Routinely patching Windows desktops is a necessary evil and a crucial part of maintaining overall network security. But all too often, both novice and expert administrators find the practice overwhelming.
This guide features tips, news and expert advice on patching Windows desktops, including steps to structure your patch management process, the most recent Microsoft patches and how to manage third-party software.
Table of contents:
Getting started with patching Windows desktops
Structuring patch management in seven steps
As chaotic as patching Windows can be, all IT admins must perform the task regularly to secure enterprise desktops. Having a structured patch plan is just what you need to keep everything under control. Start by finding a way to be notified of security updates -- either by email or visiting vendor websites -- then assess your systems, prioritize patch installations, and download necessary patches.
Microsoft patch management policy
If you're just setting out on the patch journey, you need to familiarize yourself with the basics of patching Windows desktops. First, figure out the order in which to patch systems, as well as your budget for doing so. Also, consider third-party patching tools.
Developing a Windows patch methodology
Microsoft's Patch Tuesday serves as a monthly alert to draw administrator attention to important fixes. If Microsoft ever released patches out of cycle, you'd need a plan. When forming a patch policy, you should ask several questions regarding applications, security, software and more. Here's a checklist of questions to help you start developing a Windows patch policy.
How to improve patching Windows
Underlying causes of inconsistent patch management
Don't assume that your organization is secure. It's possible that your keen eye has overlooked a gap, leaving your system vulnerable to a security breach. Though it's not always easy to exploit missing patches, you should prepare for such an event and know how to avoid inconsistent patch management in the future.
Measuring patch management metrics
How do you know if your patching process is giving you what you want? Unless you take the time to track your results, you can never be sure. To figure out whether your investment in patch software is providing the desired return, examine some major performance indicators, such as speed, impact and quality. By measuring patch metrics, you can gauge how effective your patches are for your organization.
Windows Intune helps strapped IT departments with desktop management
Microsoft's cloud-based desktop management tool can help smaller IT departments or those with limited resources with remote desktop access, patches, antivirus and software updates. However, Windows Intune doesn't support bring your own device shops.
What's up with Microsoft's WSUS?
Many IT pros rely on Microsoft's Windows Server Update Services (WSUS) for patching Windows. SearchEnterpriseDesktop.com got the inside scoop from two Microsoft admins about some of WSUS's capabilities -- for instance, you can use BranchCache for delivering remote updates -- and how to get the most out of the free tool.
Enhancing patch management with NAP
Enabling Automatic Updates and deploying WSUS can be the first steps in patching Windows, but they shouldn't be the last. In order to feel confident that your organization is secure, be aware of missing patches. Network Access Protection (NAP) can help you be proactive and take control of patching Windows desktops.
Third-party patch software for Windows
The pros and cons of third-party patch tools
When trying to choose between Microsoft or third-party patch software, consider both potential benefits and drawbacks. Do the third-party patch tools give you the features you want? Do they give you even more coverage and better feedback? Or do they end up confusing users because of internal inconsistency, or do they just cost too much?
Desktop patch management software features: A checklist
Leaving your system to automatic patch updates is certainly one way of doing things, but it may not be the best, despite its convenience. With the plethora of patch tools available in the market, how do you choose the best one? Consult this patch management checklist to figure out which factors are most important for your organization, such as multivendor support, centralized control and extensibility.
Importance of managing unpatched third-party software
Enterprises often overlook patching third-party software, even though that can leave their systems open to attack. Users can easily click "No, thanks" when prompted to update programs, but this leaves a giant window of opportunity for security breaches. To avoid this, know exactly what you're up against.
Patching non-Microsoft products
IT admins have come to rely on the Patch Tuesday updates for their Microsoft patches, but what about non-Microsoft products? They're just as important and need to be patched just as often. To understand what you need to do when patching third-party software, figure out what needs to be patched, how you can acquire the updates and how you deploy them.
Should you use third-party patching tools to keep Windows 7 secure?
Automatic updates are a convenient way to patch desktops, but you still need to go a step further and make sure the updates are happening when, where and how they're supposed to. Sometimes Microsoft patches aren't the best options, so third-party Windows 7 patch tools can be a good alternative for securing your systems.
After you're done patching Windows
Fixing post-patch problems: Auditing revision levels
Problems can arise if a Windows system wasn't upgraded correctly or it was upgraded to the wrong version. Regardless of the problem's source, it can be fixed, and you have four choices for doing so: in Explorer, through Process Explorer, through an external resource or through a script. Never let post-patch problems deter you from future patch updates.
Patch Tuesday: An after-the-fact checklist
Preparation is crucial for patching Windows desktops, but you also need to be mindful of what goes on after a patch has been applied. Remember changes in general system behavior, system logs and the compatibility of affected programs. It's also a good idea to keep an eye on the news because you may find valuable information that can't wait until next month's Patch Tuesday.
What to do after a security breach
Curing an external breach of security is usually done by undoing the damage and patching affected systems. The method in which you go about patching Windows security breaches could mean the difference between warding off future attacks and leaving your systems open to another one down the road. Find out what exactly happened, do forensics before you patch, and test your results to be sure it won't happen again.