Quick tips for easier patching

In the conclusion of this two-part series, Serdar Yegulalp offers three basic techniques to make patching dozens or hundreds of computers a less painful process.

In this two-part series, SearchWindowsSecurity.com contributor Serdar Yegulalp identifies tools and techniques

for easing the pains of patch management. Part one discusses three different tools for automating processes and updating your systems. Part two below offers three techniques to simplify patch processes.


Many consider it a job in itself to keep dozens or hundreds of computers patched with the latest and greatest Microsoft udpates -- and it's not a fun job at that. You can alleviate some of your patching pains with three techniques below, from keeping a pre-patched machine image on hand to selecting the best service pack version. Use these techniques in conjunction with the tools discussed in my previous tip.

Have one authoritative source in your organization for patches
This should be obvious. Don't allow systems in your organization to get their updates from Microsoft Update and your central server and patches distributed by hand or CD or a hybrid of any of the above. Pick a source and a corresponding delivery mechanism and stick with it, whether it's a locally-administered patch server or Microsoft Update itself. Not only does this grant tighter control over what goes into your systems, but it also cuts down on bandwidth usage, especially if you're performing controlled patch management from inside your organization.

Keep a pre-patched machine image on hand
This works best when you have a great deal of consistency among computers in your organization. It helps to have a machine set aside dedicated to being nothing but the "Ur-Computer" -- the system from which all operating systems images will be built. Keep this machine patched and updated, and build a new image from it once a month or so. When it comes time to re-image a machine, you'll have something relatively recent to work from and won't be fumbling to get things up to date.

Use the network installation versions of service packs
The network installation version of a service pack is a complete download in one file. (Click for the network installation version of XP SP2.) As big as it is, it's one less thing to download over and over again, and even if you think you're only patching one system, it may come in handy later. Also, the full distribution of a service pack tends to do a slightly more complete job of patching a system than the incremental version (where individual files are downloaded as needed).

Return to part one for three tools to ease patching pains.


For More Information

  • Learn how to simplify your XP SP2 install
  • Verify that all patches are present
  • View our complete collection of Patch Management Tips.


  • This was first published in November 2004

    Dig deeper on Patches, alerts and critical updates

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchVirtualDesktop

    SearchWindowsServer

    SearchExchange

    Close