I have a test group that contains one OS version at least of every one we have deployed that gets the patches right away and then on Saturday evening the DCs and other servers get them automatically. It has been, what, 12 years now that way with zero problems.
From: [email protected] [mailto:[email protected]] On Behalf Of Melvin Backus Sent: Wednesday, July 12, 2017 11:38 AM To: [email protected] Subject: RE: [NTSysADM] Advice on patching Domain Controllers via WSUS We do all of our critical servers this way. Download the patches, install cycle happens manually. It’s just a separate group in WSUS. We also do manual approval only on that group. -- There are 10 kinds of people in the world... those who understand binary and those who don't. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Michael Leone Sent: Wednesday, July 12, 2017 10:56 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Advice on patching Domain Controllers via WSUS Our policy has been that our DCs are not patched via WSUS, like other member servers, but instead that we manually install the current patches from Microsoft Update. But now, I would like to change this, and use WSUS to patch all the DCS to our production levels (meaning: one month behind on released patches). I don't see any downsides to this. I would create a new GPO (rather than modify the Default Domain Controllers Policy). I think I might still set them to download only, not automatically install. Thoughts? Should I let them auto-install, like most of my other member servers? Is that what you others do? Do you let your DCs get their patches via WSUS? (the more servers I don't have to manually install patches on, the happier I am. We have some servers that we must do manually, for reasons I won't go into) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The information contained in this communication and all accompanying documents from Coilcraft may be confidential and/or legally privileged, and is intended only for the use of the recipient(s) named above. If you are not the intended recipient you are hereby notified that any review, disclosure, copying, distribution or the taking of any action in reliance on the contents of this transmitted information is strictly prohibited. If you have received this communication in error, please return it to the sender immediately and destroy the original message or accompanying materials and any copy thereof. If you have any questions concerning this message, please contact the sender.
