For a very long time, the update mechanism for both Windows clients and Windows servers have been the same. With Windows 8 and Windows Server 2012 this has changed.
Even though I’d already found out that something had changed with the Windows 8/Windows Server 2012 update mechanism by using it, I didn’t really know what changed and why.
- Windows 8 Modern (Metro) Apps security patching does not work the same as regular security patching. For more information, read “Microsoft’s new security patching routine raises concerns“.
- Default behavior after you install an important update in Windows 8 or in Windows Server 2012 is that you receive a notice that you have to restart the computer in three days. If the restart does not occur in three days, the computer displays a 15-minute countdown and then automatically restarts. By default, this automatic restart is delayed if the computer is locked, and the countdown will begin the next time that you sign in to the computer. Update KB2835627 has been released that introduces a new registry key called AlwaysAutoRebootAtScheduledTime which enables you to configure a forced restart after installation if desired.
- This great blog post provides more insight: “Managing Updates with Deadlines in an era of Automatic Maintenance“. The reactions are also very interesting.Some of the key takeaways from this post:
- A new feature called Automatic Maintenance, runs nightly and performs various tasks such as lightly defragmenting hard drives (or TRIMming SSDs if necessary), checking, repairing, and optimizing the system component store, running anti-virus scans, installing updates, and more.
- The setting for when to download and install updates doesn’t work in the same way as it did. While you can still set Windows Update to download updates and install them automatically or not, the day-of-the-week setting is not effective. It is included in the automatic maintenance and there isn’t a way to individually specify which maintenance tasks run on which day.
- The Windows Update Agent doesn’t have to be active in the background all the time because of this. This consolidation reduces system resource usage and battery usage.
- If you want to be in control of when updates will be installed you have to use WSUS and set deadlines for updates.
Even though I understand the reasoning behind the change, I would have preferred that Microsoft gave customers options to choose their preferred method. In my opinion this method makes sense for clients, but not so much for servers.
Also for some (smaller) companies the specific day and time patching method (including downloading from Microsoft Update) worked fine and now they might have to install, configure and maintain a WSUS server (including patch approvals) to achieve the same result.
What do you think about this ? Leave a comment on either my blog or on the original blog post : Managing Updates with Deadlines in an era of Automatic Maintenance