nigelelyons
asked on
Windows Updates on Servers, when is a good time?
Hi,
I'm still fairly new to the World of WSUS and until recently, I've been concentrating on getting the desktops up to date. Now I am starting to focus on servers and I've isolated none-essential servers for testing updates. My question is this - do you have to trawl through each security update individually, read the KB article and do other research before installing? I've heard horror reports of Windows Updates messing up SQL services or some other vital function and I don't want to be responsible for bringing down a crucial server!!
Is there are rule of thumb for installing Windows Updates on servers? Any help would be appreciated!
I'm still fairly new to the World of WSUS and until recently, I've been concentrating on getting the desktops up to date. Now I am starting to focus on servers and I've isolated none-essential servers for testing updates. My question is this - do you have to trawl through each security update individually, read the KB article and do other research before installing? I've heard horror reports of Windows Updates messing up SQL services or some other vital function and I don't want to be responsible for bringing down a crucial server!!
Is there are rule of thumb for installing Windows Updates on servers? Any help would be appreciated!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I recommend to not do the updates right when they come out, but wait a couple of days or so. Botched updates usually get removed or replaced with good ones from the m$ update servers within 2 days, as the problems normally are found pretty quickly. So if you wait for that time you can assume that there are no problems.
Besides, updates often need the servers to be rebooted, so it is a good idea to do that on weekends or at night-time when reboots can be done without most users noticing, and also that you or another server admin is there or can be there at short notice in case there is a problem with rebooting.
Besides, updates often need the servers to be rebooted, so it is a good idea to do that on weekends or at night-time when reboots can be done without most users noticing, and also that you or another server admin is there or can be there at short notice in case there is a problem with rebooting.
ASKER
Thanks everybody for the advice!
The other approach is to have a test machine. In this day and age of VMs, it isn't hard to set one up, but you have to get buy-in on how you are going to test to ensure the patches don't cause any issues.