Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 93
  • Last Modified:

Wndows Update for Servers

General Question regarding Windows 2008 and 2012 Servers - Windows Updage

Is it recommended and safe to keep Windows 2008/2012 Server updated with Windows Update?
Or is it better to never update servers?

THis is a general question, I understand that there is no clear answer. Microsoft recommends to keep "Windows Update" for automated updates.

But was are IT specialists best practices ?

Thanks
0
gadsad
Asked:
gadsad
  • 3
  • 2
  • 2
  • +3
1 Solution
 
convergintCommented:
The absolute best practice is to have a test environment that is mirrored to your production environment as close as possible and then apply the updates to the test environment to test if anything breaks.

Obviously, in many organizations depending on the size it is not always practical/affordable to have this test environment.  I have applied windows updates to servers usually a few days after the release date for the past 8 years in my career and only once did it ever break our Sharepoint site.  That was with an optional update which was not critical so it was really my fault for being lazy and not testing it first.
0
 
KimputerCommented:
Updates are needed for security reasons. However you can wait one or two days after patch Tuesday to see if any big forum has a downpour of complaints about an update before installing. But install you must!
0
 
gadsadAuthor Commented:
what do you mean by patch Tuesday?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
convergintCommented:
From Wikipedia.....

Patch Tuesday is an unofficial term used to refer to when Microsoft regularly releases security patches for its software products. It is widely referred to in this way by the industry.[1][2][3]

Patch Tuesday occurs on the second, and sometimes fourth, Tuesday of each month in North America. As far as the integrated Windows Update (WU) function is concerned, Patch Tuesday begins at 18:00 or 17:00 UTC (10:00 PST (UTC-8) or 10:00 PDT (UTC-7)).[4] The updates show up in Download Center before they are added to WU, and the KB articles and the Technet bulletin get unlocked even earlier.

Microsoft has an apparent pattern of releasing a larger number of updates in even-numbered months, and fewer in odd-numbered months.[5][6][7] Minor updates are also released outside Patch Tuesday. Daily updates consist of malware database refreshes for Windows Defender and Microsoft Security Essentials. Sometimes there is an extraordinary Patch Tuesday, two weeks after the regular Patch Tuesday. Some updates could be released at any time.[8]
0
 
Sasha KranjacCommented:
If it is only one server the best practice will be to use Windows Update to notify if there are any updates, applying updates only after checking possible conflicts.
You should test the updates in a sandboxed environment before updating live production server.
0
 
gadsadAuthor Commented:
I have no way to "test" updates, and I am talking about a large number of production single servers with no mirror servers. Is there way to know about potentially dangerous updates ? How do I know that an update should or should not be installed?

Thanks
0
 
KimputerCommented:
You will never know 100%, so you depend on people who installed it before you and reported problems. That's why you need to monitor some popular forums.
Actually, none of the updates should be potentially dangerous. They're supposedly been tested thoroughly by Microsoft. In my own experience, you will get a bad update once or twice in 5 years or so.
0
 
Scott MillerIT ManagerCommented:
I've got 40-50 servers and no testing environment, either.  Even if I did have a testing environment, I could never mimic what 100+ users will do with all the software used, so testing is out.  

Typically, what I do is update the servers once a quarter and that on a Friday night.  We do have users that work on the weekends, but far less users than during the week, so if there's a problem, I can usually correct it on early on Saturday.  Since migrating to S2012 on several terminal servers, there have been no problems with the updates.
0
 
Stef95Commented:
I would say its better to keep them updated, but download and dont install them, choose them because certain updates could fail and you get to the point you cannot unistall it, if you do update by update you can then pinpoint what update is causing the server problems and search online with Microsoft if there are any issues with that update and how to remove it
0
 
gadsadAuthor Commented:
Thank you
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now