Solved

How do I test patches ?

Posted on 2015-01-26
11
38 Views
Last Modified: 2016-06-18
Lets say I deploy the monthly patches from Microsoft to some servers or desktops.

Before I deploy them should I be testing them? if so can somebody on this forum please provide details on what method or strategy they are using to deploy patches in there organisation or company.

Or do we just trust Microsoft to NOT deliver botched up and buggy patches?

please advise.
0
Comment
Question by:Ikky786
  • 2
  • 2
  • 2
  • +3
11 Comments
 
LVL 80

Accepted Solution

by:
David Johnson, CD, MVP earned 145 total points
ID: 40571713
approve them after a week. or have a test environment and approve for this environment only.. test if everything works ok then approve ..

if there is a botched update it will be highly reported on the web.
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 40571819
Yes.  Also, on a properly set up machine, there have not been that many issues. I am fully up to date on Windows 7, Windows 8.1 and Windows 10 and no issues to speak of.
0
 
LVL 1

Assisted Solution

by:punkrawkdude99
punkrawkdude99 earned 142 total points
ID: 40571861
build a server and put some kind of virtualization product on it... hyper-v/oracle/vmware

take p2v of all the different crap in your environment

add it to to virtualization server.... dont keep it on the same network as production equipment....

patch away.... see what breaks....

i always wait a week after...let all the idiots with automatic updates break stuff first and then let micro$oft put out the patches to fix stuff....
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 71 total points
ID: 40571884
take p2v of all the different crap in your environment

not always effective if there are things like systems running OEM editions of windows

if you already have virtualized systems you can always create a clone on a separate, isolated network and test patches that way

much of the way you approach it depends on your organization and any possible compliance requirements
i once worked at a place that had to adhere to PCI compliance and we deployed patches to test/dev servers immediately then had a schedule in place (managed through WSUS) to patch production before the end of the month.  some servers were scheduled to automatically patch (domain controllers) while others were done manually (exchange, sql, citrix, etc.)
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 71 total points
ID: 40571927
In an ideal environment one would test these new updates in a test lab which would be a duplicate of your existing environment. Unfortunately the majority of us admins simply don't have the time nor resources to do this so I think the best option would be to follow David's advice.

I tend to wait two full weeks before deploying the updates, and even then I only choose to install it on one server to make sure nothing breaks before I deploy it to the other servers over the course of a few days.

I've seen various Office updates break Office in general (mainly on a Terminal Server environment mind you) which is always a pain, especially for my users.
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 71 total points
ID: 40571943
(I may well be repeating what others have said):

Testing depends on your requirements and resources.  Personally, I wait 2-3 weeks before applying patches to servers.  Workstations tend to get them automatically (at least the critical ones).  

If you have the resources, you can start by virtualizing a few test workstations and making sure your LOB apps are installed on them as well as other apps that may be used in your environment.  Then patch away and perform some tests.  Ideally, you would have standardized on a small set of hardware and could have a spare system for each model that can then be patched and tested.

If you don't have those kinds of resources, I would suggest prioritizing machines.  Critical systems (perhaps the CxO systems and the accounting systems) might be patched last while other departments are patched first - if a problem occurs on the other departments, at least you've spared the "more important" folks from potential headaches. (you should consult with your boss and department heads to know who falls into this category).
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 40572512
unsubscribed. I am not an idiot.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40574146
Nobody called you an idiot John. Pretty sure punkrawkdude99 was just making a generalized statement in his comment, nowhere did he specifically direct his comment at you. There's no need to be so sensitive.
0
 
LVL 80

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 145 total points
ID: 40574397
i always wait a week after...let all the idiots with automatic updates break stuff first and then let micro$oft put out the patches to fix stuff.... On my personal machines I install updates automatically and have not ever had a problem.. Of the thousands of updates over the years the amount of broken updates is very rare. I do not run any legacy software and always use the latest versions (server/exchange/client/.net, .....) so the odds on something breaking is very rare. I have current backups just in case and having a recent backup has always saved my day when things do go south.  There are some experts with a definite anti-Microsoft bias as there are those with a definite Microsoft bias.

Note there are people still developing/maintaining VB6 and java 6.0 applications that are unwilling to update. I managed to upgrade all of my Dbase4 users a long time ago and haven't looked back. Thank goodness that I had lots of comments in the code and knew where each variable was used and for what.
0
 
LVL 1

Assisted Solution

by:punkrawkdude99
punkrawkdude99 earned 142 total points
ID: 40591875
ive seen well over 40 server crap out due to automatic updates... usually sql or sbs servers...

they arent always save...

workstations are another story...

especially in a corp environment... auto patch those to your hearts content....you should have like hardware and a master image anyhow of those...

bottom line.... if a piece of hardware is valuable and cannot have any downtime...DO NOT AUTO PATCH

wait....if you cant wait make sure you have a bare metal or image backup of the server...
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know what services you can and cannot, should and should not combine on your server.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question