Face it--patching is a necessary evil. A risk is always incurred when making a change to a production system, yet unpatched Windows servers are a greater risk over time.
Windows Server 2008's Core installation makes this a little more difficult. The good news is that there are a number of ways to patch the Explorer-less Windows Server.
Here are four ways you can go about patching the Core installation.
1. You can use a Microsoft automated solution such as System Center Systems Management Server (SC-SMS) or Windows Software Update Services (WSUS). This is likely the best option because it can be centrally managed, and update approval, installation time, and reboot behavior can be controlled.
2. You can use a four line script like the one below, and it can configure the server to install all updates. The last line will instruct the server to look for updates right away:
script c:\windows\system32\scregedit.wsf /au 4 Net stop wuauserv Net start wuauserv Wuauclt /detectnow3. You can modify the configuration for the local Windows Update via the registry. This is the path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ WindowsUpdate\Auto UpdateNote: Editing the registry is risky, so be sure you have a verified backup before saving any changes.
4. You can use a non-Microsoft solution to manage the updates for the Windows Server 2008 system. This may include the Visual Core Configuration tools, Codeplex Windows Server 2008 Core Configuration, and Portlock Windows Update Manager.
There are a number of factors that will determine which tool will fit your needs best. Many organizations will be inclined to take the natural choice of using WSUS or SC-SMS, but it's good to know that other options are available.
How are you approaching the ongoing automatic updates for a Windows Server 2008 Core? Share your comments in the discussion.