Without a doubt MS "High Priority" updates should be
installed as soon as they are available. These typically address security
issues, which, if remain unpatched, could leave you vulnerable to exploit. In
our case, our domain workstations are configured via Group Policy to
automatically download and install the updates daily at 3 AM, and prompt the
user to reboot. Like Erik Selke though, our servers never automatically install.
Even beyond that we don't use the Automatic Updates client on servers because
there have been occasions where BITS hasn't completely downloaded all available
packages - hence we run Windows Update manually on them.
Major service packs are, of course, different. We still
have a Group Policy restricting the download of IE 7. Windows Server 2003 SP2 is
being applied to new servers before they go into production (without any
problems yet), but it will be thoroughly tested in the lab before being loaded
on production machines.
HTH
What is the general consensus about
the best way of installing Microsoft’s regular update
Patches?
1)
Automatically install when
available
2)
Automatically download and install
ASAP
3)
Automatic download and install after
a reasonable comment period.
4)
Do extensive testing before
installing regular updates
5)
Install first on a virtual LAN which
mimics all of the major servers ;-)
Laurence A.
Bates
College of
Education
Michigan
State University
217E Erickson
Hall
East
Lansing
MI
48824
517-355-2178
[log in to unmask]