I inherited a network with several servers running Windows Server 2003. They have not been updated for several years because my predecessor was concerned that updating Windows Server 2003 might render it useless in case there's a problem. Here are my questions:
- What is the best way to update the servers to that they are properly patched? I'm thinking in terms of strategy.
- Is there a free or low-cost software that I can install so that if the windows update didn't work, I can go back (or revert) to all the settings prior to the update?
- Should I do a System State backup each time prior to an update?
Install all service packs, and then deploy Windows Server Update Services. Then you can roll out all the updates to the servers at one time (WSUS can deploy service packs for you, but you might find it "feels" safer to do them by hand on each machine. It's not really any safer, but it might appease your conscience if anything goes wrong)
Yes, Windows Server Update Services permits for un-installing certain updates. Otherwise, System Restore does a good job as well.
If you like, but Windows will do a System Restore snapshot if you have it enabled, so that would only be for a totally worst-case scenario. I would try an un-install via WSUS and then a system restore before reverting to a system state backup.
(p.s. you should be doing regular system backups anyway, so I suggest that if you're not doing them, setting up a regular backup schedule should be your first step regardless of anything you do next.
ntbackupcan be clunky, but it actually does a pretty good job)