The Best Deployment Options for Windows Service Packs

By CIOReview | Monday, August 8, 2016

Deploying a service pack for Windows Server 2012 or higher, mainly involves two feasible options—Windows Server Update Services (WSUS) or Group Policy. Apart from the usual Microsoft licensing charges, these mechanisms do not require any additional costs. However, when it comes to opting best among the two mechanisms for deploying service updates, enterprises need to set their priorities first.

Windows Server Update Services was launched to help IT administrators of medium-sized enterprises to deploy Windows product updates and service packs. Thus, it lies sandwiched between the Windows Update for individual users, and the Systems Management Server for much larger enterprises. WSUS has many features like augmented reporting, support for multiple languages, automatic download of updates, and many more. In comparison, Group Policies enable IT administrators to configure specific settings for users on networks based on Microsoft’s Active Directory Domain Services (AD DS). Group Policy also helps administrators in defining access control options for users and various networking policies. 

The Comparison

If enterprises are focused on deployment of a service pack alone, then Group Policy is the more suitable option out of the two as WSUS can often confuse IT administrators. Group Policy is the simplest way to deploy any software to a network, provided Active Directory is set up in the network. Before proceeding to deployment through Group Policy, here are a few points that enterprises need to ponder upon. 

Downtime and loss of productivity is bound to occur when systems are scheduled for updating. So, it becomes imperative that enterprises schedule installation of service packs for a date and time, Sunday 3:00 a.m. for instance, to minimize the loss in productivity. Similarly, if the system is configured for automatic updates, then the administrator will have to preset a time when it is viable for the systems to be offline. 

Microsoft highly recommends a system restart after the service pack is installed in the computer. If the server is configured for automatic updates, there are two issues to consider; firstly, the system is prone to risk if the server is not restarted after the installation of updates. Next, it may not be advisable to schedule the server for automatic restart as many resources may depend on the particular network at that time. The best possible way to avert such a crisis, as recommended by Microsoft, is to set Group Policy to notify when the updates are ready to be installed. Then, create a script which enables administrators to accept and install the updates and restart the server on demand.

When it comes to patch management in Windows Server, there is only one available option—WSUS. Group Policy can never be used for patch management as it necessitates a workload of gargantuan size upon IT administrators. For instance, downloading every single patch and configuring Group Policy settings for their deployment can be tedious for the support staff.

In addition to helping enterprises with patch management updates, WSUS provides them with systems that are properly configured as well. The centralized update management console in WSUS enables administrators to filter updates by approval and installation. The updates will be installed once the approval is given by the administrators. The console also displays the status of updates in real-time with title, classification, and more. WSUS’ big advantage lies in the fact that it gives the minutest details related to updates with utmost clarity. 

Moreover, with WSUS, enterprises can put together an all inclusive update management plan based on their network topology and bandwidth, requirements, and organizational structure. Though it takes considerable effort for setting up, WSUS is a one-stop shop for any Windows Server updates.