Patching Windows

In this lesson, we'll study some Windows-related patching.

Windows software update services

Since Windows is so prevalent, let’s look at Microsoft’s patching solution. Microsoft has a service called the Windows Software Update Services, or WSUS for short, that helps administrators manage the patching process for all the computers in a domain. With WSUS, you can push updates for Microsoft software to all the workstations in your domain.

The details of WSUS are beyond the scope of this chapter, but here are the main things you’ll want to have:

Automatic deployment

You should have an automatic deployment of patches enforced at the Windows domain level.


You’ll want some level of testing of patches. Ideally, this would take the form of an automated test environment, where Windows computers go through the motions of simulating commonly performed actions. More realistically, this would take the form of delaying most patches a week or two in the hopes that this will give Microsoft more time to shake out any problems in the patching. Then, patches would be deployed in waves so that even if a patch breaks something, it will only impact a portion of your fleet, instead of every Windows computer in your organization.

                                                 Q U I Z  

Get hands-on with 1000+ tech skills courses.