Do you turn off auto update on your servers?
6/12/2019 7:52 AM by
It is not a good idea to have Windows Update automatically updating your servers. There are a few reasons.
- The hotfix could bring down a production environment. (This issue previously happened)
- In fact, even in a development environment this could be hours of lost work as the development team struggles to understand why only some of the developers' servers magically and mysteriously broke overnight.
- Windows Update could restart your server, or put your server in a state where it requires restarting - preventing any urgent MSI installs without bringing down the server.
Windows Update remains the best thing for end-users to protect their systems. But in a server, especially a production server environment - Windows Update patches are just like any new versions of the software that's built internally. It should be tested and then deployed in a controlled manner.
So recommendations for managing updates are as follows:
- Use WSUS to approve/deny updates for your servers.
- Update Staging/Development servers first to see if any issues arise from the updates.
- Roll these updates out to Production once confident there are no issues.
- Windows Updates may be critical and should be kept relatively up to date.
Do you feel this rule needs an update?