» Home     » How To…   » Site Map   » Contact Us 
 Computing Facilities    links to the SCS and CMU home pages Carnegie Mellon School of Computer Science Carnegie Mellon University
 
Advanced search tips 
Your location: Home > Windows support > Automatic patching of Windows PCs
 Documentation
 » Introduction to Facilities 
 » Accounts & passwords 
 » AFS 
 » Application software 
 » AV help 
 » Backups & restores 
 » E-mail & netnews 
 » Networking 
 » Printing 
 » Purchasing 
 » Security 
 » Software licensing 
 » Support charges 
 » Web publishing 
 » Your health 
 » Macintosh support 
 » Unix/Linux support 
 » Windows PC support 

Automatic patching of Windows PCs

Starting on Monday, March 1, 2004, SCS Facilities will start automatically deploying critical Windows patches to most PCs in the SCS Windows Domain. This patching is intended to keep SCS PCs current for critical security patches. Only PCs running Windows 2000 or Windows XP will be patched in this manner. PCs running Windows NT will not be automatically patched.

Patching options

By default, PCs will be patched according to the following procedure:

  1. Each Tuesday at 6:00 AM, any pending critical Windows updates will be automatically installed. If a PC is already up to date for critical patches, no further action will be taken (i.e. the machine will not be rebooted).
  2. If nobody is logged into the PC on the console, it will automatically be rebooted immediately after patches are installed. If somebody is logged into the PC, a pop-up window will appear, prompting for a reboot. If the user of the PC does not wish to reboot at that time, the reboot will be postponed. Additional prompts to reboot will be given at later times.
  3. If the PC has not been rebooted by 5:00 AM on the following Thursday, it will be automatically rebooted, even if somebody is logged into it.

Servers which are not ordinarily used as a person's desktop host may be patched via a fully automated procedure in which missing patches are installed weekly at 3:00 AM on Monday mornings and immediately rebooted after installation.

It is also possible for PCs to be exempted from the automatic patching process. In those cases, the user or administrator of the PC is responsible for making sure that it is kept up to date for critical patches.

About the patching process

The automatic patching process uses the Microsoft Sofware Update Services (SUS) and the SCS SUS server, winsus.srv.cs.cmu.edu. The SUS server contains a repository of patches released by Microsoft and approved by SCS Facilities staff for distribution to PCs in SCS. New patches are usually approved the Monday after they are released by Microsoft, which is typically on the second Tuesday of each month.

Most PCs in the SCS Windows Domain are configured to periodically (every 17 to 22 hours) query the SUS server and check if new patches are available. If new patches are available, they are then downloaded and queued for installation. Installation of these patches can be performed manually via the update icon in the taskbar. The new patching process automates this task.

Common questions

What happens if I've already patched my PC using Windows Update or some other means?
If patches are already installed, you will not be prompted to reboot and should notice no effects from the automatic patching process.
What if my PC is not a member of the SCS Windows Domain or is frequently off the network?
In that case, you should regularly run Windows Update to make sure that your PC is patched. Microsoft ordinarily releases patches on the second Tuesday of every month, so you should at the very least run Windows Update shortly after that release date.
In the default patching option, how often will I be prompted for a reboot before my PC is forcibly rebooted?
A pop-up window will appear on Tuesday morning, immediately after patches are installed. If you delay the reboot, you will recieve hourly reminders starting on Wednesday, until the forced reboot on Thursday morning.
What do I do if I'm running a server or some other host with special requirements?
Send mail to help@cs.cmu.edu or call the SCS Help Desk and we can arrange to have that host either use the completely automated patch procedure or be exempt from the automatic patching process. Remember that if a host is exempt from automatic patches, the local administrator or user of that PC is responsible for keeping it patched.

Related documentation

Keeping Window software up-to-date
How to manually keep Windows software on your PC up to date with respect to patches
 This site is maintained by SCS Computing Facilities; send comments to help@cs.cmu.edu.
 Accessibility information  © Carnegie Mellon School of Computer Science