We used to patch our servers manually. We bought BatchPatch (batchpatch.com) and it has been, by far, the best purchase I've made in my 24+ years in IT. It's not expensive and it's amazing what it can do for you.
Robert On Wed, Oct 26, 2016 at 1:05 PM, Michael Leone <[email protected]> wrote: > Right now, we set our servers to receive updates from WSUS, but not to > install; they just download. We then manually install and reboot the > servers, during scheduled down times. (we do this because we have > application environments that need to be shutdown via web interface, before > gracefully rebooting the servers). > > Or we used to, anyway. Now, most of my servers are at a position where > they can install updates on a schedule, without manual intervention. (no > need to shutdown an environment via web interface anymore) > > The problem is, we don't use SCCM, so we don't have an easy way to > schedule updates. I only have Group Policy, and I don't know how to set > that to have the servers *only* install updates during a specific time > frame during a specific weekend (meaning: only install approved updates on > Oct 23, between midnight and 5PM, as an example). > > Thoughts? Used to be, 3 of us would work overtime one Sunday and install > the updates manually. Now they don't want us to need to have to do that > (well, one person, as I do still have a few servers that I want to do by > hand, mostly because they all depend on 1 SQL server, and if that SQL > server reboots, not all the servers gracefully deal with that) > > >
