It’s (not) The End Of The World As We Know It – Deploy Service Packs

Shane Corellian Raindog Sys Admin
Photo by Helen Rosemier

Man, some people treat deploying a Windows Service Pack like they’re treating a subdural hematoma on their only child. Why are so many people afraid of their own shadow? What, you don’t think after a Microsoft Service Pack has been GA for a few days, let alone a few months, that most of the issues resulting from applying it haven’t already been discovered, addressed and, for the most part, resolved? 

Before you go off on how you’ve been screwed by a service pack let me come right out and say that the last service pack that bit me was in 1996. It was Service Pack 2 of NT 4.0. I was living in L.A., working for a TV company. I was on the bleeding edge and I installed it the day it was released it on a TEST server. It fried my OS. I called my brother in Arkansas. I told him what had happened. He applied SP2 to a laptop that he rarely used and he had the same problem. Hey, that’s what testing is for right?

So go ahead, dip your toe in pool. Maybe suss out the water a little and make sure a jump from a rock 30 ft. above won’t kill you. What I don’t get is when you order a pH test, call in a team of scientists, diving experts and a local shaman to determine if swimming in a local watering hole is akin to skinny dipping in battery acid with Grandma.

Sure, I understand maintenance windows on your servers. Any semi-critical system should have maintenance performed at scheduled time slots when the appropriate attention can be payed and when business impact is seriously mitigated. Don’t overdue it, though. I, personally, think that going more than a few months without applying a Windows OS Service Pack is silly*. 

I know I know, Service Pack 3 for Windows XP was huge. It introduced a lot of enhancements and tighter security. A lot of bleeding edge deployments got hit kinda hard. But all of those issues were addressed DURING THE BETA of SP 3. The changes to the Windows Firewall were quite well documented by the time most companies got around to starting mass deployments.

So, if you want a few pointers then here you go:

1) Keep an eye for what other Windows’ admins are saying. Go to ServerFault or 4SysOps or any number of great admin sites. Shawn mentioned a few in a blog called Seven System Administrators That You Should Know (and thank). You’ll find discussions and questions about what’s going on out there.

2) Don’t go “all in” right away. Have some test systems. Have these systems represent, as closely as possible, the configuration of your production servers. It’s OK to give a 7 Mississippi count before throwing a new service pack onto your production systems.

3) Back up the important data. Sure something could go wrong. Make sure you have your data backed up or, better yet, make sure you have some good fault tolerance built in. Even better still, if you have your servers virtualized then create a snapshot for rolling back.

4) Relax. You’re not in surgery. Schedule your maintenance, crank some good tunes, order some pizza, wear jeans or shorts or pasties and let your company know that not only do they have a kick-ass administrator but they also have up-to-date, vendor supported and secure computers.

Check out Shawn’s article about deploying Windows 7 SP 1 with PDQ Deploy.

As you were.

*I’d use a different adjective but Shawn keeps telling me to tone down my words. Come out for some Guinness with me and you’ll quickly understand my true feelings about this.