I am trying to formalize our server update procedures. Since the existing procedure was not created recently, I would like to bring it to date.
We have a WSUS server, and I was thinking of using Group Policy for deployment. (right now, we are using SolarWinds patch manager, and manually pushing the patches every week)
I am only including Microsoft Windows Server and SQL Server updates, and we have test server group we can use first before rolling out to production.
I would like to know what would be the more recent best practices for:
1. How long I should wait to deploy the patch after it comes out. (Unless it is Zero-day security category)
2. How should I track the success/failure rate, besides going through WSUS app report on the WSUS server.
3. What should be the Automatic Approval policy? Always with Critical patches?
4. Is there a better way rather than using GPO?
Please advise. Thank you.