Should I install Windows Optional updates in addition to the Critical?

I am the Exchange admin, responsible for Windows updates. Up until now I've only installed Windows Critical updates, but somebody told me I should be installing some of the OPtional updates. Are there any standards or recommendatinos for Exchange servers?
Scotch TechITAsked:
Who is Participating?
 
MichelangeloConsultantCommented:
Hi Scotch,
Updates other than critical and security should ideally be applied upon specific needs
.
Find here updates classification:
https://support.microsoft.com/en-us/help/824684/description-of-the-standard-terminology-that-is-used-to-describe-micro

Here you can find some (a bit outdated as the New Monthly Rollup concept is mssing) clarification and WSUS specific info:

https://blogs.technet.microsoft.com/dubaisec/2016/01/28/windows-update-categories/

Find here the Description of Software Update Services and Windows Server Update Services changes in content for 2018:
https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in

Basically you should
- On WSUS, select crtical and security classifications on
- On WSUS clients, deselect checkbox to receive optional updates as important
- apply all OS updates received after that
- apply CU/RollUps and subsequent patches such as the one for CU19 Exchange 2013 - yes they ARE important
- review and apply optional updates based upon specific needs: there's no an automated or default way to do that. As a rule of thumb, you can skip them
In case you are proposed an update to .net (which you should not) do check compatibility matrix for exhange:
https://technet.microsoft.com/en-us/library/ff728623(v=exchg.150).aspx

If in doubt, pospone until you get specific info by looking into Microsoft online docs or by opening a support request (which usually is not free).
Hope it helps
0
 
MaheshArchitectCommented:
normally avoid installing dotnet related updates on exchange, it might break shell functionality

Optional updates, as word says optional and can be installed based on specific needs
0
 
Scotch TechITAuthor Commented:
thanks. My thinking is just to install Critical, if we find out later we need an optional we can do it then. Thoughts?
1
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
timgreen7077Exchange EngineerCommented:
I only suggest installing critical and security updates on exchange. I never install the quality or optional updates.
0
 
JohnBusiness Consultant (Owner)Commented:
For Exchange that may be true.

For the Windows Host machine do Critical and Recommended. Sometimes good fixes are there, and we have not had issues doing all updates (Critical and Recommended) on all of our client Server 2012 R2 machines.
0
 
arnoldCommented:
Echo Michelangelo.
Critical and security should be installed.

If you have the option to have a test setup of the environment including in a VM environment, test the optional in the VM validating that they will not have an adverse effect on the system. Or Only apply the optional if what it fixes applies to your environment.

optional also depend on which categories/classifications you selected....... You have to review each optional update and decide whether it should or should not be installed on a case by case basis with the prior suggestions taken into account.
1
 
JohnBusiness Consultant (Owner)Commented:
Your solution was ONE answer but not the only one.
0
 
JohnBusiness Consultant (Owner)Commented:
I suggest:

Accept:  https:#a42525083
Assist:  https:#a 42525451
Assist:  https:#a42525049
Assist:  https:#a42525034
Assist:  https:#a42524971
0
 
MichelangeloConsultantCommented:
I suggest
https://#a42525083
This is the answer I provided and I believe it's the only one which is thorough in answering Original Poster Question, addressing most common issues/concerns when applying OS patches on Exchange Server installations., covering also .NET updates and how to avoid optional updates appear as recommended (and thus avoiding applying them) i.e. providing a guideline on how to start applying patches correctly.

Other comments are generic and subjective and/or not providing any references to product documentation. I mean, it's quite understandable to propose critical and security updates, or to warn users from applying .NET updates. But a comprehensive answer is made of
- a tentative procedure to quickly address the issue
- some context on how to apply the procedure
- documentation to read to deepen the understanding the reader has about the issue

Generally speaking, It's not easy to be so thorough in answering a question - this is a relatively common one, though,  and I have met (and delved into) the issue it raises for my datacenter so I happen to be able to provide a proper answer.
0
 
MaheshArchitectCommented:
@Michelangelo:

OP already knows importance of critical updates
With respect to optional Updates you have elaborated more basically what I said
You have not said anything about updating exchange servers which is the basic question I believe.......?

Your answer is providing general guidelines and hence others are also eligible for points...
0
 
MichelangeloConsultantCommented:
@Mahesh
My answer provides more than general guidelines, while yours do not.
I have explained why I believe my answer is best and other answers do not qualify as assisted.

You wrote
You have not said anything about updating exchange servers which is the basic question I believe.......?

The basic question is
"I am the Exchange admin, responsible for Windows updates. Up until now I've only installed Windows Critical updates, but somebody told me I should be installing some of the Optional updates. Are there any standards or recommendatinos for Exchange servers"
I read this as "I manage an Exchange server and I have installed Critical updates, I wonder if I should install Optional and, anyone knows any caveats in installing patches on Exchange".

You also wrote


You have not said anything about updating exchange servers which is the basic question I believe.......?

I believe I provided an answer to the question: I proposed a guideline for patching an exchange server as a whole (OS and Application)


(...)
- apply CU/RollUps and subsequent patches such as the one for CU19 Exchange 2013 - yes they ARE important
- review and apply optional updates based upon specific needs: there's no an automated or default way to do that. As a rule of thumb, you can skip them
In case you are proposed an update to .net (which you should not) do check compatibility matrix for Exchange:
https://technet.microsoft.com/en-us/library/ff728623(v=exchg.150).aspx
(...)

hence I believe that while I provided a thorough answer to the question, no one did before me or added something to the answer afterwards.
On second thought, I think Arnold's comment adds to the answer by recommending to use a test environment

To sum up:

Best: https://#a42525083
Assisted: https://#a42525451
0
 
MaheshArchitectCommented:
I am not saying that I have provided any general guidelines, I have provided exchange specific and optional update specific info which is actually requested if you reread question and my comment
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.