Desktop Patching

ITD utilizes Windows Server Upgrade Service (WSUS) to manage OS and Microsoft Office patching, and to give administrators control over hot-fixes and updates released to computers within an organization.

Enterprise Patching

Windows patching ensures that computers get the latest security and critical updates from Microsoft. Many people are familiar with the "Windows Update" feature enabled by default in Windows. While Windows Update can work well in residential applications, IT administrators often require a more powerful tool. WSUS gives administrators control over what updates are applied, when they are applied, and to which computers they are applied. This serves to increase the security posture of the organization, decrease the time spent applying updates, provide administrators with an accurate reporting of the deployment of updates. WSUS also allows administrators to crate test groups. These groups can have updates applied to them to verify the updates don't break functionality. Once verified, updates can be safely implemented across the organization.

Configuring WSUS via Active Directory Group Policies

  1. Right-click on the Organizational Unit (OU) which contains the computers you wish to have the policy applied to
  2. Select Properties
  3. Select the Group Policy Tab
  4. Click the New button
  5. Type in a descriptive name for the policy then press enter
  6. With the new policy highlighted, click the edit button
  7. Expand Computer Configuration, right-click on Administrative Templates, and click Add/Remove Templates
  8. Download Group Policy ADM Files from Microsoft (xpadmsetup.msi)
  9. Under Computer Configuration, expand Administrative Templates, expand Windows Components, and expand Windows Update
  10. Double-click on Configure Automatic Updates. Click the radio button to enable
  11. From the Configure Automatic Updating dropdown list, select "4-auto download and schedule the install"
  12. For Scheduled Install Day, select "0-every day"
  13. For Scheduled Install Time, select a time that will work for your agency
  14. Click OK
  15. Double-click on Specify Intranet Microsoft Update Service Location
  16. Click the radio button to enable
  17. Enter (this hyperlink is utilized in the WSUS) for intranet update and intranet statistics
  18. Click OK
  19. Double-click on Reschedule Automatic Updates Scheduled Installations
  20. Click radio button to enable. Change Wait After System Startup to 1 minute
  21. Click OK
  22. Double-click Enable Client-side Targeting
  23. Click the radio button to enable
  24. Put in a group name for your agency. (For example: ITD Desktops)
  25. Click OK
  26. Close out of the group policy editor

Requesting Service

Use ITD's online Work Management System (WMS) to submit a service request.

Associated Rates

Title Current Rate Current One Time Fee
Technology Fee

Network access charge is assessed for each state FTE for statewide area network access and other network services.