![]() Install those patches that are necessary - implemented by building a target group in WSUS and approving the update for installation to that target group.Needed on a system is a decision that a patch administrator must make based upon what the identified defect is, what the patch remediates, what the potential side effects of the patch might be, and what the risk factors for not applying Identify patches that are needed - this is the HUMAN portion of the process.Identify patches that are applicable - review the associated MSRC bulletins and KB articles, and note the computer systems that report updates as NotInstalled (vs NotApplicable or Installed).Identify patches that are available - review the synchronization logs, update lists, and KB894199.The operation of WSUS is fully compliant and compatible with that philosphy of operation. install only those patches that are necessary.The fundamental princple of patch management - dating all the way back to mainframes and minicomputers of the 1960s: The functionality of WSUS was based on several years of actual patch managment practices - practices that long pre-date the existence of Automatic Updates or Windows Update. I suspect the "presumptions" are yours, not Microsoft's. I think they should work on improving this. Microsoft should consider these variables. Yes it would be nice to receive critical updates as soon as they come out, but that is not practical for everyone. Where if you just schedule groups of servers at a time, if a bad update gets released, it's easier to fix if it hasn't affected all your machines yet. In a scenario where you have many servers, IMO you don't want to schedule the updates close to one another since one update can potentially You shouldn't be required to approve critical updates. Principal/CTO, Onsite Technology Solutions, Houston, Texas Microsoft MVP - Software Distribution (2005-2011)īest practice isn't always practical. Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA Why you want to schedule updates once-per-month? This is not typical "best practice" in the realm of patch management. Perhaps part of the conversation here should be an evaluation and understanding of To have a scheduled installation date on the 20th of the month, if a critical update (or a zero-day security exploit fix) was released on the 22nd! The presumption with scheduled installations is that you want updates installed as soon as possible after they are available. ![]() If you don't approve updates multiple times per month, there will be no updates for the client systems to install.īut, to your specific question - there is no way to schedule updates on a monthly installation basis. then the client systems will only get *one* opportunity each month to install those updates. Well, if you only approve them once a month. Any way to schedule updates once a month?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |