I enoy the luxury (?) of having my DCs spread across three different continents. I patch them via WSUS. It's never concerned me, nor has it been any kind of problem.
Kurt On Wed, Jul 12, 2017 at 7:56 AM, Michael Leone <[email protected]> wrote: > Our policy has been that our DCs are not patched via WSUS, like other member > servers, but instead that we manually install the current patches from > Microsoft Update. But now, I would like to change this, and use WSUS to > patch all the DCS to our production levels (meaning: one month behind on > released patches). > > I don't see any downsides to this. I would create a new GPO (rather than > modify the Default Domain Controllers Policy). I think I might still set > them to download only, not automatically install. > > Thoughts? > Should I let them auto-install, like most of my other member servers? > Is that what you others do? > Do you let your DCs get their patches via WSUS? > > (the more servers I don't have to manually install patches on, the happier I > am. We have some servers that we must do manually, for reasons I won't go > into) >
