Home / Windows 7

Monitor and maintain Windows Clients

Configure and manage Windows updates

Over the years, you've probably seen new Windows versions as well as hundreds, if not thousands, of updates from Microsoft. Updates can offer new functionality, fix problems, plug security holes, and update drivers. Of course, at times you might have had an update mess up your system-maybe an updated driver didn't work properly and you needed to perform a driver roll back or system restore.

Updates have been a part of Windows for many years and, quite honestly, Microsoft is getting pretty good at it.

You can be sure that when Microsoft released Windows 8, its developers made the operating system as secure and reliable as possible for the day it was released. However, within days of any release, new security threats, expiring certificates, and patches would have been identified that would threaten the ongoing security of Windows.

Thankfully, Windows has a reliable, proven, and regular updating infrastructure. Overall, allowing Microsoft to update Windows 8 will improve the security, efficiency, and overall wellbeing of the operating system.

Tip:
Windows 8 allows a standard user to install updates from Windows Update without receiving a User Access Control (UAC) prompt.
NOTE: BACK UP
Please ensure that you have a valid, up-to-date, and verified backup of your system. This is especially useful whenever making updates to your drivers, hardware, firmware, and BIOS.

Configuring update settings

Microsoft has two primary ways to distribute updates: the Windows Update client and Windows Server Update Services (WSUS). Depending on the organization's size and how many computers are on the network, Microsoft provides the following guidance:


Update Method 	Network Size	Remarks

Windows Update 	50 		No management or infrastructure needed. 

				Doesn't allow for testing or approval of each update.

WSUS 		Any 		Allows testing and approval of each update. 
				Requires an infrastructure server.

Updates in Windows Update come in four different types, each with a particular focus:

  • Security updates, by the Microsoft Security Response Center (MSRC), resolve security vulnerability. Security updates are accompanied by two documents: a security bulletin and a Microsoft Knowledge Base article.
  • Critical updates are important updates relating to the operating system.
  • Windows Defender definitions keep Windows Defender as up to date as possible. Regular updates of antimalware signatures and definitions are required.
  • Service Packs provide a cumulative set of all the updates created for a Microsoft product. A service pack also includes fixes for other problems that have been found by Microsoft since the product's release. A service pack can contain customer-requested design changes or new features. Like security updates, service packs are available for download and are accompanied by Knowledge Base articles.
Note: WINDOWS UPDATE IS AUTOMATIC
For home users and small businesses, Windows 8 is configured to retrieve updates automatically and directly from Microsoft.
Tip:
By default, the Windows Update service is configured for Delayed Start, which prevents the service from running as soon as Windows 8 starts, so that startup isn't slowed down. Instead, it runs a few minutes after Windows 8 has successfully loaded.

Configuring Windows Update settings in Windows 8

If you can't remember the permissions that you gave Windows 8 the first time you turned on the device, or if you want to make changes, you can follow these steps to review and, if necessary, make changes to your settings:

  1. Search the Start screen for Windows Update.
  2. Click Turn Automatic Updating On Or Off to open the full Windows Update panel.
  3. On the Choose Your Windows Update Settings page, use the drop-down list to select one of the four choices, to modify the update settings.
  4. Click OK to confirm your choices.

The following table contains a brief description of each option.


Option				Description
Install Updates Automatically 	Updates are automatically downloaded in the
(Recommended)			background when your PC isn't on a metered 
                                Internet connection.

Download Updates But Let Me 
Choose Whether To Install Them	You receive notifications about new 
                                Windows 8 updates.

Never Check For Updates 	This option effectively disables automatic updates completely.
(Not Recommended)
Tip:
Windows 8 allows a standard user to install drivers that are downloaded from Windows Update or included with the operating system without receiving a UAC prompt.

By default, if you leave the automatic updates as the default, your updates are downloaded and automatically installed at 3 A.M. local time (just like with Windows 7). You can change this to another time in the Run Maintenance Tasks Daily At option.

Even if everything is set to automatic, your computer might not have installed all the updates. Occasionally using the option Check for Updates is useful.

Previous versions of Windows have allowed users to decide to postpone or cancel the installation of updates, via notification area alerts. Microsoft has changed the default behavior in Windows 8 so that users are only notified of updates on the logon screen.

This effectively reduces the amount of "chatter" to the desktop during normal operations while maintaining the operational security of Windows.

NOTE:
Windows 8 always searches Windows Update for the latest compatible drivers when a new device is connected to the computer.

Configuring Windows Server Update Services (WSUS)

Windows Server Update Services version 3.0 SP2 is the supported patch-management tool available for Windows Server administrators to authorize, publish, and distribute updates within their networked environment that contains Windows 8 devices.

