?
Solved

How do I test patches ?

Posted on 2015-01-26
11
Medium Priority
?
41 Views
Last Modified: 2016-06-18
Lets say I deploy the monthly patches from Microsoft to some servers or desktops.

Before I deploy them should I be testing them? if so can somebody on this forum please provide details on what method or strategy they are using to deploy patches in there organisation or company.

Or do we just trust Microsoft to NOT deliver botched up and buggy patches?

please advise.
0
Comment
Question by:Ikky786
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +3
11 Comments
 
LVL 82

Accepted Solution

by:
David Johnson, CD, MVP earned 580 total points
ID: 40571713
approve them after a week. or have a test environment and approve for this environment only.. test if everything works ok then approve ..

if there is a botched update it will be highly reported on the web.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 40571819
Yes.  Also, on a properly set up machine, there have not been that many issues. I am fully up to date on Windows 7, Windows 8.1 and Windows 10 and no issues to speak of.
0
 
LVL 1

Assisted Solution

by:punkrawkdude99
punkrawkdude99 earned 568 total points
ID: 40571861
build a server and put some kind of virtualization product on it... hyper-v/oracle/vmware

take p2v of all the different crap in your environment

add it to to virtualization server.... dont keep it on the same network as production equipment....

patch away.... see what breaks....

i always wait a week after...let all the idiots with automatic updates break stuff first and then let micro$oft put out the patches to fix stuff....
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 284 total points
ID: 40571884
take p2v of all the different crap in your environment

not always effective if there are things like systems running OEM editions of windows

if you already have virtualized systems you can always create a clone on a separate, isolated network and test patches that way

much of the way you approach it depends on your organization and any possible compliance requirements
i once worked at a place that had to adhere to PCI compliance and we deployed patches to test/dev servers immediately then had a schedule in place (managed through WSUS) to patch production before the end of the month.  some servers were scheduled to automatically patch (domain controllers) while others were done manually (exchange, sql, citrix, etc.)
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 284 total points
ID: 40571927
In an ideal environment one would test these new updates in a test lab which would be a duplicate of your existing environment. Unfortunately the majority of us admins simply don't have the time nor resources to do this so I think the best option would be to follow David's advice.

I tend to wait two full weeks before deploying the updates, and even then I only choose to install it on one server to make sure nothing breaks before I deploy it to the other servers over the course of a few days.

I've seen various Office updates break Office in general (mainly on a Terminal Server environment mind you) which is always a pain, especially for my users.
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 284 total points
ID: 40571943
(I may well be repeating what others have said):

Testing depends on your requirements and resources.  Personally, I wait 2-3 weeks before applying patches to servers.  Workstations tend to get them automatically (at least the critical ones).  

If you have the resources, you can start by virtualizing a few test workstations and making sure your LOB apps are installed on them as well as other apps that may be used in your environment.  Then patch away and perform some tests.  Ideally, you would have standardized on a small set of hardware and could have a spare system for each model that can then be patched and tested.

If you don't have those kinds of resources, I would suggest prioritizing machines.  Critical systems (perhaps the CxO systems and the accounting systems) might be patched last while other departments are patched first - if a problem occurs on the other departments, at least you've spared the "more important" folks from potential headaches. (you should consult with your boss and department heads to know who falls into this category).
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 40572512
unsubscribed. I am not an idiot.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40574146
Nobody called you an idiot John. Pretty sure punkrawkdude99 was just making a generalized statement in his comment, nowhere did he specifically direct his comment at you. There's no need to be so sensitive.
0
 
LVL 82

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 580 total points
ID: 40574397
i always wait a week after...let all the idiots with automatic updates break stuff first and then let micro$oft put out the patches to fix stuff.... On my personal machines I install updates automatically and have not ever had a problem.. Of the thousands of updates over the years the amount of broken updates is very rare. I do not run any legacy software and always use the latest versions (server/exchange/client/.net, .....) so the odds on something breaking is very rare. I have current backups just in case and having a recent backup has always saved my day when things do go south.  There are some experts with a definite anti-Microsoft bias as there are those with a definite Microsoft bias.

Note there are people still developing/maintaining VB6 and java 6.0 applications that are unwilling to update. I managed to upgrade all of my Dbase4 users a long time ago and haven't looked back. Thank goodness that I had lots of comments in the code and knew where each variable was used and for what.
0
 
LVL 1

Assisted Solution

by:punkrawkdude99
punkrawkdude99 earned 568 total points
ID: 40591875
ive seen well over 40 server crap out due to automatic updates... usually sql or sbs servers...

they arent always save...

workstations are another story...

especially in a corp environment... auto patch those to your hearts content....you should have like hardware and a master image anyhow of those...

bottom line.... if a piece of hardware is valuable and cannot have any downtime...DO NOT AUTO PATCH

wait....if you cant wait make sure you have a bare metal or image backup of the server...
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
In this modest contribution, I want to share with the IT community (especially system administrators, IT Support Engineers and IT Help Desks) about Windows crashes/hangs and how to deal with these particular problems.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question