I have read a number of conflicting 'best practice' documents on the subject of patch management and none of them agree with one another. :) Most of them assign a minimum patch time based on the severity of the patch and climate (is womrable? do worms exist for it? are exploits in the wild? etc.). I believe its FIPS that says a critical patch has to be tested and installed within 24 hours of its release, others very or don't say. My favorite document on the subject is the NIST guide found @ http://csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdf Hope that helps. On Fri, 13 Apr 2007 13:33:46 -0400, Erik Selke <[log in to unmask]> wrote: > My servers download the updates, but *never* auto-install. I have 3 of > the same server, so I test on our least critical first. I manually > install pretty much everything on our servers. > > Typically I wait for Shavlik to add it to their NetChk Pro scan setup as > they do preliminary testing, and then I check out to see what problems > early adopters have experienced. Our servers are pretty vanilla, so > I've been lucky so far to not have any problems. > > Erik > > Laurence Bates wrote: >> What is the general consensus about the best way of installing >> Microsoft’s regular update Patches? >> >> >> >> 1) Automatically install when available >> >> 2) Automatically download and install ASAP >> >> 3) Automatic download and install after a reasonable comment > period. >> >> 4) Do extensive testing before installing regular updates >> >> 5) Install first on a virtual LAN which mimics all of the major >> servers ;-) >> >> >> >> >> >> >> >> Laurence A. Bates >> >> College of Education >> >> Michigan State University >> >> 217E Erickson Hall >> >> East Lansing >> >> MI 48824 >> >> 517-355-2178 >> >> [log in to unmask] <mailto:[log in to unmask]> >> >> >> > > -- > Erik Selke > Information Technologist > Department of Sociology > 316 Berkey Hall > Michigan State University > [log in to unmask] > (517) 353-1804 -- Bryan Murphy, CISSP, MCP