Small Business Susan

Lessons in patch pain

Okay class let’s review….


http://blogs.technet.com/wsus/archive/2007/10/25/wds-update-revision-follow-up.aspx


And here:


http://blogs.technet.com/wsus/archive/2007/10/25/wds-revision-update-expanded-applicability-rules-auto-approve-revisions.aspx


And here:


http://msmvps.com/blogs/bradley/archive/2007/10/25/if-you-were-wondering-why-a-blob-of-updates-came-down-last-night.aspx


Now then class… from the evidence above can you see why that since the year 2000 when I first bought Shavlik’s HfnetckPro that I don’t turn on automatic update on a Server and I don’t even on workstations.  I approve patches here.  Because all it takes is one “oops” like that and we’re not longer trusting WSUS.


Score one for the lack of patching pain for the MAC crowd, they don’t have WSUS to inflict group patch pain.  (Yes, Eriq you heard that here)


As someone I was chatting to on IM about this mess…. Microsoft doesn’t feel this pain… I don’t see them dogfooding this like we are out here… and the consultant who was cleaning up the workstations and dealing with the ruffled feathers of the clients who couldn’t figure out how or why the workstations were so slow…. asked how could they charge the client for this mess?  They trusted WSUS to not screw up.


Wayne once said it’s getting pretty bad when Susan the patchaholic says to “not patch” and honestly, I haven’t change the way I patch from the first time I got burnt and learned my lesson. 


Read.


Test.


Review.


THEN deploy.


Nothing has changed in all these years. 


It’s the exact same process.  All patches get installed on all systems.  All service packs get installed (sometimes later versus sooner, but they do get installed)  But not when Microsoft update says they are ready for my systems.  They are deployed when I say so.


So did WSUS hurt me?  Nope.  I have my R2 consoles set for me to approve patches.  And I think I’ll keep in right like that as that stance has served me well.