Without a doubt MS "High Priority" updates should be installed as soon as they are available. These typically address security issues, which, if remain unpatched, could leave you vulnerable to exploit. In our case, our domain workstations are configured via Group Policy to automatically download and install the updates daily at 3 AM, and prompt the user to reboot. Like Erik Selke though, our servers never automatically install. Even beyond that we don't use the Automatic Updates client on servers because there have been occasions where BITS hasn't completely downloaded all available packages - hence we run Windows Update manually on them. Major service packs are, of course, different. We still have a Group Policy restricting the download of IE 7. Windows Server 2003 SP2 is being applied to new servers before they go into production (without any problems yet), but it will be thoroughly tested in the lab before being loaded on production machines. HTH Tony Cooke Information Technology Services The Eli Broad College of Business Michigan State University (517) 353-1646 [log in to unmask] <blocked::mailto:[log in to unmask]> ________________________________ From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Laurence Bates Sent: Friday, April 13, 2007 1:22 PM To: [log in to unmask] Subject: [MSUNAG] general consensus about the best way of installing Microsoft regular update Patches? What is the general consensus about the best way of installing Microsoft's regular update Patches? 1) Automatically install when available 2) Automatically download and install ASAP 3) Automatic download and install after a reasonable comment period. 4) Do extensive testing before installing regular updates 5) Install first on a virtual LAN which mimics all of the major servers ;-) Laurence A. Bates College of Education Michigan State University 217E Erickson Hall East Lansing MI 48824 517-355-2178 [log in to unmask]