Deploying Large Number of Patches: Microsoft

(imported topic written by mc116991)

What is the best way to bring 400+ systems up to date with all critical & important MS patches? I know it is not recommended to group more then 50 or so fixlets into one baseline so how does one bring their entire environment up to speed?


(imported comment written by SystemAdmin)

Here’s my advice!

  1. Start with service packs and patch roll-ups, applying these may resolve large numbers of patches when applied. These also have a large impact on computers and require restarts so it will probably take a little time to deploy them and restart the computers. Once this is done, go to step 2.

  2. Break the computers apart by OS and bundle the remaining patches together into Baselines for each OS. Hopefully there will be <50 patches per baseline at this point.

  3. Once the baselines have been deployed, look for failed patches, corrupt patches, and anything else missed. Deploy these individually and troubleshoot as necessary, there may be patch specific problems at this point that are preventing them from being applied correctly.

Hope this helps!