Hi,
I'm going through the process of setting up monthly windows updates in a new environment & I want to ensure that we have the capability to deploy updates to test collections before distributing to the production systems (both client OS's & server OS's).
Essentially I want to be able to use ADR's to deploy updates to my 'test' collections, then allow a week or so for testing, then when I'm happy they haven't caused any issues, deploy them to the production machine collections. Servers as well as workstations will be set to automatically install & reboot if required (at deadlines).
I've given it some thought and have come up with 3 approaches. I've listed these below:
Option 1) Create 2 x ADR's for each product. Both ADR's will run once a month at more-or-less the same time. One ADR will target the 'test' collection and will have the deployment schedule availability set to 'ASAP'. The second ADR will target production, and will have the deployment schedule availability set to 7 days. Both will have deadlines of 14 days... This should allow me 7 days to test the updates with members of the test collection. If I don't like any of them for any reason, I can remove the production deployment or edit the updates in the group to remove any bad ones.
Option 2) Just use a single ADR for each product. The deployment will be targeted at production machines and the installation deadline will be 14 days. For this option to work, I would need to ensure full testing is done before the 14day auto-install kicks in. Any bad updates would have to be determined and removed before the 14days were up. It would also rely on usersnot being 'proactive' & going into the software centre & installing the updates themselves in advance of the deadline.
Option 3) Just use a single ADR for each product. The deployment will be targeted at atest machine collection and the installation deadline will be 14 days. I would then test the updates and ensure they all worked, removing any bad ones from the update group if they are found. Once happy with the testing, I would then manually change the target collection of the software update group that was created by the ADR to theproduction machine collection.
Thoughts anyone ? I'm hoping some people here can share what has worked for them in their production environments.
Cheers!
Rumpole
p.s. this is (almost) a duplicate post to one I've made in the Windows-Noob forums. Just hoping to get as much expertise as possible before landing on the final path forward.