No announcement yet.

Patching in production environment?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Patching in production environment?


    Iím trying to devise a server patching strategy for our production environment (located at data center) and Iím looking for advice on how to deploy Microsoft security updates regularly and easily.

    We have the standard DMZ with 20+ Windows 2008 Web servers of identical setup in workgroup (no domain) and without internet access. There also a Private side that has active directory and Microsoft SQL servers.

    Iím aware of WSUS from Microsoft but since most servers aren't in a domain it seems a little complex to setup. Is there any easy way to scan, download updates and package them to be installed onto each web server? I donít mind having to install package onto each server locally.

    I looked at MBSA which seems to handle the scanning part. Is there a way to package the updates up to send to the server?

    Any suggestions are welcomed. Thanks.

  • #2
    Re: Patching in production environment?

    Download and configure WSUS.


    • #3
      Re: Patching in production environment?

      There are third party tools that you can purchase to deploy, but WSUS is free and does a great job. If the computers are not in the domain, you can still use WSUS by adding a registry edit or modify the local policy on those target computers. It's really not a big deal. As far as a strategy, you should develop a schedule where after the updates are available, you review them, patch a few "control" systems, test, then deploy to the remainder. Repeat following month.
      JM @ IT Training & Consulting