Hopefully after my last patch management post you now have a basic understanding of the concepts of patch management However the next step is implementing patch management into your network? While we could write a whole books on this subject however lets start with the basics and give six steps to help you get started with patch management.
Run the audit
Whatever patch management system you use it should allow you to run an audit of your network to give you a baseline. Hopefully your patch management system allows you to start your machines up automatically otherwise then you will need to schedule this throughout the day.
Choose your test computers
I suggest choosing one computer for the major hardware types you have and most importantly not the bosses computer. This way you should have enough when testing patches to know if they install fine. In your test period these computers will be upgraded before you roll out across the network.
Decide which days.
Decide which day you want to patch your test computers and which day to patch the rest of the network. Here I suggest Wednesday night for the test computers and Monday night for the rest of your network. That way the test computers will get any ‘Patch Tuesday’ released from Microsoft and you have three working days for things to go wrong before it goes out across the rest of the network.
Decide what you want to do manually and what you want to automate.
You have a number of choices here. You can manually approve patches for the test computers but automate patches for the rest of network. Manually approve all patches on all computers. You could choose to automate the windows critical patches but the manually approve the general patches. It will vary depending on how your network setup.
Set your schedules up.
Next group your computers within your patch management solution I suggest the following profiles; test , critical and non-critical profile (these are the ones that would get you fired if you break the machine with a patch for an example the bosses computer).
Review after each schedule.
Then the last step is to check the system to check that everything has deployed OK. This is just like checking your backups it is too late finding out something hasn’t been patching it is better to be informed beforehand.
Hopefully combined with the previous article and this one you have some understanding on implementing patch management solutions. Have you got any tips when implementing patch management? Please make a comment below as we welcome all feedback.