Hi,
I've taken onboard the massive task of updating our companies servers that have rarely (or never) been patched. It is something that unfortunately has been severely neglected over the past few years (before my time).
I have a full ongoing monthly schedule worked out and planned (using SCCM of course), so that is under control... The problem now is how to update 300 odd servers that almost all require 200+ patches for each. the servers are made up of 2008R2, 2012,
and 2012 R2.
The past week I've built up a number of test servers & have rolled out the patches to the test servers using SCCM. I've had mixed success. The simple fact is that there are way too many updates involved for it to work seamlessly. The
amount of reboots varies, and there's always a number of updates that fail that need redoing. All in all it is taking a couple of days to update a server which will just take too much man power to cope with this many servers.
FYI the number of patches needed on my 'test' servers that resemble production are like this:
2008R2 = 199 updates required
2012 = 186 updates required
2012R2 = 182 updates required.
Does any one have any suggestions on how to better tackle this situation ? I've considered looking for 'rollups' or 'service packs' but I think these will only go so far, and the effort involved in getting them into SCCM to cater for an easily 'chained'
type deployment approach may just be too much effort & complication.
Any ideas outside the box are welcome.
Thanks!
