Updating hundreds of computers with a service pack or hotfix isn't usually a job that administrators look forward to. When your computers require a service pack update or an OS hotfix, what do you do?
- Ignore the problem and hope no one notices?
- Reinstall the OS and most recent service pack on all your computers?
- Organize a committee to decide which users truly need the update on their machines?
- Decide that now is a good time to take that Jamaican vacation?
Ignoring the problem is probably the easiest solution, but if you ignore a service pack update, do you want the extra work of cleaning up after a security breach? Although a fresh install can do wonders, reinstalling the OS on every computer isn't the best idea because of the required time and effort. What about the committee? If the committee fails to designate all the systems that truly need the hotfix (for example, systems that temporary employees occasionally use), you could end up with a security risk. How about the vacation? You could be relaxing in the sun while an intruder cracks your company's network.
In reality, service pack management calls for a two-step approach. First, to save time and energy, you need to identify which computers need the update. You can usually determine fairly easily whether a particular service pack is installed on a computer, but determining whether a hotfix is installed can be more difficult. This step is important, however—unnecessarily up-dating a computer is a pointless exercise.
Second, you need to perform the update. You can put a hotfix on a 3.5" disk and install the fix from disk. If you're installing a service pack or a hotfix that's too large for a 3.5" disk, you can put the service pack or hotfix in a share on a file server. In either case, you probably need to manually conduct the installations at each computer (unless you've connected all your computers to a central keyboard/ video/mouse—KVM—switch).
The Windows 2000 Magazine Lab staff recently discovered a hotfix that would help us solve some network-connectivity problems. We then faced the task of installing that hotfix on more than 100 computers. This job was easier for us than for most systems administrators: Our test computers are stacked in racks of 15 or 16, and all our test computers connect to a central KVM switch. Despite these advantages, the task still looked like a major undertaking.
Which solution did we pursue? None of the above. We decided to use a service pack management program. (For an overview of the products we tried, see "Ahead of the Service Pack," November 2000.) These programs let you query remote computers and quickly determine which service pack version or hotfixes are installed on those systems. You can display or print this information. Some programs let you set up a profile that searches for specific service packs or hotfixes, then lists only the computers that need the profiled updates. Service pack management programs also let you install service packs or hotfixes on multiple remote computers.
By using a service pack management program, installing the hotfix on more than 100 computers cost us no more effort than we would have spent by walking to 1 computer, determining whether the hotfix was installed, copying the hotfix to that computer, installing the fix, and restarting the computer. After our experience, we can heartily recommend a management program. The time and energy savings they afford make these specialized programs well worth their price.