Hi Guys, I'm curious to see how other corporate environments handle their Windows patching. Basically I am looking at ways to do it better due to a bit of an issue I had with one of the KB Articles (at 2AM in the morning, still onsite ). Currently we use WSUS and the patches are only approved after we've at least done some reading on them, what they change and any known issues. We have 3 non critical servers in a test group ,as well as some client machines. Things get released to this group first, then if no major issues arise they are pushed out to the WSUS Servers group and then the Workstations group. The problem is someone still has to sit there and install the patches, reboot, then test everything is still working. We have outgrown this, as to do 34 production servers it took 6 hours, on top of the problems I had with Exchange it added up to about an 8 hour job. Surely there is a better way to manage patching! I can't imagine any organisation with this amount of servers wasting 8 hours of man hour to install security updates surely. So, how do you guys manage your updates? Do you even bother updating certain servers or do you only update your public accessible boxes? Do you use any sort of third party software in conjunction with WSUS? I have spoken to some other geeks in the field and they find if the PC's and servers were set for automatic installs (prompt for reboot) they had no problems. I'm guessing because if you do it this way you are obviously installing the patches in the same order that MS are releasing them. I guess I'm just curious because I can't imagine how organisations with 100+ production servers go about doing patching and the subsequent reboots outside of working hours. There has to be a better way to do it!