100+ users will do with all the software used, so testing is out.  

Typically, what I do is update the servers once a quarter and that on a Friday night.  We do have users that work on the weekends, but far less users than during the week, so if there's a problem, I can usually correct it on early on Saturday.  Since migrating to S2012 on several terminal servers, there have been no problems with the updates.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Stef95Commented:
I would say its better to keep them updated, but download and dont install them, choose them because certain updates could fail and you get to the point you cannot unistall it, if you do update by update you can then pinpoint what update is causing the server problems and search online with Microsoft if there are any issues with that update and how to remove it
0
gadsadAuthor Commented:
Thank you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.