"Generally" it is a good idea to install them ASAP for most users. Best
practice however is to do a backup of ANY computer before installing a
critical update, service pack, etc though most users do not. It seems you
are talking about a production network that probably is behind a firewall
and has good antivirus protection including email scanning which will reduce
the risk associated with not installing critical updates ASAP except for the
fact that unathorized or otherwise infected computers on the network could
cause a problem. Blaster was a perfect example as so many sat smuggly behind
their firewall as Joe user plugged his infected laptop into the network to
download some good porno for home use and brought down most of the network.
Since there are so many different configurations out there it is impossible
to say that there will not be problems and in the past there have been some
pretty widespread problems with a very few critical updates. In my opinion I
think it makes sense to try to keep as current as possible with the news of
critical updates, assess the risk of not doing it right away as to what it
is supposed to fix [blaster was a case of real urgency - not all are], and
testing it out first ASAP on a few workstation machines with varied
configurations for at least a few days to assess if there seems to be a
problem or not and then make your decision on wide spread deployment. Of
course any servers should be fully backed up/Ghosted before patching.
Software Update Services allows you to approve patches for this very reason
instead of letting your network computer automatically downloading and
installing all updates and many can be uninstalled via add/remove programs.
There are also a couple on Windows Update newsgroups where you may also want
to post. --- Steve
