Solved

Wndows Update for Servers

Posted on 2014-09-11
10
81 Views
Last Modified: 2014-10-01
General Question regarding Windows 2008 and 2012 Servers - Windows Updage

Is it recommended and safe to keep Windows 2008/2012 Server updated with Windows Update?
Or is it better to never update servers?

THis is a general question, I understand that there is no clear answer. Microsoft recommends to keep "Windows Update" for automated updates.

But was are IT specialists best practices ?

Thanks
0
Comment
Question by:gadsad
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 10

Expert Comment

by:convergint
ID: 40318060
The absolute best practice is to have a test environment that is mirrored to your production environment as close as possible and then apply the updates to the test environment to test if anything breaks.

Obviously, in many organizations depending on the size it is not always practical/affordable to have this test environment.  I have applied windows updates to servers usually a few days after the release date for the past 8 years in my career and only once did it ever break our Sharepoint site.  That was with an optional update which was not critical so it was really my fault for being lazy and not testing it first.
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40318068
Updates are needed for security reasons. However you can wait one or two days after patch Tuesday to see if any big forum has a downpour of complaints about an update before installing. But install you must!
0
 

Author Comment

by:gadsad
ID: 40318073
what do you mean by patch Tuesday?
0
 
LVL 10

Expert Comment

by:convergint
ID: 40318075
From Wikipedia.....

Patch Tuesday is an unofficial term used to refer to when Microsoft regularly releases security patches for its software products. It is widely referred to in this way by the industry.[1][2][3]

Patch Tuesday occurs on the second, and sometimes fourth, Tuesday of each month in North America. As far as the integrated Windows Update (WU) function is concerned, Patch Tuesday begins at 18:00 or 17:00 UTC (10:00 PST (UTC-8) or 10:00 PDT (UTC-7)).[4] The updates show up in Download Center before they are added to WU, and the KB articles and the Technet bulletin get unlocked even earlier.

Microsoft has an apparent pattern of releasing a larger number of updates in even-numbered months, and fewer in odd-numbered months.[5][6][7] Minor updates are also released outside Patch Tuesday. Daily updates consist of malware database refreshes for Windows Defender and Microsoft Security Essentials. Sometimes there is an extraordinary Patch Tuesday, two weeks after the regular Patch Tuesday. Some updates could be released at any time.[8]
0
 
LVL 6

Expert Comment

by:Sasa Kranjac
ID: 40318087
If it is only one server the best practice will be to use Windows Update to notify if there are any updates, applying updates only after checking possible conflicts.
You should test the updates in a sandboxed environment before updating live production server.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:gadsad
ID: 40318124
I have no way to "test" updates, and I am talking about a large number of production single servers with no mirror servers. Is there way to know about potentially dangerous updates ? How do I know that an update should or should not be installed?

Thanks
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40318133
You will never know 100%, so you depend on people who installed it before you and reported problems. That's why you need to monitor some popular forums.
Actually, none of the updates should be potentially dangerous. They're supposedly been tested thoroughly by Microsoft. In my own experience, you will get a bad update once or twice in 5 years or so.
0
 
LVL 1

Accepted Solution

by:
BigRBTrout earned 500 total points
ID: 40318212
I've got 40-50 servers and no testing environment, either.  Even if I did have a testing environment, I could never mimic what 100+ users will do with all the software used, so testing is out.  

Typically, what I do is update the servers once a quarter and that on a Friday night.  We do have users that work on the weekends, but far less users than during the week, so if there's a problem, I can usually correct it on early on Saturday.  Since migrating to S2012 on several terminal servers, there have been no problems with the updates.
0
 
LVL 3

Expert Comment

by:Stef95
ID: 40322811
I would say its better to keep them updated, but download and dont install them, choose them because certain updates could fail and you get to the point you cannot unistall it, if you do update by update you can then pinpoint what update is causing the server problems and search online with Microsoft if there are any issues with that update and how to remove it
0
 

Author Closing Comment

by:gadsad
ID: 40354742
Thank you
0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now