Windows updating best practice

Microsoft has released updates in the past that introduced new bugs, but there is also the risk that something unique to your environment will cause an unexpected issue.Your organization needs to balance the risks of updates with the risks of doing nothing.

A majority of enterprise customers will use the Deferred Channel for their general end user population; however, IT admins should also use other channels for their pilot and pre-production user groups to create validation, communications, and training processes to ease feature roll outs to their end users.

Each device in the customer’s environment can be a member of a specified channel, which controls feature adoption and code stability.

Have a look at Gael Colas’s awesome introduction to Test-Kitchen and Kitchen-DSC, which will show you how to develop and test your DSC resources easily on your local machine inside Virtual Machines.

As part of this workflow, you will need to use a base virtual machine where you apply your DSC configurations too.

In this example we will create a group policy object (GPO) which applies to all of our Windows computers.

We already have all of our computer objects stored within the same organizational unit (OU) called “Servers” in this example, so this is where we will apply our GPO to.For Exchange Server in particular there are clear reasons to stay up to date: Besides the supported status of those Exchange versions, Office 365 Hybrid configurations require you to maintain your on-premises servers to at least N-1.The word “supported” can mean different things in different scenarios, but for this article it means: Deploying updates carries risk.In this post we will show you how to use group policy to configure computers within an Active Directory domain to perform automatic Windows updates from either the Internet or a WSUS server that you manage.Automating updates will save you a lot of administration time and speed the patching process up in the long run.My view is that you should update, and mitigate the risks through a thorough process of testing, or by using highly available deployments that will not suffer an outage due to an update to a single server.

Tags: , ,