Patch Management

Keeping your machines up-to-date should help keep them in tip-top condition and therefore at the highest performance. It should also ensure that any known chinks in the stability and the security of IIS should have been fixed so that you can keep your Web site running at full speed. In previous versions of IIS, any patches or updates had to be applied while IIS was disabled. Because of the new worker process model, patches can be installed while IIS is running with the worker processes simply recycled at the end.

Windows Server 2003 also incorporates the Windows Update functionality. This provides an automatic system for critical updates and security hot fixes. This enables each machine to either

  • Notify you when a patch is available

  • Download the patch and notify you

  • Download and install the patch at a scheduled time

You can see the options in Figure 5.4.

Figure 5.4. Setting automatic update parameters.


For an enterprisewide solution, you can use Software Update Services to download the updates for an entire network and then distribute them to your servers and clients. You also get to approve updates before they are distributed to your clients.