Technical Services	Advanced Search | Find People

Public Documentation

Patching Procedures

IU Northwest IT has developed and implemented a procedure to proactively and remotely install Windows security patches shortly after released by Microsoft. Because of the number of systems on campus and the complexity of the scanning and push process not all systems can be patched simultaneously. The priority for pushing these patches is as follows:

1. IT Servers
2. Computer Classroom and Student Technology Center PC’s
3. Administrative support desktop systems
4. Faculty and Staff Windows desktop systems

Every effort will be made to have systems in the first 3 groups patched within 10 working days of the patch release. Faculty and staff Windows desktop systems will be scanned and patched on a best effort basis. Since most faculty and staff Windows desktop systems have been configured to automatically download and install security patches, these systems are generally also patched shortly after Microsoft releases a patch. IT does ask that you leave your Windows PC turned on, but logged off at nights and over weekends, in order that we can continue to scan, push and verify status. The security status of Windows PC’s that are shut down cannot be verified by IUN IT.

As a reminder, all Windows PC’s should be rebooted at least daily; we are suggesting that this be done as you arrive to work at the beginning of the day.

Details of Procedure for Desktop, Lab and STC Systems

If Microsoft has new patches they are usually released on the second Tuesday of each month. On the day of release the IT Director and the System Administrator will establish a recommendation of what patches should be installed on the desktop, Lab and STC machines. This recommendation will be sent to the MCST team for approval and returned to the system administrator by the closing of the next day. After deciding what patches are needed, the system administrator will push to the test STC/Lab build.

If there are patches to be installed, the system administrator will remove the shutdown GPO on the Thursday after the updates are released. Friday morning operations will reboot all computer Labs to ensure the shutdown GPO is disabled. The lab consultants are responsible for rebooting/shutdown of the STC’s nightly.

Upon successful testing of the push and removal of the GPO, Savannah 227 and all other STC’s and labs as they become available will be patched. Faculty and staff Windows desktop systems will be scanned and patched starting the weekend after the patches are released

Please note that only windows security patches will be pushed out to these systems. Office and other applications patches are not installed remotely.