Patching 10,000 PCs – How I used to do it.

One of my job functions is IT Security, and patch deployment.

Actually, I don’t do much IT Security these days, for which I’m glad.

Security patch deployment is something I do manage.

One thing that gets on my goat, is that our customer expects a patch to be deployed NOW.

Often this is based on the “All cats have four legs. My dog has four legs, so it must be a cat” reasoning. The IT version of this is “I was able to patch my home PC without problems, therefore we can patch 10,000 PCs with no problems!”.

Whoa there!

We need to test that patch against a pilot group, because not everyone has exactly the same sort of PC and applications as you. One of my customers has over 10,000 PCs, with 27,000 different applications/application versions.

So we Test / Pilot / Deploy / Report.

From when Micro$oft release that patch, we’re talking 7 business days.
For a crisis situation, we skip the Test & Pilot phases, but it still takes us a day to gear up to do the deployment.

My point? Corporate IT is different to Home IT, just as your Dog isn’t really a Cat.