(imported topic written by MBARTOSH)
I am currently looking for a process I can use for applying Microsoft Monthly patches. The current scheme I am using is the following. I want to find out if this is a good procedure or not.
-
Create a baseline of the current month patches in a test patch site and name it “Microsoft Updates - YYYY MM monthname.
-
Assign systems to the site over the period of a month. The test patch site starts with zero systems and then gradually increases through the month.
-
After 90% of the systems are assigned, perform the following steps.
a. Copy the monthly baseline to the production packages site.
b. Remove all of the systems from the test patch site.
c. Setup a policy that will advertise the monthly baseline to an automatic group of all workstations.
- Each month review all monthly patch baselines.
a. Remove superseded patches from all baselines.
b. Roll forward patches from the oldest month to the current month baseline.
c. Keep a rolling year of patches.
- If months overlap, create a second test patch site.