Without a doubt MS "High Priority" updates should be installed as soon as they are available. These typically address security issues, which, if remain unpatched, could leave you vulnerable to exploit. In our case, our domain workstations are configured via Group Policy to automatically download and install the updates daily at 3 AM, and prompt the user to reboot. Like Erik Selke though, our servers never automatically install. Even beyond that we don't use the Automatic Updates client on servers because there have been occasions where BITS hasn't completely downloaded all available packages - hence we run Windows Update manually on them.
 
Major service packs are, of course, different. We still have a Group Policy restricting the download of IE 7. Windows Server 2003 SP2 is being applied to new servers before they go into production (without any problems yet), but it will be thoroughly tested in the lab before being loaded on production machines.
 
HTH
 
Tony Cooke
Information Technology Services
The Eli Broad College of Business
Michigan State University
(517) 353-1646
[log in to unmask]
 
 
 

From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Laurence Bates
Sent: Friday, April 13, 2007 1:22 PM
To: [log in to unmask]
Subject: [MSUNAG] general consensus about the best way of installing Microsoft regular update Patches?

What is the general consensus about the best way of installing Microsoft’s regular update Patches?

 

1)       Automatically install when available

2)       Automatically download and install ASAP

3)       Automatic download and install after a reasonable comment period.

4)       Do extensive testing before installing regular updates

5)       Install first on a virtual LAN which mimics all of the major servers ;-)

 

 

 

Laurence A. Bates

College of Education

Michigan State University

217E Erickson Hall

East Lansing

MI 48824

517-355-2178

[log in to unmask]