Professional Documents
Culture Documents
company
Windows
• Subscribe
• Report
• Translate
18
Track users' IT needs, easily, and with only the features you need.
Learn More »
Get answers from your peers along with millions of IT pros who visit Spiceworks.
Join Now
• prev
• 1
• 2
• 3
• next
61 Replies
···
Chipotle
OP
Run them through Microsoft update with every computer set to download during the lunch
break, the hard part is getting laptop users not to ignore the big message saying don't turn me off
whilst updating. We've had a fair few laptops lose hard drives through this action, but not as
many as we have had screen being shattered by pens and slamming.
• Spice
(0)
• Reply
•
•
···
Thai Pepper
OP
Fought to own the project to deploy WSUS, with one slightly successful deployment in the last
year. Now I own SCCM 2012, so basically SCCM controls WSUS to deploy updates. its slick!!
Was this post helpful? Thanks for your feedback!
• Spice
(0)
• Reply
•
•
···
Serrano
OP
We used to use a WSUS server to patch all Microsoft applications but have since moved to the
cloud-based VMware Go solution (previously IT.Shavlik) that now handles scanning and patch
management for Microsoft + just about every 3rd party app out there. I'd been looking for
something like this for a long time, having tested tons of other solutions out there along the way
that always seemed to come up short in one way or another. But Vmware Go works amazingly
well and it's cheap.
• Spice
(0)
• Reply
•
•
···
Thai Pepper
OP
Workstations download and install automatically while our servers download but require a
manual install.
• Spice
(0)
• Reply
•
•
···
Serrano
OP
I just discovered a very lightweight very inexpensive program called BatchPatch. IMHO much
better than WSUS alone.
They're a vendor on here but I can't find their page for some reason. They're on the web at
www.batchpatch.com.
You can download a free trial(limited to 7 machines at a push) Give them a look.
• Spice
(2)
• Reply
•
•
···
Pimiento
OP
Years ago I used Update Expert to "push" patches to the computers. They can be a scheduled
push too. WSUS is a pull method of updating.
Mike D
• Spice
(0)
• Reply
•
•
···
Serrano
OP
• Spice
(1)
• Reply
•
•
···
Habanero
OP
I was going to make a joke about the best way to handle updates is to never do them, but I
couldn't get the punch line to work right.
• Spice
(0)
• Reply
•
•
···
Serrano
OP
Unfortunately our Windows updates are handled by a mysterious higher-level admin team, who
set our updates to run after hours. I use iTALC to fire up our computers remotely, then run a
scheduled shutdown a several hours later. If it were up to me I would use WSUS.
• Spice
(0)
• Reply
•
•
···
Poblano
OP
nicolas9341 Sep 18, 2012 at 9:56 AM
Guys,
• Spice
(0)
• Reply
•
•
···
Chipotle
OP
We are also using WSUS. We usually review them once every few week or once a month. Then
when we approve them on the WSUS server, they are pushed to the clients and installed after
hours. We control the reboot behavior through GPs.
One thing that we do to save time on reviewing them, is watching the Shavlik webinars. They go
through each of the updates the week after they are released.
http://www.shavlik.com/webinars/shavlik-video/resources.aspx
http://www.patchmanagement.org/
(0)
• Reply
•
•
···
Cayenne
OP
I used to use WSUS but it made it very hard to keep the 3rd party software updated.
Now we use LanGuard from GFI. Great product and very affordable. It pushed all the
Microsoft update as well as 3rd party one that are very important like Acrobat and Flash. It is
even configured to remove software that is not on the approved list like older AutoCAD
versions. Very nice product with a lot of features.
http://www.gfi.com/network-security-vulnerability-scanner/
• Spice
(0)
• Reply
•
•
···
Thai Pepper
OP
Workstations with WSUS, servers is a mix, but most of the servers are done manually since their
operation is too critical to let them do it automatically.
• Spice
(0)
• Reply
•
•
···
Serrano
OP
• Spice
(0)
• Reply
•
•
···
Jalapeno
OP
I love batchpatch.
WSUS for PC's via GPO is simple. but for servers you often need that manual
touch. batchpatch makes server patching via WSUS a lot easier.
• Spice
(1)
• Reply
•
•
···
Poblano
OP
Douglas_ Sep 18, 2012 at 5:43 PM
Here we use a potent combination of WSUS for Microsoft updates and Secunia for Flash,
Reader, and Java et al. WSUS is free and does the job so would highly recommend it. Servers are
updated manually
Be sure to setup testing groups and keep clear logs on the updates you install approve for
installation - in case one breaks something and you need to uninstall it. The best advice I can
give is to subscribe to a good patch management mailing list as this will allow you to have a
heads up on updates which cause issues upon deployment.
• Spice
(0)
• Reply
•
•
···
Habanero
OP
BizDPS Sep 18, 2012 at 5:44 PM
We use Windows Intune. It works very much like WSUS, except is hosted and works wherever
the client computer has an Internet connection.
• Spice
(0)
• Reply
•
•
···
Thai Pepper
OP
We basically leverage Scheduled Tasks for remotely handling updates on demand. I can force
all workstations to gpupdate and reboot with the click of a mouse. Another click and I force all
workstations to immediately check for updates, install them while automatically accepting
EULA, and then reboot. We have the same thing set up for our servers.
• Spice
(0)
• Reply
•
•
···
Habanero
OP
WSUS
Ditto here, except that our policy is to install immediately to a test group and monitor the web
and newsletters for update issues over the next month. Then push to workstations and
servers. Workstations install at shutdown per GPO. Servers are manually updated and restarted
outside of work and backup schedules.
• Spice
(0)
• Reply
•
•
···
Tabasco
OP
For workstations, we have Windows Update enabled to automatically download and install the
updates. Although some employees just do the downloads and perform the updates at a
convenient time for them.
For servers, I will update one or two machines after Patch Tuesday and let them run for a
week. If I don't see any issues, then the rest of the servers get updated manually. I run a small
shop (12 servers and 3 dozen employees) so it's pretty easy to keep things up-to-date.
• Spice
(0)
• Reply
•
•
···
Ghost Chili
OP
WSUS on W2008 for PC's but manually Windows Update for servers to give me control over
what and when.
(0)
• Reply
•
•
···
Tabasco
OP
In WSUS we have two groups: TESTCOMPS (IT staff PCs and some really test machines) and
APPROVED (rest of users and operational servers). Updates for test group are approved
automatically during weekly synchronization on Wednesday and then installed. Then IT staff
have time to observe behaviour of test PCs. If everything goes OK, then on next Tuesday latest
we approve updates for the second group.
Approved updates are installed automatically on different hours (you may configure it). Users
have only a choice to postpone restart of PC (if required) to the hour of their choice (usually at
the end of work).
This model works great. We haven't had almost any issues with Windows Updates (only with
one: Microsoft Office File Validation Add-In).
• Spice
(0)
• Reply
•
•
···
Cayenne
OP
WSUS - you can look over the updates before you deploy them. Also you can uninstall certain
updates if they prove to create a problem. For example I installed an Excel update (KB2596596)
that turned out to eliminate charts being printed out in excel. I merely went to the WSUS and
told it to uninstall (Approved for removal) that update and it removed it from all the systems. this
saved me from ahving to go to every system.
• Spice
(0)
• Reply
•
•
···
Anaheim
OP
• Spice
(0)
• Reply
•
•
···
Serrano
OP
Had way too many things break all at once from updates, like some of our outlook add-ins for
phone, etc. Our system is small, but complex enough that we just don't want to deal with it right
off. We have WSUS and GPO set up, but my hands are on the wheel.