Tip

Quick tips for easier patching

In this two-part series, SearchWindowsSecurity.com contributor Serdar Yegulalp identifies tools and techniques for easing the pains of patch management. Part one discusses three different tools for automating processes and updating your systems. Part two below offers three techniques to simplify patch processes.


Many consider it a job in itself to keep dozens or hundreds of computers patched with the latest and greatest Microsoft udpates -- and it's not a fun job at that. You can alleviate some of your patching pains with three techniques below, from keeping a pre-patched machine image on hand to selecting the best service pack version. Use these techniques in conjunction with the tools discussed in my previous tip.

Have one authoritative source in your organization for patches
This should be obvious. Don't allow systems in your organization to get their updates from Microsoft Update and your central server and patches distributed by hand or CD or a hybrid of any of the above. Pick a source and a corresponding delivery mechanism and stick with it, whether it's a locally-administered patch server or Microsoft Update itself. Not only does this grant tighter control over what goes into your systems, but it also cuts down on bandwidth usage, especially if you're performing controlled patch management from inside your organization.

Keep a pre-patched machine image on hand
This works best when you have a great deal of consistency among computers in your organization. It helps to have a machine set aside dedicated to being nothing but the "Ur-Computer" -- the system from which all operating systems images will be built. Keep this machine patched and updated, and build a new image from it once a month or so. When it comes time to re-image a machine, you'll have something relatively recent to work from and won't be fumbling to get things up to date.

Use the network installation versions of service packs
The network installation version of a service pack is a complete download in one file. (Click for the network installation version of XP SP2.) As big as it is, it's one less thing to download over and over again, and even if you think you're only patching one system, it may come in handy later. Also, the full distribution of a service pack tends to do a slightly more complete job of patching a system than the incremental version (where individual files are downloaded as needed).

Return to part one for three tools to ease patching pains.


For More Information

  • Learn how to simplify your XP SP2 install
  • Verify that all patches are present
  • View our complete collection of Patch Management Tips.


  • This was first published in November 2004

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.