Windows server patch management automation

Hi, I just stepped into a new role after a colleague retired and as part of my duties and responsible for MS patching of all servers (several dozen) in the environment. The previous task owner used WSUS to approve and download Critical and Security patches, and manually updated servers in daily groups with nightly scheduled reboots, a process that spanned a few weeks each month. I'm looking for suggestions on more fully automating the process (approve, download, install, and reboot) on a budget, ideally a $0 budget, to be precise.
TIA for feedback.
Mike
Mike KonopkaServer AdminAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
I use WSUS and every possible system since wsus is out. Testing patches, as nice as it sounds, is 99,9% in vain (let that be some number very close to 100%). Since several years, we abandoned any testing and switched to fully automatic approval and installation anywhere.

I am not saying "do this", but it is a way of dealing with it and at least I am relieved that I made that decision.
0
Mike KonopkaServer AdminAuthor Commented:
Thanks for your response McKnife. Can you share anything specific about your automation methods? I'm familiar with configuring WSUS/Windows Update to autodownload/approve/install, but am particularly interested in how others have automated their server reboots in conjunction with applied updates. I'd like the servers to reboot the same night as patches are installed.
0
McKnifeCommented:
Use the GPOs, they have explanatory text.
You let them detect at the interval you like (default is 22 hours, if I am not mistaken) and then simply have them install and reboot. That configuration is only obvious. Please look at the GPOs and come back if you don't understand certain things and name those.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mike KonopkaServer AdminAuthor Commented:
Thanks for the guidance!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
WSUS

From novice to tech pro — start learning today.