Windows Server 2008 R2 : Work with Windows Updates (part 1)

First, because the Server operating system is being updated at regular intervals, the further removed in time you are from the Windows Server release to manufacturing (RTM) date, the more updates you will need to apply after installation to get that Server up-to-date.

Second, because the Server operating system is being constantly monitored and updates are being released at regular intervals, there is really no such thing as a completed installation of Windows Server. Windows Server 2008 R2 machines are really only as good as the most recent updates you have installed on the servers. This means you will be updating your Windows Server 2008 R2 machine on a regular basis throughout its usable life cycle. There are a couple of methods that you can use to do this and a number of methods to put these updates into production on your Windows Servers.

1. Find Out What Updates Are

When you consider that Windows Server is constantly being monitored, reviewed, and updated, it is important to consider what exactly is defined as an update. Updates are additions to software that can fix or prevent problems, enhance security, or even improve performance. In the help files for Windows Server 2008 R2, Microsoft makes the following recommendation:

We strongly recommend that you turn on Windows Automatic Updating so that windows can install security and other important or recommended updates for your computer as they become available.

This recommendation provides both insight into the paradigm that Microsoft uses in regard to updates and allows you to see the reality of the frequent changes and updates being made to Windows Server. These updates can be in the form of operating system updates, hotfixes to operating systems or applications, or patches to adjust operations of the operating system or applications.

2. Use Windows Update

Microsoft has been updating client and server operating systems for the last couple of decades. The company pretty much has the process down to a science. As of this writing, Microsoft makes its updates available publicly at http://update.microsoft.com. You can use this Windows Update site to install a simple application to your server that will review the status of the local server and then compare it to the currently available updates on the website. The administrator can then install the desired updates directly from Windows Update. Each copy of Internet Explorer also has a built-in link to Windows Update, as shown in Figure 1. You can access this link in Windows Server 2008 R2 by opening Internet Explorer 8, clicking the Safety menu, and then selecting Windows Update.

Figure 1. Accessing Windows Update through Internet Explorer

When you select Windows Update, you will notice that instead of opening a web address, Windows Update is actually a program that is running in the Control Panel under the system and security tools. As you can see in Figure 2, the Windows Update tool allows you to check for updates, change settings for updates, view update history, restore hidden updates, and link to frequently asked questions about updates.

Figure 2. Windows Update

When working with Windows Update, you can specify several settings for your updates. If you click the Change Settings option in Windows Update, you can choose one of the following settings to meet your network needs:

Install Updates Automatically This setting allows the server to download and install updates automatically. This setting removes much of the administrative effort necessary to keep a Windows Server up-to-date. In addition to this setting, you can also define the frequency and time to install new updates. The default setting installs new updates daily at 3 a.m. You will learn about additional options for setting up your automatic update configuration in the next section.

Download Updates But Let Me Choose Whether To Install Them This option ensures the most current updates are downloaded to the local server but are not actually installed until you choose to allow them. This option is beneficial in an environment where you want to test and validate updates before deploying them to your servers.

Check For Updates But Let Me Choose Whether To Download And Install Them This option further segments the server from the updates by giving you the opportunity to review the available updates online before downloading or installing the updates.

Never Check For Updates This option is self-explanatory. It is not recommended for the seemingly obvious reason that if you never check for updates and thus never install updates, your servers will likely be out-of-date. Before you dismiss this setting altogether, though, it might be important to consider that this setting would not necessarily be a bad thing if you were using some other system outside of Windows Update to provide updates to your Windows Server and simply did not want the additional network traffic of having the servers check for updates they should already be receiving them from another source.

It is important to note that the previous settings are only for what Microsoft has deemed "important updates." There are also "recommended updates," which can be configured the same way as important updates. There are also optional updates that will be downloaded and installed based on administrative input. Of course, you can also configure Windows Update to provide updates for additional software running on your Windows Server, such as Office, Exchange, SQL Server, and so on.

3. Enable Automatic Updates

Windows Update provides a convenient location and process for keeping your Windows Server up-to-date. Windows Update is a great tool, but to make the process even more effective, you can automate it by enabling automatic updates. By using automatic updates, you can eliminate the necessity of going to Windows Update and checking for updates, downloading the updates, and then installing the updates by hand. Depending on the settings you choose, you can download the updates only or install the updates at a specified time (by default at 3 a.m.), as shown in Figure 3. All of this can be configured to be totally automated by using the settings in Windows Update. It is worth noting here that although automatic updates can simplify the process of installing updates to a server, there is also the possibility that as the updates are installed, the server may reboot if the update requires an operating system restart. Consider this implication before you enable automatic updates on your servers.

Figure 3. Enabling automatic updates with Windows Update

You can also enable automatic updates by using another tool that will automatically be shown after initial installation. When you install Windows Server 2008 R2, you will see a special tool called the Initial Configuration Tasks tool. This tool is broken down into three parts. The first part allows you to provide computer information such as activating windows, setting time zone, and so on. The third part allows you to customize this server by adding roles and features and configuring Remote Desktop and Windows Firewall. The middle area of the Initial Configuration Tasks tool is the part that you can use to set the update settings for this server, as shown in Figure 4.

Figure 4. Initial Configuration Tasks tool

When you enable automatic updates, you will be given the opportunity to enable automatic updates or to configure the settings for updates manually. You will also notice that you can download and install updates using this tool.

Whether you choose to configure automatic updates using Windows Update in the Control Panel or during the initial setup of the server using the Initial Configuration Tasks tool, your Windows Server will still check for, download, and install updates using the online Windows Update site. You will not have to go and manually check on which updates are available or which updates have or have not been installed. The updates are installed based on the schedule you define when you set up the automatic updates.