Re: Dedicated admin to handle patch management ?

From: Shenan Stanley (newshelper_at_gmail.com)
Date: 08/06/05 

Date: Sat, 6 Aug 2005 09:59:45 -0500

Marlon Brown wrote:
> 130 servers organization, 3,500 PC's.
> 3 sysadmins.
> So far each sysadmin has been responsible for patching respective
> servers they maintain.
>
> Do you agree that a more effective approach is elect one sysadmin to
> be responsible to patch all servers and workstations ?

No. I do not agree.

The point would be to not only get the patching done as quickly as possible,
but to make sure each server comes back as it should.

With 130 servers, having ONE administrator do them all would be leaving not
only some servers vulnerable for extended periods of time (possibly) - but
relying on a single point of failure (that ONE admin) to get all of the
patches for all of the servers done and make sure all of the functions of
each of those servers come back up correctly. Those who maintain the
servers daily are more likely to know if something is not right and do
something about it quickly than the admin who before only touched 1/3 of the
servers.

As for workstation patch management - WSUS. If the 3500+ PCs are homogenous
enough - a set of them for the whole group - one main one perhaps - updating
all the others internally that the (assuming sites here) workstations
connect to. If heterogenous to a point that one patch could break this
third, but would do nothing to the other 2/3s (in way of destructiveness) -
then multiple WSUS servers each managed by the administrator who knows their
subsection of users and applications best and can better test if a certain
patch may damage their customers work... 

-- 
Shenan Stanley
     MS-MVP
-- 
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Relevant Pages

  • Re: Patch Management on Critical Servers (Healthcare)
    ... *nix servers patch management is handled at two levels. ... meeting and approved, especially patching. ... change meetings for the hospitals and dates set. ...
    (Focus-Microsoft)
  • Re: Thank You - 12 Companies 1 Server
    ... Patches should only be necessary in EXTREEM cases - you make it sound ... and we didn't have good sources for patching information. ... For servers, I'm aware of the updates because of SUS, and I ... > Saturday - maybe an hour per month at most to patch the SBS and two other ...
    (microsoft.public.windows.server.sbs)
  • RE: patching servers...
    ... > Subject: patching servers... ... > and then let it run with the patch applied for a few days/week before ... I'm an advocate of standard configurations and fast patching. ... server hosed by Windows Updates once, but the way it had been set up ...
    (Focus-Microsoft)
  • Re: Enterprise Microsoft / application patching solutions?
    ... A place I used to work at had about 30k workstations and 2k servers used BigFix. ... there were different modules you could add into it to patch other applications as well. ... This solution would really be beneficial if it was able to do both Microsoft OS patching and application patching. ...
    (Security-Basics)
  • Re: Dedicated admin to handle patch management ?
    ... > servers they maintain. ... > Do you agree that a more effective approach is elect one sysadmin to ... deployment management, setting overall targets and frameworks, but that the ... It makes sense to have one centralised patch manager / patch management ...
    (microsoft.public.security)
Quantcast