No announcement yet.

Patching Servers / Desktops

  • Filter
  • Time
  • Show
Clear All
new posts

  • Patching Servers / Desktops

    Iíve just installed WSUS and was wondering if anyone has any recommendations on the frequency when updates should be installed for both servers & desktops? Iíve searched the internet but am unable to find any kind of industry standard of how often updates should be applied.

    Iím thinking on using a script to switch all the PC's on sometime on a Sunday when no one is in the office & then run an auto install - Does anyone have any recommendations on this?

    With servers Iíve set the updates to download automatically, then an Admin would need to manually install & reboot.

  • #2
    Re: Patching Servers / Desktops

    The frequency should be at least monthly, following Microsoft's Patch Tuesday when the big batch (100+ this month) are released.

    I do it weekly for my "own" network, but thats to stay ahead of people I manage patches for and do some testing.

    IMHO, set servers to download patches, then manually install them, so you can make changes if you need to. I appreciate this depends on the number of servers, but I can do 30+ in a few hours.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Re: Patching Servers / Desktops

      I have WSUS configured to install updates every day. However, although our servers are on every day, most of the clients are switched off overnight. I have got everyone in the office to leave their machines switched on Thurs nights and the installation will take place then.

      This allows for the time difference between the UK and the US - patches are not always available on Tues night, so the server has time to get them and a full update is guaranteed by Friday morning.

      Configuring WSUS to install them everyday (at 6am) allows me to leave a PC on any night if I am unable to manually install the patches during the day or if the PC is left off for whatever reason.

      Thurs night is also AV scan night
      A recent poll suggests that 6 out of 7 dwarfs are not happy