SQL Server Performance

DIY Patching

Discussion in 'EditorsBlog' started by shanetasker, Dec 17, 2008.

  1. shanetasker New Member

    I was reading a journal from the Australian Computer Society on a flight home yesterday. One of the articles that grabbed my attention was on patch management. This article was particularly relevant with the recent changes in the policy for SQL Server functionality. The article described how many large organizations are starting to de-centralize patch management from being a function of the IT department to a responsibility of the individual end user. Two of the reasons cited for this change is that many end users are not in the office frequently enough for the corporate patch policy to be applied and it is an opportunity for IT departments to outsource a mundane function.
    Now I agree that patch management is not the most glamorous function of IT departments but then again neither is building new servers. However, I can't see server builds being outsourced to end users. I think that end users are more and more tech savvy and many are used to managing their computers at home by running windows updates when prompted and maybe even checking occasionally that their antivirus is up-to-date. I think that letting end users patch their own machines could work but not without the layered protection of the corporate infrastructure. In other words, if the machine does not meet a minimum patch standard it can be used but it is not allowed on the corporate network. What are your thoughts on end users patching their own computers?
    - Peter Ward
  2. jmoss111 New Member

    There should be some type of audit in place that verifies and ensure that certain patches are in place. And user patching of servers... forget about it
  3. JohnKasra New Member

    I cant understand this. One of the things that any IT department should be ensuring is the safety of the corporate network. Unpatched computers cannot be deemed to be safe.We have a hybrid manual/automatic patching system using SMS. Whenever a patch is required to be run, an icon is displayed in the system tray. This gives the user the ability to run the patch within 5 days for non-critical patches, or 1 day for critical patches. If the user does not patch their system in this time, the patches are automatically applied and the machine rebooted (if required).To completely trust an end user with the responsibility of keeping the corporate network secure is a very poor decision.

Share This Page