To err is human but, to seriously fluck shit up requires the root password.



Thursay afternoons question… Windows Updates for a Domain

Written by Karl L. Gechlik | AskTheAdmin.com on June 21, 2007 – 11:07 am -

update note tipWhats up boys and girls! This question comes to us from Elizabeth in North Carolina. Who knew there were so many female admins? Liz says she has recently added all of her two offices to Active Directory. She migrated them using our ‘workgroup to domain’ technique featured earlier this week here.

Hi Mr. Admin!

How can I get all my computers updating with windows updates and installing
all of the updates with out my intervention? But here is the kicker I need to
also check my servers for necesarry updates but I want to say which ones get
installed. I looked into WSUS but the info is pretty cryptic. Can you help. and
please just dont send me that horrible microsoft KB article.

Elizabeth

So there you go. Who can help our friend Liz become an AskTheAdmin Fan Club Member?

_TheAdmiN_

Check out our RSS feed.
Need Free Tech Support? Ask The Admin a Question
Related Posts

Tags: , ,
Posted in Uncategorized |


2 Responses to “Thursay afternoons question… Windows Updates for a Domain”

  1. By The Slothman on Jun 21, 2007 | Reply

    WSUS is one option, there are other software packages which will do the updates for you. I am unsure of their names and so on but I am sure someone else here will know a few of them.

    With that said, what is the compelling reason to have automatic updates for everyone running?

    I am sure you’re aware of MS’ track record of breaking as much as they fix.

    My personal philosophy is that you don’t do updates unless there is a big one.

    Most of the smaller exploits should be handled by proper firewall techniques you should be OK without doing the updates immediately unless it is a MASSIVE hole.

    With that said, any servers on the public internet should be and you deal with the consequences of a bad patch later.

    However, I do patch…I patch on a schedule, like once every 2-3 months I will auto update everything and take it all. I figure any bugs should have been worked out at that time. Sure it takes more manual intervention, but you can still use WSUS to do that.

    [Click to Reply to This Comment.]

  2. By Karl L. Gechlik on Jun 21, 2007 | Reply

    I take a different aproach but of course we do all know MS horrible patch record.

    I set my Wsus server to download all critical security updates and service packs. But I approve them manually this way I make all my decisions from one console and everything else is automated. I have the client pulling the updates from the net as not to clutter my network. We have plenty of bandwith.

    If there are issues with an update… You start to see stuff on the boards or hear employees complaining almost immediately after patch thursday.

    Then i apply those patches manually to a VMware copy of my desktop. Troubleshoot away and decide what to do.

    What other programs are there out there that do MS updates for you?

    [Click to Reply to This Comment.]

Post a Comment



Visit BEING FIVE www.beingfive.com Copyright by George Sfarnas