You are certainly right to want to upgrade from Internet Explorer 6. Microsoft has issued a standing advisory warning...
companies and individuals to upgrade to Internet Explorer 8 for improved browser security. What's more, IE6 users won't be able to properly access the upcoming Web versions of Microsoft Office 2010 because Microsoft will only support versions IE7 and upwards. Also as a consequence of the recent attacks against Google -- via vulnerabilities exploited in IE6 -- it has been reported that it will support only IE versions 7 and 8 on its Google Docs service and will start to phase out support for IE6 for Gmail and Google Calendar later this year.
I'm surprised that you don't use WSUS (Windows Server Update Service) to manage the patch management and upgrades of your machines. It's free and centralizes the distribution of updates to computers on your network. Do you use Windows Automatic Update to deploy patches and upgrades instead? Any machines running IE6 on Windows XP, Windows Vista, Windows Server 2003, or Windows Server 2008 will have had a notification through Automatic Update about IE8 as either a "High-Priority" or "Important" update. IE8 will not automatically install on machines, and you may have prevented users from installing IE8 through Automatic Update by using the IE8 Blocker Toolkit using Group Policy.
To upgrade IE6 with or without the use of WSUS or Automatic Update, first test IE8 for compatibility with internal applications and sites. Testing is required because any kind of update can overwrite key files, disrupt existing software or change services or functions on which your system relies. Test computers or a virtualized IT infrastructure to create a test environment may be a luxury you can't afford, but you should at least test the upgrade on a small group of machines before rolling it out to the rest of the company.
Every problem you find on these test machines is one less problem that you will hear about from your end-users. But be sure to have a rollback and restore plan in place! By completing a test upgrade you can ensure a predictable rollout when IE8 is deployed. The rollout, manual or automated, can be used as an additional part of the testing process if it's done in stages. The initial rollout should be to groups of less critical machines, and if they perform as expected, you can continue with the rollout until all machines are updated. I would also check relevant Internet discussion news groups to find out about the issues others encountered when upgrading from IE6 to IE8. You certainly won't be the first administrator to perform such an upgrade, so take the time to learn from the mistakes and experiences of others.
For more information:
Dig Deeper on Web browser security
Related Q&A from Michael Cobb
Expert Michael Cobb details how to argue for a multistep secure code review process, like Microsoft SDL, and the pros of secure coding practices. Continue Reading
Researchers developed a tool to help prevent improper certificate pinning that causes security issues. Expert Michael Cobb reviews the issue and the ... Continue Reading
Google Project Zero discovered a WPAD attack that could target systems running Windows 10. Expert Michael Cobb explains how the attack works and how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.