Windows Patch Management
Microsoft releases Windows security updates on the second Tuesday of the month. The Systems Support group has implemented a patch schedule for the Windows servers managed by the Systems Administration group.
The best practice is to apply the patches at the earliest convenient time and not risk a system compromise by waiting until Sunday for the regular maintenance window. There are 3 designated time slots for applying updates. In many cases, the Systems Support Group will propose a time for your server based on server criticality and staff resources. If the proposed time is not convenient, please choose another time slot. When deciding on a time slot, please take these factors into consideration:
- The system remains operational during the patch install. The system is rebooted after maintenance. This only causes a 4-5 minute outage.
- Patch deployment may not be necessary every month if the vulnerabilities do not apply to our servers. The Systems Support group may delay patch deployment if the updates are not relevant. We will notify you via e-mail if patches will be installed for that month.
- There is a risk that something won't function properly after the updates. This is very rare and in most cases, a patch can be uninstalled. The patching schedule takes this risk into consideration, and patches are applied to test, development, and non-critical systems first to mitigate potential failures.
Patch Schedule
| Day of Week | Time | Details |
|---|---|---|
| Wednesday | 9 a.m. - 12 noon | Non-critical servers, test/dev servers, backup domain controllers for Active Directory etc. |
| Wednesday (Off Hours) |
5 p.m. - 11 p.m. | Cluster servers, systems where a quick interruption in service is okay (lightly used web servers, data collection servers, main domain controllers etc.), heavily used systems that can be rebooted after business hours. |
| Thursday (Maintenance Window) |
5 a.m. - 7 a.m. | Extremely critical systems that can only be rebooted off-hours. |
If you have any questions, send e-mail to systems-support@cornell.edu.