Question : What is best practice in implementing MS patching for a network?

This is to think of a way to implement MS patches to my network, which comprises of 80 workstations and 10 servers. Client are using XP, and server using 2000/2003, with 2003 AD Domain. Should I use WSUS? or batch file with QChain? Few considerations need to take care as follows:

       - Minimal interruption to the users
       - Accuracy must be high
       - Maximum control on system administration

Pls advise

Answer : What is best practice in implementing MS patching for a network?

For workstations you should have two separate OUs and thus client targets define within WSUS.
This is primarily to allow you to test whether the patches you approve/apply have no impact on applications.
This in most cases/parts deals with approving/installing an update to the .NET, IE etc. that may have an adverse impact on the proprietery/commercial application that might not work well with newer versions of .NET installed.  OR access to a particular web site does not work with the newer version of IE, etc.

You can apply GPO in stages.
At the top of the Domain, the GPO will only define the intranet site only.
The GPOs that apply to the Server OU, Workstation OU and test workstation OU
Would include the client target, schedule, and settings.
i.e. the server OU GPO will have the client target as servers, download and notify.
The workstation OU will differ only on the client target one will have a test_workstation and the other will have workstation.
You should not set deadline for updates as these updates upon installation will forcibly reboot the system even if you define the no-auto restart when there is a logged in user.

The major effect a user will see if an update is applied while they are logged in deals with updates such as the installation of IE8 over IE7.  There will be warnings.
updates affecting security of an application/OS will often be transparent to the user.
The transfer of the data whether it is  20kb or 200MB will likely go unnoticed by the user depending on what the user's normal tasks are i.e. if the user is heavily dependent on fast network access, the person may see a slow down.  This may not be an issue if the user's system is left and the retrieval occurs off hours.

Random Solutions  
 
programming4us programming4us