Mark Minasi's Tech Forum
Register Calendar Latest Topics Chat
 
 
 


Reply
  Author   Comment  
nikolas.e

Senior Member
Registered:
Posts: 131
Reply with quote  #1 
Hi Everyone

We distribute Windows Updates in our network using WSUS. I am currently reading from Microsoft site about some updates that currently have issues.

March 2017 Security Updates

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/d130ba8a-afe9-e611-80d7-000d3a32fc99


The question is : Should i decline this updates? Will new updates will superseded this updates that have issues?


Thank You

__________________
Just call me the 1000Questionsguy
0
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 810
Reply with quote  #2 
I can't advise you on what to do with the update. I'd say the same thing to everyone - if your responsible then you test.
All larger WSUS deployments I have done have a vocal test group that are patched up to 3 months ahead of others.
You need to be part of one of those groups and you need to suffer the pains of the bad patches.

__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
nikolas.e

Senior Member
Registered:
Posts: 131
Reply with quote  #3 
Quote:
Originally Posted by wobble_wobble
I can't advise you on what to do with the update. I'd say the same thing to everyone - if your responsible then you test. All larger WSUS deployments I have done have a vocal test group that are patched up to 3 months ahead of others. You need to be part of one of those groups and you need to suffer the pains of the bad patches.


Hello. Thank you for the reply

Currently i have setup  2 Groups. Servers Groups and Computer Groups. Though resources are limited i guess in this case Hyper-V will help create some VMs with different O/S Versions and apply updates for testing. What i do is distribute the updates to this 2 Groups for 1 month (audit event viewer and test the network in general) and then apply to Production servers. 

About the link i have sent i have decided to decline this 2 updates just to be sure it will not cause issues in our environment. Good or bad i cant be sure but i cant risk apply them. Soon April will be here with new patches including the ones of march that work okay.


Thank you

__________________
Just call me the 1000Questionsguy
0
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 810
Reply with quote  #4 
Quote:
Originally Posted by nikolas.e


Hello. Thank you for the reply

Currently i have setup  2 Groups. Servers Groups and Computer Groups. Though resources are limited i guess in this case Hyper-V will help create some VMs with different O/S Versions and apply updates for testing. What i do is distribute the updates to this 2 Groups for 1 month (audit event viewer and test the network in general) and then apply to Production servers. 



Yes, close to the right idea.
Other option is have a WSUS for your computers. Laptop and VM on the laptop, plus anyone else in your IT business. You patch your machines 2 to 5 days after Windows updates are released - automatically and for all updates. If necessary make the WSUS Server public facing and use local policy/ registry setting to apply the updates. ( saying I'm not a member of the domain, I'm an admin etc is not an excuse)
Then on customer sites patch their updates a week after yours. ( you can chain their WSUS from your WSUS.)
Then patch production machines in groups 1 to 5 weeks later. Have odd/ even or 1 to 4 so you only effect 50% to 25% of machines.

Hope that makes sense.



__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.