How do I test patches ?

Lets say I deploy the monthly patches from Microsoft to some servers or desktops.

Before I deploy them should I be testing them? if so can somebody on this forum please provide details on what method or strategy they are using to deploy patches in there organisation or company.

Or do we just trust Microsoft to NOT deliver botched up and buggy patches?

please advise.
Ikky786Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
David Johnson, CD, MVPConnect With a Mentor OwnerCommented:
approve them after a week. or have a test environment and approve for this environment only.. test if everything works ok then approve ..

if there is a botched update it will be highly reported on the web.
0
 
JohnBusiness Consultant (Owner)Commented:
Yes.  Also, on a properly set up machine, there have not been that many issues. I am fully up to date on Windows 7, Windows 8.1 and Windows 10 and no issues to speak of.
0
 
punkrawkdude99Connect With a Mentor Commented:
build a server and put some kind of virtualization product on it... hyper-v/oracle/vmware

take p2v of all the different crap in your environment

add it to to virtualization server.... dont keep it on the same network as production equipment....

patch away.... see what breaks....

i always wait a week after...let all the idiots with automatic updates break stuff first and then let micro$oft put out the patches to fix stuff....
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
Seth SimmonsConnect With a Mentor Sr. Systems AdministratorCommented:
take p2v of all the different crap in your environment

not always effective if there are things like systems running OEM editions of windows

if you already have virtualized systems you can always create a clone on a separate, isolated network and test patches that way

much of the way you approach it depends on your organization and any possible compliance requirements
i once worked at a place that had to adhere to PCI compliance and we deployed patches to test/dev servers immediately then had a schedule in place (managed through WSUS) to patch production before the end of the month.  some servers were scheduled to automatically patch (domain controllers) while others were done manually (exchange, sql, citrix, etc.)
0
 
VB ITSConnect With a Mentor Specialist ConsultantCommented:
In an ideal environment one would test these new updates in a test lab which would be a duplicate of your existing environment. Unfortunately the majority of us admins simply don't have the time nor resources to do this so I think the best option would be to follow David's advice.

I tend to wait two full weeks before deploying the updates, and even then I only choose to install it on one server to make sure nothing breaks before I deploy it to the other servers over the course of a few days.

I've seen various Office updates break Office in general (mainly on a Terminal Server environment mind you) which is always a pain, especially for my users.
0
 
Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
(I may well be repeating what others have said):

Testing depends on your requirements and resources.  Personally, I wait 2-3 weeks before applying patches to servers.  Workstations tend to get them automatically (at least the critical ones).  

If you have the resources, you can start by virtualizing a few test workstations and making sure your LOB apps are installed on them as well as other apps that may be used in your environment.  Then patch away and perform some tests.  Ideally, you would have standardized on a small set of hardware and could have a spare system for each model that can then be patched and tested.

If you don't have those kinds of resources, I would suggest prioritizing machines.  Critical systems (perhaps the CxO systems and the accounting systems) might be patched last while other departments are patched first - if a problem occurs on the other departments, at least you've spared the "more important" folks from potential headaches. (you should consult with your boss and department heads to know who falls into this category).
0
 
JohnBusiness Consultant (Owner)Commented:
unsubscribed. I am not an idiot.
0
 
VB ITSSpecialist ConsultantCommented:
Nobody called you an idiot John. Pretty sure punkrawkdude99 was just making a generalized statement in his comment, nowhere did he specifically direct his comment at you. There's no need to be so sensitive.
0
 
David Johnson, CD, MVPConnect With a Mentor OwnerCommented:
i always wait a week after...let all the idiots with automatic updates break stuff first and then let micro$oft put out the patches to fix stuff.... On my personal machines I install updates automatically and have not ever had a problem.. Of the thousands of updates over the years the amount of broken updates is very rare. I do not run any legacy software and always use the latest versions (server/exchange/client/.net, .....) so the odds on something breaking is very rare. I have current backups just in case and having a recent backup has always saved my day when things do go south.  There are some experts with a definite anti-Microsoft bias as there are those with a definite Microsoft bias.

Note there are people still developing/maintaining VB6 and java 6.0 applications that are unwilling to update. I managed to upgrade all of my Dbase4 users a long time ago and haven't looked back. Thank goodness that I had lots of comments in the code and knew where each variable was used and for what.
0
 
punkrawkdude99Connect With a Mentor Commented:
ive seen well over 40 server crap out due to automatic updates... usually sql or sbs servers...

they arent always save...

workstations are another story...

especially in a corp environment... auto patch those to your hearts content....you should have like hardware and a master image anyhow of those...

bottom line.... if a piece of hardware is valuable and cannot have any downtime...DO NOT AUTO PATCH

wait....if you cant wait make sure you have a bare metal or image backup of the server...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.