Solved

How do I test patches ?

Posted on 2015-01-26
11
30 Views
Last Modified: 2016-06-18
Lets say I deploy the monthly patches from Microsoft to some servers or desktops.

Before I deploy them should I be testing them? if so can somebody on this forum please provide details on what method or strategy they are using to deploy patches in there organisation or company.

Or do we just trust Microsoft to NOT deliver botched up and buggy patches?

please advise.
0
Comment
Question by:Ikky786
  • 2
  • 2
  • 2
  • +3
11 Comments
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 145 total points
ID: 40571713
approve them after a week. or have a test environment and approve for this environment only.. test if everything works ok then approve ..

if there is a botched update it will be highly reported on the web.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40571819
Yes.  Also, on a properly set up machine, there have not been that many issues. I am fully up to date on Windows 7, Windows 8.1 and Windows 10 and no issues to speak of.
0
 
LVL 1

Assisted Solution

by:punkrawkdude99
punkrawkdude99 earned 142 total points
ID: 40571861
build a server and put some kind of virtualization product on it... hyper-v/oracle/vmware

take p2v of all the different crap in your environment

add it to to virtualization server.... dont keep it on the same network as production equipment....

patch away.... see what breaks....

i always wait a week after...let all the idiots with automatic updates break stuff first and then let micro$oft put out the patches to fix stuff....
0
 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 71 total points
ID: 40571884
take p2v of all the different crap in your environment

not always effective if there are things like systems running OEM editions of windows

if you already have virtualized systems you can always create a clone on a separate, isolated network and test patches that way

much of the way you approach it depends on your organization and any possible compliance requirements
i once worked at a place that had to adhere to PCI compliance and we deployed patches to test/dev servers immediately then had a schedule in place (managed through WSUS) to patch production before the end of the month.  some servers were scheduled to automatically patch (domain controllers) while others were done manually (exchange, sql, citrix, etc.)
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 71 total points
ID: 40571927
In an ideal environment one would test these new updates in a test lab which would be a duplicate of your existing environment. Unfortunately the majority of us admins simply don't have the time nor resources to do this so I think the best option would be to follow David's advice.

I tend to wait two full weeks before deploying the updates, and even then I only choose to install it on one server to make sure nothing breaks before I deploy it to the other servers over the course of a few days.

I've seen various Office updates break Office in general (mainly on a Terminal Server environment mind you) which is always a pain, especially for my users.
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 71 total points
ID: 40571943
(I may well be repeating what others have said):

Testing depends on your requirements and resources.  Personally, I wait 2-3 weeks before applying patches to servers.  Workstations tend to get them automatically (at least the critical ones).  

If you have the resources, you can start by virtualizing a few test workstations and making sure your LOB apps are installed on them as well as other apps that may be used in your environment.  Then patch away and perform some tests.  Ideally, you would have standardized on a small set of hardware and could have a spare system for each model that can then be patched and tested.

If you don't have those kinds of resources, I would suggest prioritizing machines.  Critical systems (perhaps the CxO systems and the accounting systems) might be patched last while other departments are patched first - if a problem occurs on the other departments, at least you've spared the "more important" folks from potential headaches. (you should consult with your boss and department heads to know who falls into this category).
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40572512
unsubscribed. I am not an idiot.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40574146
Nobody called you an idiot John. Pretty sure punkrawkdude99 was just making a generalized statement in his comment, nowhere did he specifically direct his comment at you. There's no need to be so sensitive.
0
 
LVL 78

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 145 total points
ID: 40574397
i always wait a week after...let all the idiots with automatic updates break stuff first and then let micro$oft put out the patches to fix stuff.... On my personal machines I install updates automatically and have not ever had a problem.. Of the thousands of updates over the years the amount of broken updates is very rare. I do not run any legacy software and always use the latest versions (server/exchange/client/.net, .....) so the odds on something breaking is very rare. I have current backups just in case and having a recent backup has always saved my day when things do go south.  There are some experts with a definite anti-Microsoft bias as there are those with a definite Microsoft bias.

Note there are people still developing/maintaining VB6 and java 6.0 applications that are unwilling to update. I managed to upgrade all of my Dbase4 users a long time ago and haven't looked back. Thank goodness that I had lots of comments in the code and knew where each variable was used and for what.
0
 
LVL 1

Assisted Solution

by:punkrawkdude99
punkrawkdude99 earned 142 total points
ID: 40591875
ive seen well over 40 server crap out due to automatic updates... usually sql or sbs servers...

they arent always save...

workstations are another story...

especially in a corp environment... auto patch those to your hearts content....you should have like hardware and a master image anyhow of those...

bottom line.... if a piece of hardware is valuable and cannot have any downtime...DO NOT AUTO PATCH

wait....if you cant wait make sure you have a bare metal or image backup of the server...
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now