A really small IT shop learns to hate patch tuesdays - Tim Mangan - BrianMadden.com
Brian Madden Logo
Your independent source for desktop virtualization, consumerization, and enterprise mobility management.
Tim Mangan's Blog


  • Two App-V Books "The Client Book" and OSD e-book Reference at http://www.tmurgent.com/Books/default.aspx. Training classes now booking for App-V 4.6 SP1.

Past Articles

A really small IT shop learns to hate patch tuesdays

Written on Aug 21 2007
Filed under:
13,238 views, 12 comments

by Tim Mangan

I run a small business.  For a long time it was just me.  Now it's just me, plus my relatively non-technical spouse who helps with customers and coordination.  She acts as my travel agent, processes credit cards, and does all the arrangements for the training classes I run.  She lives on outlook.exe and iexplore.exe natively installed on her desktop PC.  Sure, I could put her on one of my servers, but I can't due to the oddities of Microsoft licensing.  Anyway, that is how it is.  Then each month Microsoft provides her with updates.  Patch Tuesday is always followed by Screaming Wednesday.  Patch Tuesday always breaks something on her PC.  Most of the time it is outlook. 

This week, we had the case of the missing address book.  We could click on the contact folder and see all the contacts just fine.  Open up a new mail message, click on the TO button to open up the address book and BANG.  An error saying, in essence, that the address book was pointing to a file that no longer exists or was moved or has been invaded by aliens.  So I had to delete the address book and recreate it, linking it back to the outlook contacts. (Why does outlook need to go out to an external address book to look back into outlook to see my contacts?  That to me is one of those mysteries like what exactly is in canned spam.) Once I had that figured out I left to go back to my office smug in the knowledge that I had fixed a problem that she would have probably never fixed (short of buying a new PC and asking me to import everything to it.  Which I should probably do because it is old then I could justify buying her the new outlook.  But we're a small company.  She is the CFO.).  Soon the scream fest continued. 

She couldn't possibly send an email because now she couldn't find a name because all the names were sorted by first name.  That was easier to solve, but it raises two interesting questions.  First, why would anyone looking for an email name want to sort by first name?  Second, how could there be enough demand to make that a feature?  Third why would windows update overwrite something to make that the default?  and fourth, why can't I count?  Fortunately, my son handled this one for her (I was tied up fixing my daughters laptop which failed to take a new antivirus program update).  Reminder to self:  son Patrick may not have much experience but he will look and look until he finds it.  Let him.

Oh but if we could be done now.  Windows updates also re-arranged the preview layout.  She prefers seeing 3 lines inline.  Each month Microsoft rearranges this to show her the entire email on half of her screen.  Each month she changes it back.  But not before I hear about 5 minutes of Microsoft bashing. If this were a one off problem, I'd be OK.  But it seems to happen every month. Worst is when I am traveling and she just has to get an email out.  I guess it is time to start using all those great tools "real" companies use right here.

I started by looking at System Center Essentials.  I had been looking for a reason to fire one of these up and take a look anyway.  SCE is the little brother of all things System Center - kind of like Presentation Server Essentials.  It is for small companies.  It handles up to 33 servers and 500 PCs.  It includes the capabilities of SMS, MOM, and Updates Server.  With this, I could possibly centralize the updates.  Well there is a problem with this idea.  I do not have a test environment with her kind of setup.  So I'm not going to change anything except for the delivery mechanism.  Still, I did find I like SCE.  It discovers everything (well except for all those PCs blocking with the firewall Microsoft nearly insists we turn on).  It tells me what patches are missing and will take care of installing them.  I can set automatic or manual approvals.  The monitoring was less than I hoped for.  Unless you have a full time person to tweak the heck out of it, I had a hard time seeing the value in it.  Plus the GUI is very ssssslllllooooowwww to work with.

I could solve it with SoftGrid,  That would be a solution that would isolate the app from the OS, including whatever bad things windows update might try.  But then you have that licensing thing again. 


I suspect I'm not alone in this home PC IT admin dread of Patch Tuesday.  I think I'll just buy her a new PC and Outlook and hope it goes away.



Our Books


Guest wrote get a mac
on Wed, Aug 22 2007 4:06 AM Link To This Comment

tim, buy her a mac, it will take a while before she accepts it, but then there is no turning back.



