I've got a small infrastructure of about 20 servers that are all on a domain and receiving updates from a local WSUS server. The group policy at the moment is that automatic updates are configured to auto download and schedule in the install for 3am on Sunday mornings.
This has worked well, but the problem I've noticed is that this takes the entire infrastructure down at around 3:05am on Sunday mornings as they go through a Windows Update reboot.
I appreciate that many updates require a reboot, but having all the servers schedule the install for 3am results in some outages as both domain controllers will go down at the same time, both sides of the MSSQL cluster go down etc.
Is there a good way to specify for servers to schedule their install at a random time during a set maintenance window? This should then avoid having the servers reboot simultaneously and spread it out across a longer time, hopefully resulting in no service outage.
Best Answer
AFAIK the only option is to set a specific time.
That being said, I think you're not fully aware of the implications of having ALL the servers doing automated installs/reboots.
What if there is a faulty patch wich breaks the kernel or similar.. do you really want to come to work in the morning and finding all your servers in a boot loop?
I suggest you turn on auto-install only for the servers that are critically to keep updated (internet-facing servers, terminal servers) and do the rest in a manual maintenace schedule.
If that don't work out for you, then atleast set up WSUS, test updates, and then deploy them when you are 100% sure that they dont break your OS or your applications (latter more common).
You can also create separate group policies with different timeslots, and use either OU's or security filtering to choose wich server gets what.