Hello,
We are looking at using WSUS for server patching.
Ideally I'd like the servers to download the patches and install them but not reboot. I see from the policies that there's an option to "3 - auto download and notify (i.e. don't install)" or "4 - auto download and install". Additionally there's an option to allow updates that don't require an install to install automatically.
So if I want servers to download patches but not reboot it looks like I must choose option 3 and allow updates that don't require a reboot to install. Is that correct? After that is it enough to remotely reboot all servers at a set time for the remaining patches to install or must I connect to each server, install the patches, and then reboot? The latter seems to be a lot work (we have some 200+ servers) so I was wondering how others do this or whether there's any best practices.
Thanks,
Rakhesh