Programming4us
         
 
 
Windows

Windows 7 : Designing an Update Management Strategy - Understanding Updates & Update Deployment

6/21/2012 4:37:49 PM

Understanding Updates

Updates are files that address functionality issues and address security vulnerabilities in operating systems and applications. Because vulnerabilities can be quickly exploited after the details of the vulnerability are published, you must ensure that updates that address the vulnerabilities are deployed to computers in your organization with reasonable haste.

Unfortunately, updates do alter a computer’s configuration, and an update that addresses one issue in an application or operating system can cause problems with other parts of the configuration. These problems might become apparent only after the update is deployed. As an enterprise desktop administrator, you must seek a balance, ensuring that you test updates adequately prior to deployment, but also ensuring that updates are deployed in a timely and effective manner.

Update Classification

Microsoft assigns a classification to each update it publishes. The classification allows you to prioritize the deployment of updates, and you should test and deploy updates that have a more urgent classification before testing and deploying updates with less urgent classifications. The update bulletin provides details on its classification as well as the location from which you can obtain the update files if an automated update solution is not in place. Updates published by Microsoft can have one of the following three classifications:

  • Important Updates. These updates address critical security issues such as those an attacker can use remotely to take control of a computer. In some cases, Important updates address security issues for which exploit code has already been published on the Internet. In cases for which exploit code is not available, attackers quickly reverse-engineer updates in an attempt to determine which vulnerabilities the update might address and use this as the basis of developing their own exploit code. You should prioritize the deployment of updates with this classification over the deployment of other updates.

  • Recommended UpdatesThese updates often address issues related to the existing functionality of the computer. Figure 1 shows a Recommended update that relates to application compatibility. Recommended updates are of lower priority than Important updates, But you should still deploy updates with this classification to computers in your organization in a timely manner.

    Recommended update

    Figure 1. Recommended update

  • Optional Updates. These updates include items such as language packs and driver updates. Optional updates often extend the functionality of the computer. Optional updates are strictly optional. Organizations should assess the changes that Optional updates introduce to the software ecosystem prior to rolling the updates out to desktop computers. The deployment of Optional updates is rarely time-sensitive in the way that the deployment of other updates is.


Update Deployment

When the Windows 7 operating system is installed on a computer, the installation routine queries you about how you want to treat automatic updates. This dialog box is shown in Figure 2. The default setting is for updates classified as Important and Recommended to be automatically downloaded and installed on the computer as they are released by Microsoft. When a computer running Windows 7 is configured using the default settings, the Windows Update client on the computer regularly checks with the Microsoft Update servers on the Internet to see whether any new updates have been published. If a new update has been published, the Windows Update client downloads and installs the update and then reboots the computer if that is a necessary part of the update installation process.

Configuring update settings during installation

Figure 2. Configuring update settings during installation

In many small-size to medium-size organizations, this default configuration for Windows Updates is acceptable. As organizations get larger, they are more likely to want to take control of the deployment and approval of updates. The next pages tell you about the solutions that are available to an organization that wants to take control of the update management process.

Installing Updates Manually

The first update management option that organizations can implement is manually deploying updates, rather than having the updates downloaded directly by clients from the Internet. You can download update files from the Microsoft Web site and install them manually using the Wusa.exe command-line utility. Update files have the .msu extension.

Manual installation of updates might be necessary for computers located on secure isolated networks, or for stand-alone computers that are not connected to any network. In some cases, it will be necessary to install multiple updates. One problem with manual update installation is that many updates require the computer to be restarted for the installation process to complete. As a way of dealing with this problem, you can chain the installation of updates using the /norestart parameter. A script that installs three updates with a single command would have a format similar to the following:

Wusa.exe i:\windows6.1-kb123456-x64.msu /quiet /norestart
Wusa.exe i:\windows6.1-kb123457-x64.msu /quiet /norestart
Wusa.exe i:\windows6.1-kb123458-x64.msu /quiet

Manual update installation can be a tedious process because an administrator must ensure that update files are placed in a location accessible to the computer being updated; the administrator also must type out long update file names in a command-line window. In some cases though, installing updates manually is the only way that you can deploy updates to computers running the Windows 7 operating system.

More Info

WINDOWS UPDATE STAND-ALONE INSTALLER

To find out more about the Windows Update Stand-alone installer (Wusa.exe), consult the following article on the Microsoft Web site: http://support.microsoft.com/kb/934307.

Other -----------------
- Windows XP : Participating in Internet Newsgroups - Some Usenet Basics (part 2) - Setting Up a News Account
- Windows XP : Participating in Internet Newsgroups - Some Usenet Basics (part 1) - Figuring Out Newsgroup Names
- Windows 7 : Getting Older Programs to Run - Using the Program Compatibility Wizard
- Windows 7 : Getting Older Programs to Run - Installing Incompatible Programs
- Windows 7 : Recording to DVD
- Windows 7 : Using the Snipping Tool
- Programming for Aero Glass Functionality : PROVIDING EXTENDED LINGUISTIC SERVICES
- Programming for Aero Glass Functionality : WORKING WITH THE WINDOWS 7 TASK DIALOGS
- Windows Help Desk (Part 2) - AppCleaner backup, Moving partitions to resize them
- Windows Help Desk (Part 1) - Autoplay not working, ReadyBoost failure, Remove contacts
- Windows Remote Assistance : Troubleshoot From Afar
- OpenOffice.org 3
- Troubleshooting Windows Vista Startup : When to Use the Various Advanced Startup Options & Troubleshooting Startup Using the System Configuration Utility
- Windows Vista : Custom Startups with the Advanced Options Menu & Useful Windows Vista Logon Strategies
- Tuning Windows Vista’s Performance : Optimizing Virtual Memory
- Tuning Windows Vista’s Performance : Optimizing the Hard Disk
- Undoing the AutoComplete Nightmare, Images of Filth and Perversion
- Windows 7 : The Process of Troubleshooting Hardware Issues & How to Diagnose Hardware Problems
- Windows 7 Improvements for Hardware and Driver Troubleshooting
- Backing Up with the dump Utility (part 2) - What a dump Backup Looks Like
 
 
Most View
- iPad SDK : New Graphics Functionality - We Are All Tool Users (part 1)
- Exchange Server 2010 : Federation Scenarios (part 1) - Free/Busy Access
- Windows 7 : Enhancing Your Browsing Security (part 6) - Managing Add-Ons
- Windows Phone 7 : Finding Places and Things
- Migrating Databases and Data to SQL Azure (part 8)
- jQuery 1.3 : How to use a plugin
- Windows 7 : Designing an Update Management Strategy - Understanding Updates & Update Deployment
- Parallel Programming with Microsoft Visual Studio 2010 : Task Parallelism - Sort Examples
- Windows Server 2008 : Using dnscmd - Retrieving DNS Information, Exporting DNS Data, Forcing Zone Transfers
- CSS for Mobile Browsers : WebKit Extensions (part 1) - Text Stroke and Fill
Top 10
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 3) - Configuring Recipient Filtering
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 2)
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)
- Implementing Edge Services for an Exchange Server 2007 Environment : Installing and Configuring the Edge Transport Server Components
- What's New in SharePoint 2013 (part 7) - BCS
- What's New in SharePoint 2013 (part 6) - SEARCH
- What's New in SharePoint 2013 (part 6) - WEB CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 5) - ENTERPRISE CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 4) - WORKFLOWS
- What's New in SharePoint 2013 (part 3) - REMOTE EVENTS