Shenan
Sat Aug 06 09:59:45 CDT 2005
Marlon Brown wrote:
> 130 servers organization, 3,500 PC's.
> 3 sysadmins.
> So far each sysadmin has been responsible for patching respective
> servers they maintain.
>
> Do you agree that a more effective approach is elect one sysadmin to
> be responsible to patch all servers and workstations ?
No. I do not agree.
The point would be to not only get the patching done as quickly as possible,
but to make sure each server comes back as it should.
With 130 servers, having ONE administrator do them all would be leaving not
only some servers vulnerable for extended periods of time (possibly) - but
relying on a single point of failure (that ONE admin) to get all of the
patches for all of the servers done and make sure all of the functions of
each of those servers come back up correctly. Those who maintain the
servers daily are more likely to know if something is not right and do
something about it quickly than the admin who before only touched 1/3 of the
servers.
As for workstation patch management - WSUS. If the 3500+ PCs are homogenous
enough - a set of them for the whole group - one main one perhaps - updating
all the others internally that the (assuming sites here) workstations
connect to. If heterogenous to a point that one patch could break this
third, but would do nothing to the other 2/3s (in way of destructiveness) -
then multiple WSUS servers each managed by the administrator who knows their
subsection of users and applications best and can better test if a certain
patch may damage their customers work...
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html