Re: Windows Patch Management

["Beechey, Jim" <beechey () NORTHWOOD EDU>]

Ryan
 
We use SMS for patch management to most of our servers, but still do DMZ
and a few domain servers manually.  SMS has been great for us, but does
require someone to manage it more closely than WSUS.  Our maintenance
window is the Thursday night after patches are released.  This doesn't
leave much time, but testing is done for critical apps.  Patches are
loaded into test systems almost immediately after being released.  This
short timeframe works for us only because we have our web and SIS
developers doing testing of their apps while the sys admins test
Exchange and a few others.  
 
Hope this helps
 
Jim Beechey GSEC, GCIH
Information Security Manager
Northwood University
beechey () northwood edu
989-837-4169
 
________________________________

From: Rose, Ryan [mailto:Ryan.Rose () UNCO EDU] 
Sent: Wednesday, December 06, 2006 5:12 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Windows Patch Management


Greetings,
 
I'm curious how other institutions are conducting Windows Server Patch
Management.  Currently we are testing the patches in our test
environment for the week following the release date.  We then roll-out
the updates to all productions servers over the following weekend within
our maintenance windows.  This takes an amazing amount of time, we
believe it is best to stick to a monthly schedule but our sys admins are
going crazy.  Any suggestions or thoughts around this issue.
 
Thanks in advance,
 
Ryan