Standard_ITParticipantSep 20, 2018 at 6:40 am #167720
Hello Petri People,
I am in some need of help to be more efficient when updating Machines on our network. Our company has grown from about 15 workstations and 5 servers, to about 100 workstations and 25 servers. For a long time, I did everything myself, but due to the growth, we hired a helper for me. I am a huge fan of KISS – Keep It Simple Stupid – I basically just used an excel sheet to keep track, and simply went to every computer every month. This with my help desk responsibilities kept me busy and the bosses happy. This worked very well, until it became overwhelming, which was when we hired help. We have continued to grow, and we are at the point where we can’t keep up again. I find myself working many nights just to try to keep up. Short term, not a problem, but I need to find a better way!
For Servers, I still think the best way is manually. We only have a few that cant be maintained during work hours, so we have a scheduled Sunday morning maintenance that gets done. With 4 weeks in the month, this is not a problem to get all the servers maintained. I work less than 4 hours on those Sunday mornings, and I get it all done without having to rush like a madman. We do have monitoring on our servers, so I am aware if anything goes down. To be honest, I don’t see an issue here, but please, if you have some input on improving efficiency, please voice it!
My roles and responsibilities go a bit beyond just IT, so I would like to be in charge of handling those responsibilities, the server maintenance, and network security. We have a 3rd party audit annually that we are still working on making improvements. I never feel like I am spending enough time on this, which is a main reason for coming here today! The problem is, my helper cannot possibly keep up with all those workstations. Which is why i have been needing to log in at night and catch up. We split help desk responsibilities as well. There is simply too many issues that pop up, and too many workstations to maintain.
For our workstations, we are to login, run windows updates (reboot if necessary), Update Java, Update Adobe. For the most part this is all we do. There are a few workstations with special software that needs to be updated from time to time, but for the most part, we can perform those upon request.
First question I want to ask… Is this necessary? Windows, Java, Adobe? Maybe we could get away with only Windows updates? What are some of your thoughts on this? Maybe roll out Java updates when they come out instead of constantly checking them monthly? Adobe pretty much updates itself – would i be safe if I simply took that off the radar? I’m afraid I am opening up to security flaws if I don’t keep those up to date all the time.
Second: Is this not enough? Is there more to the maintenance that I am not covering? This is strictly in the computer, not the physical area and/or cleaning. We do take care of that as well (as needed)
Third – and the real question/purpose of this post: How can I automate this? Maybe even just monitor it? So we are more efficiently doing it manually? But I haven’t found a software to monitor Windows versions, Java Versions or Adobe Versions? I have read so much about programs like solar winds that it has started to make my head spin. I still don’t think it does what I am asking for.
Please help me! :)
All advice and tips are welcome and appreciated
BloodModeratorSep 20, 2018 at 9:05 am #337418
For Windows Updates install the WSUS Role on one of your servers. Note: Choose one that has bags of free disk space.Sep 20, 2018 at 4:13 pm #245824
^^ THIS ^^
Sunday morning maintenance is something i stopped many many years ago. Schedule your reboot window for the Sunday if you so wish. Remember that updates are released once per month, first Tuesday of the month, so aim for the Sunday after that to get your updates and push out to the servers.
For your workstations you can leverage WSUS to install those pesky Java, Adobe updates using something like WSUS Publisher (I think thats what its called)
You do realise that Flash Player has been part of Windows since Windows 8 so i’m assuming that you are either using Chrome and need flash or Windows 7?
OssianModeratorSep 21, 2018 at 2:33 am #192125
Agree re WSUS, but Wullie, isn’t Patch Tuesday (sorry, Update Tuesday) the SECOND Tuesday of the month?
BloodModeratorSep 21, 2018 at 3:17 am #337421
I think that the second Tuesday cycle became redundant some time ago. Microsoft have been releasing updates as needed. For example, WSUS picked up several Preview updates today (and which I promptly declined).
joeqwertyModeratorSep 21, 2018 at 8:37 am #304641
Ditto on using WSUS. As for third party application updates, yes you should be updating them. Third party applications are an oft-used attack vector. You can use something like Ninite Pro to automate these updates. You should be able to eliminate most, if not all, of the manual updating that you’re doing by using WSUS and Ninite Pro.
biggles77SpectatorSep 22, 2018 at 9:59 pm #245826Ossian;n518270 wrote:Agree re WSUS, but Wullie, isn’t Patch Tuesday (sorry, Update Tuesday) the SECOND Tuesday of the month?
Yeah you could be right Tom. I just check regularly lol.
prakash123MemberSep 24, 2018 at 6:27 am #388089
Thanks for all the feedback everyone!
I think I have had a lot of success with advice from you guys and also a post i posted on Reddit!
I think I am going to go with Lansweeper. It scans the network, organizes assets, has a helpdesk module – which we are in dire need of. Lansweeper Deploy allows you to push all the many updates. Looking forward to learning more though. PDQ is a bit more robust but also more expensive. That doesn’t have a scanner like the Lansweeper. Cant wait to get my hands on it but I have a lot to learn!
You must be logged in to reply to this topic.