Replies

Anyone noticing issues deploying this month’s patches to Server 2012R2 systems?

I have a good number of systems in my enviornment that have seem to have frozen during patching and required a reboot, before the patches being rolled back as failed.  All of these were Server2012R2 systems – with the issue not being seeing in the rest of the Server 2019 systems

I am still trying to analyze what may of caused this issue but it does appear it may be after installing either KB5022894 or KB5022899.

To make sure I am checking the correct location, can you help clarify where I should check this and what it should say?

PerthMike wrote:

anonymous wrote:

Win7 Pro

OEM key.

I’m curious which version of 10 I’d end up with, if I chose to “upgrade” this way. Unfortunately, the info article doesn’t say anything about that.

If I’d end up with the Enterprise version I’d be tempted to do it.

You NEVER end up with Enterprise without an Enterprise key, as you need to download the special ISO from Microsoft’s licencing site. This is because Enterprise is NOT free, even as an upgrade. To use Enterprise, you need either a volume licence agreement or an E3/E5 licence with SA.

The normal download methods don’t include the Enterprise edition.

During a recent visit to Microsoft’s VLA website, I noticed the most recent windows 10 iso files being the exact same for enterprise as they were pro. I’m not sure how long that’s been but it doesn’t appear to use a different ISO file anymore… it seems purely based on the key you enter during install.

Thanks for the reply Paul!  I am focused primarily on Windows patches, especially since MS tends to do a good job rating their severity via the systems mentioned above.

When you say you install “Important” – are these different then “critical” or you install both? Am I correct in observing that when running Windows Update manually, you are also seeing it automatically check not only Critical updates but also “Important” ?  Do they distinguish between the two during WU scans?

That said, we do also treat critical patches for 3rd party software the same:  Critical patches get installed, all others do not. Chrome is a great example recently, going through a handful of critical updates in the last couple months…

So I guess my overall question is what are you guys using for confirming critical ratings? And do you consider “Important” just as required?

I use ManageEngine’s Patch Manager Plus for the bulk of our scanning and deployment.  I have recognized a few instances in the last few months where they rated something as critical when it was in fact not.  So that has put some confidence issues into the mix. (See Photo 1)

Additionally, it appears that Kenna/Qualys are rating PM’s “Important” updates with higher ratings that would match those of a critical patch (See Photo 2)

So I’m not sure what to trust. Since our policies dictate we only install critical patches and skip the rest, this becomes a bit difficult to manage with confidence.

Thank you for your input!

Edit to remove HTML. Please use the “Text” tab in the entry box when you copy/paste.