Hi Murray, In our environment I utilize WSUS by Microsoft.
I've created a WSUS Pilot Group and placed several servers in it, one of them being a DC. When MS releases new patches, they are reviewed then approved for the Pilot Group first. After the servers in the Pilot Group have the update applied and rebooted (if required) there is a layover period for about 7-10 business days, when finally the same patches are approved for the other production WSUS groups.
WSUS also allows you to categorize servers based on functionality such as SQL, IIS etc.
HTH... ----Original Message Follows---- From: "Murray Wall" <[EMAIL PROTECTED]> Reply-To: [email protected] To: <[email protected]> Subject: [ActiveDir] Patching Strategy on DC's Date: Tue, 5 Jul 2005 11:30:44 -0600 I have a question about a patching strategy for Domain controllers. We have a single forest single domain, 4 dc's, when patching for security patches should we do all the DC's at once, or do half of them or should we introduce a test lab or lastly a latent replicated production site with a dc in it? Thoughts and approaches appreciated! List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
