Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Patching Windows Servers

  • 30-07-2008 8:25am
    #1
    Registered Users, Registered Users 2 Posts: 440 ✭✭


    Hi All

    A few servers which were previously looked after by another firm are coming under my control which means I also have to take over the patching of them..

    They are windows servers running Win 2k3. Can anyone tell me the best way to go about patching these regularly and how often etc it should be done?

    I dont have a test server or anything.

    Thanks in advance for any replies.


Comments

  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    Depends on how critical the servers are and what kind of uptime is required. What are you doing for your existing servers?

    I would say initially that you should define a baseline - a minimum level to which the servers should be patched. Most places are stable on at least SP1 at this point.

    If you're not too concerned about testing and testing and testing - i.e. It's OK if the server fails for an hour while you remove an errant patch - then something like WSUS will be fine. You approve the various patches and the servers download and install them automatically on a schedule.

    If the servers have a high uptime, then any process except a test server is running the risk of an errant patch bringing the machine down.


  • Registered Users, Registered Users 2 Posts: 440 ✭✭djd80


    Thanks for the reply.

    i dont do anything at the moment because the servers are patched by the IT OPS team in a different county. Now this team is being disbanded and the servers will become my responsibility.

    Initially there will 9 servers, all of which are live servers and any downtime would be after 11pm so it's pretty vital I dont reboot.

    Do you think the only way to do this properly is to have a test server and installing the patches there first?


  • Registered Users, Registered Users 2 Posts: 170 ✭✭joe_elway


    It sounds like you're pretty new to this world. With 9 servers (and I'm guessing lots of PC's?) you should look at automation, e.g. WSUS 3.0. Have a read of this: http://cid-2095eac3772c41db.skydrive.live.com/self.aspx/Public/WSUS3.0.pdf

    A test lab is the best way forward. I'd suggest you run it on some form of free virtualisation. It'll require that you have licenses for your test platform. I'd recommend TechNet. That's an economic way to set up a test platform. 1 TechNet license will cover 1 person to use the lab.

    I prefer to roll out updates to the lab during the day. For production, I prefer early Saturday morning. That gives me lots of time to recover before Monday if something was to go wrong.

    Remember that if an update requires a reboot you must reboot for that update to be applied.


Advertisement