Keizer: One year later, enterprises still wrestle with Windows 7’s cumulative updates

Topic

New Reply

How’s the patchocalypse faring? Gregg Keizer has a good overview in Computerworld: Microsoft’s decision to change its long-established practice of let
[See the full post at: Keizer: One year later, enterprises still wrestle with Windows 7’s cumulative updates]

3 users thanked author for this post.

Elly, MrBrian, AJNorth

Reply | Quote

Replies

To their credit, it seems like they’ve done a good job fixing patch updates after release. Of course, it usually takes a few weeks afterwards, so it ends up that you’re unpatched for 2-3 weeks while waiting for the smoke to clear the DEFCON rating to improve. Obviously the truth of the matter is, patches shouldn’t be released when they know they’re broken to begin with, but I guess that’s what happens when everyone is treated as an unpaid beta tester.

4 users thanked author for this post.

Noel Carboni, Elly, SueW, lurks about

Reply | Quote

It seems like MS does not realize or care that businesses may need to use some older software and hardware for some very good reasons. Thus blindly forcing them to patch everything puts on the horns of dilemma: either be very slow about patching or cause the business to grind to a halt.

Reply | Quote

Sometimes a Windows update will break a business-critical program. This happened at a company I worked at a while back. We came to work one day and found the the accounting system (an old legacy program) wouldn’t work. I found that three Windows updates had been installed early that morning. I uninstalled all three on a few machines, and the accounting program once again worked. I then uninstalled them and hid them on all affected machines. We never had another problem with that update.

At that time, we were on Windows 2000. When we moved to XP, we no longer had any problems with any updates. But I agree with you that there can be problems caused by Windows updates, so Microsoft should have kept doing things the old way — individual, blockable and uninstallable updates.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

I have seen a weird approach, at least for those of us who understand this stuff and know better. SCCM administrators tend to approve ALL security patches available to be covered and in compliance. Windows CBS eventually sorts out and updates correctly, but all patches appear in the Installed updates list as installed.
By ALL security updates, I mean rollups and monthly security updates and IE CUs.
Very rarely professionals waste as much time as many posters here analysing and overanalysing Microsoft’s available updates.
I see now in the field the latest Windows 10 1607 producing the well-know service crash and users patiently waiting for the next update or fix, as in many cases users are not aware of what causes what.
This happens in large corporations world-wide and what I find is that rarely anyone complains.

1 user thanked author for this post.

Noel Carboni

Reply | Quote

My current job is my first job with exposure into SCCM and SCOM. (Have been here just over 1 month now.)
We have 2,123 Win10 workstations, and 577 Win7 workstations left to upgrade.
Out of the Win10’s, 2,005 are on 1511 still, and 102 are on 1703. (Mostly our department and a few other stragglers.) We’re starting to rollout 1703 now to all the 1511’s.

We have a conference call on Patch Tuesday with our MS Sr. Technical Account Manager, to go over any issues with the patches. We run a Pilot patch on our systems 2 weeks after release, and if things are fine, we roll out to production the next week (which is usually close to the next Patch Tuesday).

We do have a larger parent company who hasn’t started their 10 rollouts but apparently they’re going to adopt our policies to do theirs. Supposedly >20K machines.

1 user thanked author for this post.

Noel Carboni

Reply | Quote

Overanalzying. Can we guess why that might be? Could it be that it matters to folks who would actually lose their OWN money because of a Microsoft-caused problem they didn’t need to experience?

This is absolutely not a dig against any of the fine folks here (we are all here because we actually care about quality), but let us remember that Corporate IT has given rise to such characters as “Mordac, the Preventer of IT Services“. I’ve personally met more than a few living, breathing Mordacs in my career.

If corporate IT is the gold standard, I guess I prefer platinum for my own operations.

-Noel

2 users thanked author for this post.

HiFlyer, Elly

Reply | Quote

It is astounding how much overanalyzing one has to do in order to keep up with Windows these days. At some point people will get fed up with it and move to Linux or to some other OS. I have moved to Linux Mint. If I ever start a business, we will very likely use Linux, because I don’t want to have to spend much of my time keeping up with Microsoft. And we will likely go with Novell for our networking, because Novell “Works with Windows, Macs, and Linux”:

https://www.microfocus.com/products/open-enterprise-server/

We can use Groupwise for our email.

Might as well use my CNA for something!

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

1 user thanked author for this post.

Noel Carboni

Reply | Quote