EXPERT RESPONSE
When performing a fresh install of an operating system, you should certainly download all of the latest service packs and patches before you begin. By integrating any security updates into a new installation, you can prevent the system from becoming infected when it is connected to a network or the Internet for the first time. Service packs contain all the patches released up to its cut-off date. By installing a service pack, you can eliminate the need for several patches and hotfixes. If you are running a new installation some time after the latest service pack has been released, however, there will be a lot of additional patches to install at the same time as the operating system itself. Thankfully, though, you don't have to install them one at a time.
You should prepare an integrated installation, or what is commonly known as slipstreaming, where the operating system image is updated with the latest service pack, patches and hotfixes before installation. The resulting installation files create a fully updated computer in a single imaging process. If you are deploying new installations over a network, it is common practice to make the slipstreamed installation source files available on a network share. The integrated command-line option of the package installer can copy the software update files to the shared network folder. The original operating system files are then overwritten by the updated ones. For a more detailed explanation of this process, you should read "How to integrate software updates into your Windows installation source files."
If Windows is being installed on several standalone PCs, you can order slipstreamed CDs from the Microsoft Web site. I would recommend that you create your own slipstream installation, though, as you can customize it so that any specific drivers or software updates can be installed at the same time. The process involves more work initially, but overall it will save you time, particularly if you have several PCs to set up. There are a few drawbacks to slipstreaming Windows. Firstly, not all patches can be applied in this fashion. Even more annoyingly, if you discover that a certain patch is causing a problem, it cannot be removed without using an original, non-slipstreamed install CD.
Once you have installed and set up your PCs, use Microsoft's free Windows Update service, or – if your PCs are on a network -- consider the Software Update Services (SUS). The technology allows you to install a service that downloads all critical updates, security updates and service packs as they are posted to the Microsoft Windows Update Web site. The updates can then be made available to all preconfigured servers and desktops, including those that do not have Internet access. Do be aware, though, that SUS only provides security patches, critical updates, updates, update rollups and service packs, which are available from Windows Update. Device driver updates are not provided through SUS.
More information:
Learn which tools can check the validity of a patch.
So you push critical Windows patches once a month. But what about Acrobat Reader, QuickTime and your other third-party applications?
|