Matt King wrote WSUS
on Wed, Aug 22 2007 7:51 AM Link To This Comment

You have servers, but are all of your devices on a domain? If so, set up WSUS on one of your servers and that would centralize the updates and block the ones you don't want. As a rule, I do not install any updates by default. I look at all security updates and install the ones that are applicable, but I do not patch any working server just because patches are available.

I would suggest turning off automatic updates on all of your computers, only install the ones you think you need, and configuring WSUS on one of your servers.

Tim Mangan wrote Re: WSUS
on Wed, Aug 22 2007 11:12 AM Link To This Comment

SCE includes the WSUS capabilities.  The point here is that unless I have a duplicate environment to test the actual configuration, it doesn't help.  Setting up a test machine, even virtual, so that I can go through that process for a single user doesn't make much sense.  It's not like I am going to install the updates there and then test all the things I think that use does before approving the updates.

But the real point here is that none of these updates should be affecting Outlook the way it does.  Security fixes should not constatly be affecting established user preferences, for example.  And you shouldn't have to test them against your user test beds and deny them either.

Guest wrote Re: get a mac
on Wed, Aug 22 2007 11:12 AM Link To This Comment
That's not a solution, that's submission!  "Here, honey.  You can only do half the things you used to do, but we don't have to patch it or fix things, so it all evens out"
Gabe Knuth wrote Re: Re: WSUS
on Wed, Aug 22 2007 11:21 AM Link To This Comment

Hey Tim,  I've been auto-applying the patches for all of our laptops (except Brian...Mac SuperFanBoy), and I haven't had any issues like that.  At my last job, quite a while ago, we'd run into patches affecting homegrown apps, which I don't view as the patch's fault (and yet somehow they thought it was mine). 

Sounds like maybe a clean OS would do the trick?  Old mail DLL's really screw with things sometimes, too.

Or, your wife could just be jockeying for a new laptop and deleted the HKCU\Software\Microsoft\Office\Outlook key.  She's married to you - she had to pick up something over the years!

Good luck!

Brian Hill wrote Microsoft Action Pack
on Wed, Aug 22 2007 1:01 PM Link To This Comment
Go to www.microsoft.com/partner and sign up for their Action Pack program.  This will include all sorts of licenses for only $300 a year and give you an opportunity to use and later help resell Microsoft products.  It includes Small Business Server, 10 TS Cals, 10 licensed copies of Office, Win XP, Win XP x64 and much more.  This program is aimed at IT Professionals in the Small Business market.
Guest wrote Re: Re: Re: WSUS
on Wed, Aug 22 2007 2:44 PM Link To This Comment

She's married to you - she had to pick up something over the years!

 Wanna bet?

Guest wrote Re: Microsoft Action Pack
on Wed, Aug 22 2007 2:47 PM Link To This Comment

Well Tim, is a new MVP so he should be getting one shortly.


Tim Mangan wrote Re: Microsoft Action Pack
on Wed, Aug 22 2007 4:57 PM Link To This Comment
I'll have to look into that again.  Last time I checked, it was for folks reselling microsoft - which I don't do.  But a quick look and I see the program has expanded and might just be appropriate for me.  Thanks.
badshadd wrote mac patching
on Wed, Aug 22 2007 11:25 PM Link To This Comment
Oh, there's some patching to do - their just not as public with their problems. ;^)
Guest wrote Re: Re: get a mac
on Thu, Aug 23 2007 1:26 AM Link To This Comment
yeah, yeah, thats what they all say.... you are behind by about 2 years.
Tim Mangan wrote Re: Microsoft Action Pack
on Sun, Aug 26 2007 7:23 AM Link To This Comment

Thanks for the idea Brian.  The action pack does make sense for the licensing now that I am more than one in the company.  Looks like it is time to repurpose one of the lab servers into a shared server.  Lets see.  SBS, TS, Sharepoint...  So many toys to play with and so little time. 

(Note: You must be logged in to post a comment.)

If you log in and nothing happens, delete your cookies from BrianMadden.com and try again. Sorry about that, but we had to make a one-time change to the cookie path when we migrated web servers.