asked on

Windows server patch management automation

Hi, I just stepped into a new role after a colleague retired and as part of my duties and responsible for MS patching of all servers (several dozen) in the environment. The previous task owner used WSUS to approve and download Critical and Security patches, and manually updated servers in daily groups with nightly scheduled reboots, a process that spanned a few weeks each month. I'm looking for suggestions on more fully automating the process (approve, download, install, and reboot) on a budget, ideally a $0 budget, to be precise.
TIA for feedback.
Mike

McKnife

I use WSUS and every possible system since wsus is out. Testing patches, as nice as it sounds, is 99,9% in vain (let that be some number very close to 100%). Since several years, we abandoned any testing and switched to fully automatic approval and installation anywhere.

I am not saying "do this", but it is a way of dealing with it and at least I am relieved that I made that decision.

Mike Konopka

ASKER

Thanks for your response McKnife. Can you share anything specific about your automation methods? I'm familiar with configuring WSUS/Windows Update to autodownload/approve/install, but am particularly interested in how others have automated their server reboots in conjunction with applied updates. I'd like the servers to reboot the same night as patches are installed.

ASKER CERTIFIED SOLUTION

McKnife

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Mike Konopka

ASKER

Thanks for the guidance!