Patching Windows FAQ: Securing desktops as a Windows admin

Admins need to stay abreast of security vulnerabilities and ways to patch them. These tips for patching Windows can help IT assess what needs to be patched and various patch tools.

Patching Windows desktops is one of the most important duties of Windows administrators, and vendors offer a wide array of patch tools to help. Admins need to secure desktops and other devices and stay on top of the Windows patch management process, which doesn't necessarily require an expensive, all-in-one setup.

How can I find out what needs to be patched?

A desktop audit of hardware and common software such as Web browsers is a good place to start. Even if the organization doesn't buy consumer devices, IT should know what mobile devices are being used for work.

How can I stay ahead of potential malware?

Attackers can use diagnostic tools such as the free Metasploit to find and exploit Windows vulnerabilities, so enterprise IT shops should use them before they do.

What's the best way to approach the patching Windows process?

Gaps between network resources and endpoint devices can result in failures during security audits. A methodical approach to patching Windows can help a Windows admin keep up with the increasing number of devices that he needs to patch. Take advantage of slow periods when many workers are out of the office to conduct desktop maintenance.

What should I look for in patch tools?

Many software products include the ability to automatically download and install patches. It's better for bandwidth and IT control, however, to find patch tools that offer extensibility, support multiple vendors and allow for patch removal, among other features.

What patch management options exist beyond Microsoft's products?

Third-party patch tools and free, open source Windows tools can help you fix security flaws beyond Microsoft's monthly patch releases. Since endpoint management tools must increasingly account for various devices, a good one for your environment should include security capabilities.

What are less-obvious ways to deal with desktop security?

In addition to anti-malware products, consider application whitelisting. In addition, you can use Group Policy settings to restrict access to the Control Panel, automate BitLocker to Go and set security settings for virtual desktops.

Is there a one-size-fits-all solution to patching Windows?

No, but that hasn't stopped vendors from developing suites and consoles to handle multiple editions of Windows and for client/server management. Windows Intune is a cloud-based desktop management tool that can help with patching Windows, for example, but it doesn't support mobile devices.

This was first published in June 2012

Dig deeper on Patches, alerts and critical updates

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close