Edit 3/2/2015 - This has been changed, please read SharePoint Server Patches Are No Longer Published in Windows Update.
Starting with the February 2015 CUs, all the SharePoint patches will try to sneak onto your unsuspecting SharePoint servers via Windows Update. Here’s a snippet from Stefan Goßner’s blog post on the matter:
“Be aware that starting with February 2015 CU SharePoint Product Updates including non-security product updates will be made available via Windows Update.”
He included a screenshot to really drive home the horror. Here’s my version of this:
Not only do the SharePoint patches show up in Windows Update, they show up as Important updates. That means Windows Update will install them when it gets a chance without warning you at all. As a guy that maintains a wiki whose sole purpose in life is to document problems with SharePoint patches, this gives me the willies. The files highlighted above are the same files that would be installed if you installed the February 2015 CU packages. The CU just puts them in one (or two) big files. What does this mean for you, the harried SharePoint administrator? Allow me to address that in the form of Frequently Asked Questions, that I actually have not actually been asked.
Q1) Is this real? Are you fooling me? Am I on TV? Where are the cameras?
A2) I assure you, this is all real. No screenshots were harmed in the making of this blog post.
Q2) How does this impact my Windows Update settings on my SharePoint servers? I’m scared, hold me!
A2) My lawyers have advised me that cuddling with my readers is strictly forbidden. No exceptions. However, I can help with the Windows Update settings part. Because of problems I’ve had in the past, for years I have recommended not allowing Windows Update to automatically update your SharePoint servers. I set all of mine to “Download only.” This only reinforces my feelings on that. Of course then you have to be diligent about going in and manually installing the patches on all of your servers, every. single. month. That’s a lot to remember.
A better solution is to start using Windows Server Update Services (WSUS) to distribute Windows and SharePoint patches to your servers. This gives you central patching control of all of your servers. In my opinion it’s better than not patching your servers and it’s better than letting SharePoint get patched every month.
Q3) If these patches are installed via Windows Update do I still need to run the Config Wizard after they’re installed?
A3) Absolutely. This requirement has not changed. SharePoint will run, mostly happily, with the binaries updated but without having run the Config Wizard. It’s not a great place to be in, but it will work. You shouldn’t have to worry about your SharePoint farm falling on its face immediately after the patch is installed, at least not because of the Config Wizard hasn’t been run. However, to prevent weird issues from popping up, it’s best to run the Config Wizard as soon as possible after any patch is installed.
Those are all of the phony FAQs I can dream up for now. If you have more questions, throw them in the comments below. I may add them to the article.
Thanks, and happy patching, intentional or not.
tk
ShortURL: http://www.toddklindt.com/SharePointPatchesInWU
Edit 3/2/2015 - This has been changed, please read SharePoint Server Patches Are No Longer Published in Windows Update.