Is there a better way to manage patches and hotfixes?
How is a system administrator supposed to maintain patches, security and otherwise, on 50 servers? Please don't tell me to use MS System Update -- it is at best a starting point. Invariably, it tells me I need patches I can verify that I do not need, and of course it does little for non-security hotfixes. The best product I've found is Update Expert, but it is not complete and does not, as of yet, cover Windows 2003. Any help is appreciated. By the way, when some MS reps visited us, we posed this question to them -- they said MS is working on a "better" solution -- ;)!
Have you tried Software Update Services (SUS)? It's a free server app that lets you download patches once, approve them and point each client to the SUS server. No, its not perfect. However, as you say, you must start somewhere. If you like Update Expert, but it doesn't fulfill all your needs, then ask the developers if what you need is forthcoming. (Although a patch is now out for Windows Server 2003, there were none at the time you wrote this question.) Another alternative is Systems Management Server (SMS), which is usually recommended for organizations with 500+ systems. You say you have 50 servers -- but you don't mention how many desktops. You should also download the new patching guide
This was first published in July 2003