We've designed our Windows update process to minimize downtime and aggravation for all users. Due to the quality of Windows updates, that Microsoft has been deploying, the old adage of update as soon as updates come out has gone out the window. The new adage is, wait a while and see what happens before installing updates.
When designing our Windows update process, we took into account the following:
- The quality of Windows updates
- The actual release of the Windows updates
- Avoid situations where apps stop working, computers stop functioning
- Minimize the time users waste when restarting computers
We've all gone through the scenario when we restart our computer, for something small, just to realize that Windows is now updating - wasting hours of our time.
To achieve our goals for the Windows update process, Help Simplify uses the following process:
- Analyze, monitor and test Windows updates for any issues
- Scan computers for Windows updates
- Strategically deploy or push out the Windows updates
The whole process is as follows, once Microsoft releases Windows updates:
- Starting on the second Tuesday of the month, when Microsoft officially releases new Windows patches:
- We start analyzing and monitoring the Windows updates for any issues
- Once we're confident that the majority of Windows updates have minimal issues, we will push the Windows updates to Help Simplify's test systems
- We continue this until the arbitrary "fifth" week of the month
- On the first Monday of the fifth week, we scan all computers to refresh their list of Windows updates
- During the fifth week of the month:
- If there are no glaring issues, we will first push Windows updates to a select number of client computers, ones that will have a low impact.
- If any issues are found or Windows updates are still causing problems - we will skip them for the month.
- If there are no major issues, we will roll out the Windows updates, in a staggered fashion to all computers.
- During this whole process, Help Simplify team members are also on standby, to respond to any issues quickly and efficiently
- We repeat this same process for the next month's Windows updates
Some points of interest:
- We wait until this arbitrary "fifth" week of the month to scan and push Windows update, because this seems to be when Microsoft has worked out most of the issues with their patches. Although there have been times when Microsoft has updated the previous month's patches in the next month, and released it on a random day in the next month.
- Deploying and pushing updates also requires several restarts. We usually restart the systems before deploying or pushing updates, as we've found this minimizes installation issues. There are also times when one update won't automatically install until another update has installed and the system has been restarted. These types of dependencies are something Microsoft controls and configures.
- If users manually check for updates, they will see all list of all pending updates for the month. Since we push updates at the end of the month or beginning of the next month, users will almost always see pending updates.
- We don't push all updates, as some are not necessary or are hardware updates. This will also have the adverse affect of users seeing updates if they check for updates manually. The following are the types of updates Microsoft can release:
- Critical updates
- Definition updates
- Driver / Hardware updates
- Service pack updates
- Security updates
- Security-only updates
- Tool updates
- Monthly Rollup updates
- Preview of Monthly Rollup updates
- Servicing Stack updates
- Feature Pack updates
- Detailed descriptions can be found at: https://support.microsoft.com/en-us/help/824684/description-of-the-standard-terminology-that-is-used-to-describe-micro
- We do not install Windows 10 Feature Pack updates using this process. Feature Pack updates are massive updates that happen twice a year, and require more vetting and testing. There is still a lot of debate in the IT community regarding best practices of when or how to deploy or push Feature Pack updates and currently there is no right way.
- Microsoft really wants everyone to updated as soon as possible, especially when it comes to their Feature Pack updates. So, to "inform" users, Microsoft usually shows a message telling users to update to the newest Feature Pack update and how they are missing out on cool new features and security updates. There are settings that can be set to suppress these messages, but Microsoft will not always honor them. We've seen cases where Microsoft will turn off these settings in their monthly updates.