This step may seem commonsense -- but you need to do the occasional spot check to make sure patches are being applied.
Several years ago, a good friend of mine spent an absolute fortune on an enterprise-class patch management product, but he didn't completely understand how the software worked. He dutifully checked the product's management console each day to see which patches were being downloaded. However, it wasn't until a major Windows Service Pack was released that he realized his patch management software wasn't actually applying any of the patches it was downloading. The software required an agent to run on each workstation, and my friend had not deployed the agents correctly.
The point is, even if you have been using your patch management software for years and you know exactly how it works, it doesn't hurt to spot check a PC or two just to make sure processes are working the way they should be. You never know when a glitch will cause the patch management system to malfunction, and you really don't want to get caught with your pants down so to speak.
Patch management must-dos
Step 1: Do understand what is being patched
Step 2: Do review patches every day
Step 3: Do make sure patches are actually being applied
Step 4: Do it yourself when necessary
Resource kit: Tips for testing, deploying and fixing patches
|ABOUT THE AUTHOR:|
Brien M. Posey, MCSE, MVP|
Brien M. Posey is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.
Copyright 2005 TechTarget
This was first published in May 2005