Micromanaging any tasks that include hundreds or thousands of items generally isn't a best practice within any environment, and a busy IT department is no exception. Administrators have a diminishing amount of time in which to perform maintenance tasks. WSUS, which was introduced with Windows Server 2000, significantly helps with the process of ensuring that administrators keep their networks safe and secure.

Rather than have each workstation manually connect to Microsoft Update, administrators can use WSUS to centrally download updates to an internal server. They then can authorize and deploy each update internally to specific workstations or computer groups based on hardware or function. This allows administrators to exert a greater level of control over which updates are deployed within the organization.

Tip:
For the workstation to automatically check and download updates from WSUS, the wuauserv service must be running. You can find this service on the Task Manager Processes tab under Service Host: Local System.

Updating Windows Store applications

To ensure that only apps that run in the new Windows 8 interface have been thoroughly checked to work, Microsoft insists that all apps need to be downloaded from the Windows Store to be installed on your device.

The developers who built and published the app most likely have an update release schedule during which they might have a number of new features, enhancements, bug fixes, and so on. After they develop these changes, they upload a new version of the code to the Windows Store. After this update is thoroughly tested by a Microsoft app engineer, the new version is approved and appears in the Windows Store as a more up-to-date replacement. All updates available via the Windows Store will have been verified via the same quality-control procedures as the original application.

NOTE:
An organization can bypass the wait for new updates by side-loading an app. This is the process of installing apps that haven't been approved by the Windows Store. An app must be digitally signed and the PC must be configured to allow the installation of trusted apps before the app can be side-loaded (use the PowerShell 3.0 command Add-AppxPackage.)

As part of the Microsoft update service, the apps installed on your device are checked, by default, to see whether the store has a newer version. If it does, the Store tile indicates the number of updates available.

To install the updates, click the Store tile to open the Windows Store. In the upper-right corner of the Store should be the option to install available updates.

After you click Updates, Windows 8 verifies the updates available and then displays a screen. If you are on a metered Internet connection, you might want to clear any non-essential updates; you can choose which updates to install.

NOTE:
On a fresh installation, Windows 8 requires 15 app updates. This updating is by design and ensures that the core apps included with the operating system are the latest versions available.

By default, Windows notifies you when app updates are available. If you don't see any updates, you can check to identify whether the default setting has been changed by following these instructions:

  1. Ensure that your computer is connected to the Internet.
  2. From the Start screen, click the Store tile to open the Windows Store.
  3. Open the Store charms bar and select Settings.
  4. Choose App Updates. (If requested, you might need to sign in to the Windows Store before proceeding.)
  5. Ensure that the automatic setting is configured to yes.

Removing Windows 8 apps

Often apps are installed, tried once or twice, and then quickly ignored and never used again. If you find that several of the apps that require updating aren't familiar to you, they might no longer be required and could be removed.

To uninstall an app, right-click the app from the Start screen and then click Uninstall.

NOTE:
If the app is a desktop variety, you would use the Programs and Features Control Panel applet to uninstall a desktop app.

Understanding Windows product lifecycles

Every product must be replaced at some time, and often a business maintains only a set number of versions at any one time. Not only does supporting multiple products not make economic sense, but doing so also can hinder motivation for employees who are expected to remain focused on legacy software.

Microsoft offers mainstream support for its products for a minimum of five years. After this time, business customers can choose to purchase an additional year's of extended support. Only while a product is within the mainstream or extended supported phase of a product lifecycle are updates, including security updates, made available by Microsoft.

MORE:
For more information on the Windows 8 product lifecycle, see http://support.microsoft.com/gp/lifeselectwin.

Managing Installed Updates

Although all updates are thoroughly tested by Microsoft, guaranteeing that they will work for every PC and possible combination of installed software is impossible. For example, if you recently noticed that Windows updated your system but now a specific app freezes or fails to work properly, you could try to remove an update if you have diagnosed an incompatibility.

To remove an installed update, follow these steps:

  1. Search the Start screen for Windows Updates.
  2. Select View Installed Updates.

To remove an update, select the installed update that's causing the problem and select Uninstall.

Testing updates

Larger organizations with hundreds and thousands of users must dedicate significant resources to ensure that Microsoft updates work on their computers. Suppose that a banking enterprise has 20,000 employees, and the majority of them have a computer. Because the potential for disaster is huge, that bank must create an update process that involves planning, discussion, testing, and then finally installing the update.

Within an organization, every piece of software is inventoried and accounted for. Each update undergoes testing to ensure that the Line of Business (LOB) software and the update are compatible. Only when the process is complete can the rollout begin. This is performed in controlled phase deployments based on risk and need. If any problems are encountered during the rollout, the process can be halted and investigated.

In large organizations, this process can be continual because updates are received from not only Microsoft, but also the following:

  • Software vendors
  • Vendors that build customized software
  • Antivirus software vendors
  • Hardware drivers

In this tutorial:

  1. Manage Local Storage
  2. Monitor system performance