Server Updating

Windows Updates strategy

Manage Updates

Windows Updates should be scheduled and managed by the Site. Updates can't be allowed to automatically download and wait for the next reboot to install. If updates are waiting to install and a server has to be rebooted for troubleshooting reasons the server may take a long time for restart as it applies the accumulated reboots. Updates must be scheduled and managed.
In terms of computer restarts after an update:
The following practices will help you manage computer restarts.

1. Client computers (and most servers) often need restarts after an update is installed. Deferring the restarts will put machines in an unsupported and unstable state, which may include mismatched client and server binaries. These computers should be set up to get automatic downloads and scheduled installs. You can pick a time for scheduled installations when there is little chance for lost productivity (for example, on Sunday at 3:00 A.M).

2. Critical servers cannot generally be restarted daily. If this is the case, you can either configure them for installations at longer intervals (weekly), or configure them to get automatic downloads but manual installations at a time when the servers can be restarted if necessary.

3. Configure e-mail notification to tell you when updates become available, so you can plan the deployment of these updates in advance.

4. If you need to deploy an "emergency update" and can't wait for the next scheduled installation, approve the update with a deadline in the past. This will cause the update to be installed the next time the clients synchronize from the server. If you can't wait for the next synchronization, create a script to automate installing the updates and then restarting your server.

5. Configure client computers or WSUS servers to immediately install updates that do not require a restart.