To specify that Group Policy for users should never be updated while the computer is in use, select the Disable background refresh of Group Policy policy.
But I can distill the process into six general steps.
The importance of each stage of the patch process--and the amount of time and resources you should spend on it--will depend on your organization's infrastructure, requirements and overall security posture.
For example, if you type 30 minutes, the system selects a variance of 0 to 30 minutes.
Typing a large number establishes a broad range and makes it less likely that client requests overlap. Important If the Disable background refresh of Group Policy policy is enabled, this policy is ignored.
Step 1: Develop an up-to-date inventory of all production systems, including OS types (and versions), IP addresses, physical location, custodian and function.
Commercial tools ranging from general network scanners to automated discovery products can expedite the process (see Resources, below). Step 2: Devise a plan for standardizing production systems to the same version of OS and application software.
Some companies have staff dedicated to managing this process; others use vulnerability reporting services. Assess the vulnerability and likelihood of an attack in your environment.
Perhaps some of your servers are vulnerable, but none of them is mission-critical.
For example, let's say you learn that Open SSH has a vulnerability that may allow a buffer-overflow attack, but from your list of controls you know you don't allow the Sec SH protocol through your firewall.
If nothing else, that knowledge gives you more time to react.
January's SQL Slammer worm reminded us of the importance of patching vulnerabilities in computer software.