Handling patch emergencies

In this tip, I've provided a handful of suggestions to follow when managing patches for your AD domain controllers.

1. Always deploy the same patches on all DCs. DCs should be kept as close to mirror images of each other as possible, at least in terms of the OS configuration. This will help eliminate incompatibilities, lost or corrupted data and replication errors.


2. Don't patch just because Microsoft offers a patch. Every patch needs to be tested in your environment for relevance and reliability. If you don't need it, don't install it. Patches can damage your environment if the install fails to perform perfectly. You don't want to place your DCs at risk if you can avoid it.


3. Test, test, test. You need a lab environment that mimics your production environment as closely as possible. Every patch should be thoroughly tested before deployment on production systems. Make it a rule: If you don't test, don't deploy.


4. Avoid patch emergency response. Establish a time once a week or once a month when you evaluate new patches and queue them for deployment. You could schedule them to coincide with Microsoft's "Patch Tuesday" -- the second Tuesday of every month when new patches are to be rolled out. Even with critical patches, you need to stick to a schedule. Always download, verify, test, test, test, and then deploy. Never skip or skimp on your patch procedures, processes or protocols.


5. Seriously consider using the newly updated Windows Update Services (WUS). It enables you to master your own privately controlled Windows Update site within your own private network. Many of the weaknesses of Software Update Services (SUS) -- the original product -- have been resolved.


6. Document, document, document. Every patch deployed should be researched, so you fully understand it. Then retain that documentation for future reference. Don't assume you'll be able to access it again or even be able to find it again, especially if it is an Internet source. Make your own local copy. Keep records of every patch ever deployed to any system.


7. Never assume a patch rollout was successful -- always test and verify. Every patch deployed onto a DC should be verified immediately. Member servers can be fully checked weekly or bi-monthly; and clients can be checked using a ...
   
   To continue reading for free, register below or login

   Requires Membership to View

   To gain access to this and all member only content, please provide the following information:

   Email Address:
   
   
   

   By joining SearchEnterpriseDesktop.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
   
   TechTarget cares about your privacy. Read our Privacy Policy
   To read more you must become a member of SearchEnterpriseDesktop.com

   As an existing member of the TechTarget network please activate your SearchEnterpriseDesktop.com account 

   By joining SearchEnterpriseDesktop.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
   
   TechTarget cares about your privacy. Read our Privacy Policy
   
   
   

   Digg This!     StumbleUpon     Del.icio.us

   
   
   
   

   RELATED CONTENT Patches, alerts and critical updates Microsoft releases six patches for November Structuring patch management in seven steps Underlying causes of inconsistent patch management Microsoft's Online Desktop Manager caters to small IT shops Microsoft's Patch Tuesday brings a bumper crop of security fixes Act fast with five critical September patches Microsoft's August patches run the gamut Patching third-party browsers adds more work in Windows shops Troubleshooting Microsoft WSUS connectivity issues Windows security tools for the busy desktop administrator Windows desktop security tips The right security tools for finding Windows desktop weaknesses Using BitLocker in Windows 7 20 days to a more secure enterprise Improvements to offline file synchronization in Windows 7 How to get -- and keep -- user support with security Structuring patch management in seven steps Underlying causes of inconsistent patch management Monitoring user activity with network analyzers Microsoft's Patch Tuesday brings a bumper crop of security fixes Using third-party technologies with Microsoft's NAP

   RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary drive-by download  (SearchEnterpriseDesktop.com)

   RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

   
   
   random sample.



8. Keep in mind that your domains are only as reliable and available as you make them. Take advantage of the improvements offered by Microsoft, but don't be ruled by them. Make informed decisions based on your environment and infrastructure. Don't just follow the leader, since the leader is not always in the know about everything!