I'm still trying to get over your desire to do a mass update to all of your DCs at once. You are much braver than I am and much braver than many I have spoken with. For the most part people consider DCs to be special and not to be automatically patched en masse like that. The reason being if there is something you missed in testing, you could knock everything down in one fell swoop. Even if I had the world's greatest patch system and could patch all DCs in short order like that I still wouldn't do it.
An example I have of a good reason not to do the mass patching... We started to deploy some SP. I think it was SP2. There was a bug in SP2 where if there was a certain bad value in, I think if I recall correctly, a site link, that if it was encountered the SP2 DC would crash, reboot, repeat. Now visualize what would have happened had we mass launched SP2 to all DCs at once via super deployment method #4... 400 DCs crashing over and over again. My DC patching tends to go like this.... Test patch in multiple labs. Test patch on a couple of "non-critical" DCs. Watch for a couple of days or at least a couple of hours. If all is well, send patch to all DCs but do not execute. Execute in small batches. Watching closely for issues. joe ------------- http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala Sent: Friday, March 26, 2004 5:23 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Reboot behavior with SUS on DC's Hi, I recently sent a post with regards to creating a seperate GPO for DC's to utilize SUS and Windows Updates. So far everything looks and works the way I want it to. The only thing I am trying to figure out is if there is a way to auto download and schedule the install but not reboot the system (there seems to be only one GPO setting for controlling reboot behavior while logged on) but not when the system is idle or left at the login prompt. My only fear with this behavior is what happens if there is a failed reboot or the system hangs or whatever, I would like to be able to control when the DC is rebooted either remotely or by a local administrator (and there's that, the org. operates in a centralized model with distributed administration including offices overseas) so a hanged reboot may mean 8am in Germany but 1 or 2 am in the Central Time Zone.... Your help is much appreciated. Thanks, _________________________________________________________________ Get tax tips, tools and access to IRS forms - all in one place at MSN Money! http://moneycentral.msn.com/tax/home.asp List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
