makspogonii - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What's the best way to deploy a Windows service pack?

It's possible to deploy a Windows service pack with either Group Policy or Windows Server Update Services, but our expert says that one is better.

When it comes to Windows service pack deployment, Windows Server Update Services and Group Policies are both viable options. Both mechanisms are included with Windows Server 2012 and higher, and there are no additional costs beyond the normal Microsoft licensing requirements.

As far as whether it is better to use Group Policy or Windows Server Update Services (WSUS), the answer really depends on what you are trying to accomplish. If we're talking strictly about deploying a Windows service pack, then my answer is that it is better to use Group Policy.

It takes some work to get WSUS up and running and to approve a service pack for deployment (while blocking everything else). On the flip side, Group Policy makes it really easy to deliver software -- in this case, a Microsoft service pack -- to the computers on the network.

Now, if the question was whether it is better to use Group Policy or WSUS for general-purpose operating system patch management, then my answer would definitely be different. Group Policy was never designed to act as a patch management mechanism.

It would require a tremendous amount of work to manually download every available patch and then configure Group Policy to deploy those patches. Furthermore, patches need to be deployed in a specific order, and it would be tough to get Group Policy to do that.

WSUS was specifically designed for patch management. It offers the granularity that you would expect of an entry-level patch management system. WSUS even has a built-in reporting engine that allows you to see which patches have been applied. Although it takes some work to get WSUS set up, WSUS will save you a lot of work in the long run if you are trying to deploy more than just a Windows service pack.

Next Steps

How to connect to networks with Windows 8 Group Policy and Active Directory

Remotely refresh Windows 8 Group Policy settings

Beware of often-overlooked WSUS weaknesses

Use Group Policy settings to lock down enterprise desktops

FAQ: Why Group Policy settings matter

Controlling the Windows Control Panel with Group Policy

Dig Deeper on Patches, alerts and critical updates

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What's your preferred method for deploying Microsoft service packs?