Real SMB IT: Don’t Use Windows Autoupdate For Servers

January 25, 2010

If you run a Microsoft Windows Computer you are already familiar with the autoupdate feature that automatically installs the latest security patches and software updates.

I call it unfortunate, but if you use Windows servers, that auto update feature will do the same thing to your servers.

It sounds like a time saver right? All updates and security patches installed on your servers automatically with no human intervention required?

But here is the problem!

I am sure that you have noticed that  for some of these automatic  update patches or upgrades,  that your computer tells you that it needs to reboot to finish that installation? – and that sometimes it just starts shutting down without warning?

Do you really need that to happen to your servers?

There you are typing an email and your MS Exchange Server decides it is time to reboot…..

Another issue with this automatic rebooting when it occurs on your servers, is that if several servers start to reboot at close to the same time, there can be errors or service failures depending on which servers start rebooting and in which order. For example, a Microsoft SQL Server with a Domain Services account would fail to start properly if the Domain Controller servers are still rebooting.

And the second problem I have with the auto update feature on a server;  The Microsoft automatic update software has no idea what you are using each server for. So it installs all updates and all patches regardless of whether or not you need it.

Do you want that server rebooting for a patch to the Media Player application? – When no one will ever use it on that server and it is blocked behind firewalls? Of course, if a server is publicly accessible, needless risks like Media Player should be removed anyway.

The SMB Takeaway

When it comes to servers, review all the patches and updates that Microsoft publishes every month.  They are published on Microsoft Technet, and you can even subscribe to security alerts via e-mail.

If the update applies to your environment, it may be critical to install it, but schedule it on your time. Schedule it after hours so servers don’t start rebooting during business hours.

