Re: Auto-Updates for production servers

I've tried to take this up with management, but it's the old 'buddy system',
and I am new. We have entrenched management and network guys who are so
stale in their knowledge that they are out of touch with reality.
Unfortunately the 'new guy' carries no weight. That's why I'm hoping to find
a statement that I can forward to them.

"SBS Rocker" wrote:

I'm with you for all the reasons you have stated. It is best practice to
update your servers on a frequent basis but it is not best practice to have
them automatically updated. there are a lot of updates that may not even
apply to your environment then there are others that will reboot your server
thus causing great inconvenience as you have experienced. Personally myself
I prefer to push my updates on a weekly basis. I usually do this on a Friday
evening in case a reboot is required so I don't disrupt "production". You do
not need an official document or staement from MS. the disruption and loss
of work you have suffered should be the proof in the pudding. I would take
this up with their supervisor or manager.


"Brian Kitt" <BrianKitt@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FB252A39-79A5-4522-9113-71C1A1303DBB@xxxxxxxxxxxxxxxx
Hello.
I am a developer, and have been having an ongoing battle with our Network
Admins, and would like advice here.

They have Microsoft Windows Auto-Updates turned on for all production
servers. This has caused numerous problems, because patches get applied,
then cause servers to reboot, or other miscellaneous problems.

I keep trying to tell them it is not a 'best practice' to have
auto-updates
on for production servers, but rather they should push them out with admin
tools on a regular scheduled basis. They assure me they 'know what they
are
doing', and auto updates 'are required to prevent viruses and hackers'.
They
have assured me that Microsoft strongly recommends auto updates for all
production servers.

The amount of problems alone this has causes ought to be proof enough this
is a bad idea, but can anyone point me to 'official' statements from
Microsoft as to 'auto-updates' for production servers? I am having
trouble
finding an official statement from Microsoft either way.



.

Relevant Pages

  • Re: Auto-Updates for production servers
    ... scheduled Automatic Updates installation". ... the servers up to date. ... the 'you need to reboot your server now' ... production servers. ...
    (microsoft.public.windows.server.general)
  • Re: Auto-Updates for production servers
    ... update your servers on a frequent basis but it is not best practice to have ... I prefer to push my updates on a weekly basis. ... on for production servers, but rather they should push them out with admin ...
    (microsoft.public.windows.server.general)
  • Re: Auto-Updates for production servers
    ... His issues are with servers being updated ... Why not propose they schedule their auto updates say like every evening at ... the 'you need to reboot your server ... production servers. ...
    (microsoft.public.windows.server.general)
  • RE: Betr.: Re: MS Patches Management software: SUS vs 3rd party
    ... We are also currently looking at a solution for updating our clients and servers. ... The major drawback is that if a new unpatched client connects to it, it retrieves all patches at once. ... There is no management in SUS, ... >The Presidio integrates PGP data encryption and XML Web Services security to ...
    (Security-Basics)
  • Re: Betr.: Re: MS Patches Management software: SUS vs 3rd party
    ... > it retrieves all patches at once. ... There is no management in SUS, ... > If they are planning to include the Windows NT 4.0 servers for the ... >> simplify the management and deployment of PGP and reduce overall PGP ...
    (Security-Basics)