Do you leave Windows Automatic Updates enabled on your production IIS server?
Posted
by Nobody
on Stack Overflow
See other posts from Stack Overflow
or by Nobody
Published on 2009-02-25T14:52:27Z
Indexed on
2010/04/17
11:03 UTC
Read the original article
Hit count: 201
Windows
|auto-update
If you were running a 24/7 website on Windows Server 2003 (IIS6). Would you leave the Windows automatic update feature enabled or would you turn it off?
When enabled, you always get the latest security patches and bug fixes automatically as soon as they're available, which is the most secure choice. However, the machine will sometimes get automatically rebooted to apply the updates leading to a couple of minutes of downtime in the middle of the night. Also, I've seen rare occasions where the machine does not restart correctly resulting in further downtime.
If auto updates are off, when do you apply the patches? I guess you have to use a load balancer with multiple web servers and rotate them out of the production site, apply patches manually, and put them back in. This can be logistically inconvenient when the load balancer is managed by a hosting company. You will also have machines in production that don't always have the latest security patches and you have to routinely spend time deciding which patches to apply and when.
© Stack Overflow or respective owner