?
Solved

How do I test patches ?

Posted on 2015-01-26
11
Medium Priority
?
44 Views
Last Modified: 2016-06-18
Lets say I deploy the monthly patches from Microsoft to some servers or desktops.

Before I deploy them should I be testing them? if so can somebody on this forum please provide details on what method or strategy they are using to deploy patches in there organisation or company.

Or do we just trust Microsoft to NOT deliver botched up and buggy patches?

please advise.
0
Comment
Question by:Ikky786
  • 2
  • 2
  • 2
  • +3
10 Comments
 
LVL 84

Accepted Solution

by:
David Johnson, CD, MVP earned 580 total points
ID: 40571713
approve them after a week. or have a test environment and approve for this environment only.. test if everything works ok then approve ..

if there is a botched update it will be highly reported on the web.
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 40571819
Yes.  Also, on a properly set up machine, there have not been that many issues. I am fully up to date on Windows 7, Windows 8.1 and Windows 10 and no issues to speak of.
0
 
LVL 1

Assisted Solution

by:punkrawkdude99
punkrawkdude99 earned 568 total points
ID: 40571861
build a server and put some kind of virtualization product on it... hyper-v/oracle/vmware

take p2v of all the different crap in your environment

add it to to virtualization server.... dont keep it on the same network as production equipment....

patch away.... see what breaks....

i always wait a week after...let all the idiots with automatic updates break stuff first and then let micro$oft put out the patches to fix stuff....
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 36

Assisted Solution

by:Seth Simmons
Seth Simmons earned 284 total points
ID: 40571884
take p2v of all the different crap in your environment

not always effective if there are things like systems running OEM editions of windows

if you already have virtualized systems you can always create a clone on a separate, isolated network and test patches that way

much of the way you approach it depends on your organization and any possible compliance requirements
i once worked at a place that had to adhere to PCI compliance and we deployed patches to test/dev servers immediately then had a schedule in place (managed through WSUS) to patch production before the end of the month.  some servers were scheduled to automatically patch (domain controllers) while others were done manually (exchange, sql, citrix, etc.)
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 284 total points
ID: 40571927
In an ideal environment one would test these new updates in a test lab which would be a duplicate of your existing environment. Unfortunately the majority of us admins simply don't have the time nor resources to do this so I think the best option would be to follow David's advice.

I tend to wait two full weeks before deploying the updates, and even then I only choose to install it on one server to make sure nothing breaks before I deploy it to the other servers over the course of a few days.

I've seen various Office updates break Office in general (mainly on a Terminal Server environment mind you) which is always a pain, especially for my users.
0
 
LVL 97

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 284 total points
ID: 40571943
(I may well be repeating what others have said):

Testing depends on your requirements and resources.  Personally, I wait 2-3 weeks before applying patches to servers.  Workstations tend to get them automatically (at least the critical ones).  

If you have the resources, you can start by virtualizing a few test workstations and making sure your LOB apps are installed on them as well as other apps that may be used in your environment.  Then patch away and perform some tests.  Ideally, you would have standardized on a small set of hardware and could have a spare system for each model that can then be patched and tested.

If you don't have those kinds of resources, I would suggest prioritizing machines.  Critical systems (perhaps the CxO systems and the accounting systems) might be patched last while other departments are patched first - if a problem occurs on the other departments, at least you've spared the "more important" folks from potential headaches. (you should consult with your boss and department heads to know who falls into this category).
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 40572512
unsubscribed. I am not an idiot.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40574146
Nobody called you an idiot John. Pretty sure punkrawkdude99 was just making a generalized statement in his comment, nowhere did he specifically direct his comment at you. There's no need to be so sensitive.
0
 
LVL 84

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 580 total points
ID: 40574397
i always wait a week after...let all the idiots with automatic updates break stuff first and then let micro$oft put out the patches to fix stuff.... On my personal machines I install updates automatically and have not ever had a problem.. Of the thousands of updates over the years the amount of broken updates is very rare. I do not run any legacy software and always use the latest versions (server/exchange/client/.net, .....) so the odds on something breaking is very rare. I have current backups just in case and having a recent backup has always saved my day when things do go south.  There are some experts with a definite anti-Microsoft bias as there are those with a definite Microsoft bias.

Note there are people still developing/maintaining VB6 and java 6.0 applications that are unwilling to update. I managed to upgrade all of my Dbase4 users a long time ago and haven't looked back. Thank goodness that I had lots of comments in the code and knew where each variable was used and for what.
0
 
LVL 1

Assisted Solution

by:punkrawkdude99
punkrawkdude99 earned 568 total points
ID: 40591875
ive seen well over 40 server crap out due to automatic updates... usually sql or sbs servers...

they arent always save...

workstations are another story...

especially in a corp environment... auto patch those to your hearts content....you should have like hardware and a master image anyhow of those...

bottom line.... if a piece of hardware is valuable and cannot have any downtime...DO NOT AUTO PATCH

wait....if you cant wait make sure you have a bare metal or image backup of the server...
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question