MicrosoftHello AriaUpdated if you don't mind, can you please check whether the helpful write up here is also a mirror or the recommendations given in the 25 policies you should not set article?
Maybe including permanent backlinks to each other as reference?
For future releases, as all of this naturally develops, will you rather update both articles per release or write new blogs for do's and don'ts?
As discussed in the other article. Guidance for Windows Server and modern patchmanagement should be considered in both.
It will help to adopt Azure Patchmanagement and Integration / expected results when using this service and Windows Admin Center for manual approach.
I have some set that's working right now but there are still some gaps that might even need a new policy.
Example: currently if I have redundant Systems but not clustered (no CUA, which works flawless) both may not restart at the same time.
Idea would be for Windows Server to have a policy that allow
- deadline, combined with set time as above, respecting business hours.
- offset time in minutes, admin can specify the time range from 5 minutes to a max of 30 minutes.
Offset set is a minimum + also the value for randomizing factor
Means the random value is again at minimum offset + offset
Example
Working hours 5 am -11pm (backup window 11 pm - 2 am
Domain Controller 1
Set to restart after Update Installation at 2 am
Random specified : 5 Minutes
Result restart at 2:10 am
Domain Controller 2
Set to restart after Update Installation at 2 am
Random specified : 5 Minutes
Result restart at 2:25 am
