Re: [NTSysADM] How to handle patching a patch, using scheduled installations

2017-07-24 Thread Michael Leone 
On Mon, Jul 24, 2017 at 11:43 AM, Kennedy, Jim  wrote:

> Did it fail for sure, or is that one just showing up now.
>


Update history shows it failed yesterday.


Did you also approve the Security Only?
>


Nope, I decline Security Only and decline Previews.




> If that one installs first it won’t show the Quality until after reboot
> IIRC.
>

RE: [NTSysADM] How to handle patching a patch, using scheduled installations

2017-07-24 Thread Kennedy, Jim 
Did it fail for sure, or is that one just showing up now.  Did you also approve 
the Security Only?  If that one installs first it won’t show the Quality until 
after reboot IIRC.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: Monday, July 24, 2017 10:59 AM
To: ntsysadm@lists.myitforum.com; WSUS Mailing List
Subject: [NTSysADM] How to handle patching a patch, using scheduled 
installations

I'd like some advice, please. So this past weekend, we applied our monthly 
updates, and for the first time, half of my servers applied them using a 
scheduled installation time from my WSUS v3 server. And yes, the patches were 
applied, the servers rebooted, no human intervention needed. Yay!

BUT ... some servers then came back saying that another patch needed to be 
installed (apparently on some servers, the June Monthly Quality update failed, 
hence why it's still waiting to be installed). What that means is that this 
coming Sunday, those servers will apply this waiting patch and reboot (which I 
don't want to happen, because it's outside of the monthly maintenance window).

I might be able to apply that patch offhours, before next Sunday.

So how does everyone else handle this issue - the issue of installing a patch, 
and then having another patch now needing to be installed, or - as with me - a 
patch that failed to install the first time attempt to re-try?  So how to avoid 
having the server reboot the next weekend, during a non-scheduled window?

Thanks

Re: [NTSysADM] How to handle patching a patch, using scheduled installations

2017-07-24 Thread Michael Leone 
On Mon, Jul 24, 2017 at 11:24 AM, Sean Chapman 
wrote:

> It’s a little bit of an extra crappy situation since that June update is
> an exclusive update.
>
>
>
> If there is a second round of updates, I just do them Monday morning or if
> its not a critical update I have also just let it roll until the next AU
> update window (which for me is Saturday)
>


Our windows are once a month, on a pre-determined schedule. I'm trying to
avoid scheduling an out-of-band round of updates ...

Re: [NTSysADM] How to handle patching a patch, using scheduled installations

2017-07-24 Thread Robert Cato 
BatchPatch. It is a cheap third party tool. We use it to manage all our
Windows patching. You can setup jobs that: Download, install, and reboot,
check for new updates, download, install, and reboot, install a new version
of AV software that you have packaged, update registry keys, check for
updates, and the list goes on.

We've been using it for about 4 years and it's been EASILY the best
software purchase in my 25+ years in IT.

On Mon, Jul 24, 2017 at 10:59 AM, Michael Leone  wrote:

> I'd like some advice, please. So this past weekend, we applied our monthly
> updates, and for the first time, half of my servers applied them using a
> scheduled installation time from my WSUS v3 server. And yes, the patches
> were applied, the servers rebooted, no human intervention needed. Yay!
>
> BUT ... some servers then came back saying that another patch needed to be
> installed (apparently on some servers, the June Monthly Quality update
> failed, hence why it's still waiting to be installed). What that means is
> that this coming Sunday, those servers will apply this waiting patch and
> reboot (which I don't want to happen, because it's outside of the monthly
> maintenance window).
>
> I might be able to apply that patch offhours, before next Sunday.
>
> So how does everyone else handle this issue - the issue of installing a
> patch, and then having another patch now needing to be installed, or - as
> with me - a patch that failed to install the first time attempt to re-try?
> So how to avoid having the server reboot the next weekend, during a
> non-scheduled window?
>
> Thanks
>