(imported topic written by SystemAdmin)
Hi,
I have an interesting problem and a suggestion of a solution but need some feedback and/or assistance.
We have several servers in our domain, administered across a couple of different IT Business Groups in our organization. Patch management is handled by one Dept - i.e. mine.
The problem we are having, is managing patches across the multiple servers of varying functionality. Its always a juggling game with MS and production servers. You want to make sure that the systems are patched so that you are not vulnerable on the one hand, but applying some patches can “break” or inhibit certain functionality in working production servers.
At this stage we have had a few production servers, that have been a part of an fixlet patch “run” that have had this issue (i.e. I have done a patch “run” of multiple fixlets, and one has caused an issue with a server. “Which” one can also be part of the fun/problem).
The best solution I can come up with at moment is to “lock” the computer from receiving any further patches - but this then means it receives NO patches at all. The type of servers I am talking about are outside my scope of expertise (i.e. My role is in applications, and these are SQL, Payroll or Finance servers).
My plan at this time is to implement a system where we assign additional administrators to the BES console. Then we need to lock these user accounts to be able to fully administer the servers that are relevant and crucial to their business operation (eg Development Dept looks after their own Development servers and patches them according to what they require.) The remaining servers and all desktops would still be administered by my Dept (and if possible, locked from the other Depts being able to administrate these)
Is this possible in the BES console?
Is it easy to do? And how would I go about it?
Further, how do other Businesses deal with the same situation?
(As I we are a medium size company, surely bigger companies have other and and better ways of dealing with this…)
Any help would be greatly appreciated.
Thanks
Markj