General Best Practices

The best practices listed in this section are described in more detail in the Update Management Using SMS/Deployment Guide white paper, which is available at the Microsoft Solutions for Management Web site at https://www.microsoft.com/solutions/msm.

Perform an initial audit

An audit helps an organization understand and gain an accurate record of its technology assets, prior to initiating a software update management program. Accurate and current information of what is present in the production environment is essential for software update management.

Establish baselines

An important part of the software update management process is creating initial standard installations of operating system versions, applications, and hardware for computers in your enterprise, called baselines. A baseline is the configuration of a product or system established at a specific point in time. An application or software baseline, for example, provides the ability to rebuild a computer to a specific state.

Baselines provide the basis for finding and fixing potential problems and simplifying the software update management process considerably, both by reducing the number of software updates you must deploy in your enterprise and by increasing your ability to monitor compliance.

After performing the initial audit of your enterprise, you should use the information that is obtained from the audit to define an operational baseline for the IT components within your production environment. A number of baselines might be required, depending on the different types of hardware and software deployed into production. For example, certain laptop computers require a software update to prevent them from hanging when they enter hibernation or standby mode when running Windows XP. A baseline for these laptops should include this software update.

In large organizations, it is often helpful to divide the computers in your enterprise into asset categories and keep each category at a standard baseline by using the same versions of software and software updates. You can then use these asset categories in prioritizing a software update distribution.

The Software Updates Installation Agent includes an option to generate a reference computer template that contains the baseline of software updates from a reference computer. For more information, see the "Use a reference computer to expedite approval processing" section earlier in this chapter.

Subscribe to the appropriate software update notification services

After you perform an initial audit of the software in use in your enterprise, you should determine the best method for receiving notifications of new software updates for each software product and version. Depending on the software product, the best notification method might be e-mail notifications, Web sites, or computer publications.

For example, the Microsoft Security Response Center (MSRC) responds to all security-related concerns about Microsoft products and provides the Microsoft Security Bulletin Service, a free e-mail notification of newly identified vulnerabilities and software updates that are released to address these vulnerabilities. You can subscribe to this service at https://www.microsoft.com/technet/security/bulletin/notify.mspx

Note that when receiving e-mail notifications for software updates, you should always verify the validity of the message. For more information, see the Update Management Using SMS/Deployment Guide white paper at https://www.microsoft.com/solutions/msm.

For More Information

Did you find this information useful? Please send your suggestions and comments about the documentation to smsdocs@microsoft.com.