Patch Policies in a Managed Programs Environment
Windows Operating Systems, whether installed on server or client computers in a network, benefit from having security patches applied on a regular basis. It is far from true that Windows computers, including servers, can be configured once and continue to function seamlessly thereafter. To remedy this, Microsoft regularly releases software patches for its systems. These small modules are designed to be installed into an existing OS configuration, and to repair elements of the operating system on an ongoing basis.
Some patches do more than mitigate flaws in the original OS. They also provide new protection against a growing array of threats developing in the online world. In addition, patches can provide enhanced or new functionality, making an OS more powerful than it was when it originally shipped.
Patches are best applied by IT professionals who can organize server and client patch installation using a managed programs approach. In this approach, server infrastructure can be maintained at a high level because known flaws are dealt with and eliminated as soon as patches for the issue are released by Microsoft. This is preferable over allowing end-users to update their own computers and apply patches "as time permits," a situation that will not only open an enterprise up to security risks, but which will also cause client computers to have slightly different versions of Windows running. This can cause conflicts in internal operations that a managed programs approach would have avoided.