What is the best pratice for a Windows patche strategy with K1000?
I'd like to known what is more common used for patche management for Windows Server.
thanks in advance
Daniel.
0 Comments
[ + ] Show comments
Answers (2)
Please log in to answer
Posted by:
trevorhalse
7 years ago
Hi Daniel,
Based on my experience, we stick with the following (company has around 200 Windows 2012/2008 servers),
3 monthly cycle on Impact: Recommended and/or Severity: Lower than critical patches.
Impact: Critical and Severity: Critical/SuperCritical are done in a testing environment as soon as they become available. With a full production roll out during the following week (with the most critical servers being done first).
The first questions that need to be asked is, will we set this and forget it, or take an active roll in looking at the available patches and building the schedules based on that. When you decide on that, its just a matter of making a few labels, setting the schedules and working out how you will snapshot the vms (if virtual) or create a backup if needed on physical machines.
Its funny, scheduling and doing updates is easy, working out what the updates do and affect is the hard part.
Posted by:
buchwieser
7 years ago
Hi Trevor
First of all, I´am sorry to take a long time to give you a answer. We were working on the update process.
Here at the office we want to automate the update process for windows to update critical and security updates. I mean we want to update and reboot the servers automaticaly.
So, looking at the k1000 I have some doubts:
1 How to create the 3 month cycles?
2 What tags do I have to create for critical and security updates?
3 Is there any way to ensure that updates applied to dev environment will be the same in QA and production environments?
4 What is you sugestion to folow and control the process?
For last, to compare, what do you do on your enviroment?
Many Thanks
Daniel