BRITECITY's patching framework applies default patching categories, schedules, and approval policies for all managed Windows workstations and servers. Our strategy prioritizes security while maintaining system stability through severity-based and classification-based deployment rules.
Workstation Patching Schedule
Workstations receive updates on a nightly basis with minimal impact to your work day:
Workstation Schedule
| Download & Install | Nightly, 12:00 AM - 4:00 AM |
| Reboot Window | Sunday evenings, 8:00 PM - 12:00 AM |
| User Notification | Yes, with deferral options |
Users can defer the installation notification up to four times, with a 24-hour wait between deferrals before automatic approval.
Server Patching Schedule
Servers follow a more controlled schedule to ensure business operations are not disrupted:
Server Hosts
| Download & Install | Saturdays, 12:00 AM - 4:00 AM |
| Reboot Window | Saturdays, 5:00 AM - 6:00 AM |
| User Notification | No |
Virtual Machine Servers
| Download & Install | Sundays, 12:00 AM - 4:00 AM |
| Reboot Window | Sundays, 5:00 AM - 6:00 AM |
| User Notification | No |
Update Types Deployed
All update types deploy to both workstations and servers to ensure comprehensive security:
- Security Updates: Critical patches for security vulnerabilities
- Critical Updates: Non-security critical fixes
- Feature Updates: New Windows features (workstations only)
- Update Rollups: Cumulative update packages
- Service Packs: Major update collections
Note: Drivers and certain enterprise applications (Exchange Server, SQL Server) follow different approval matrices and are handled separately to prevent compatibility issues.
Severity-Based Approach
Our patching policy is severity-based to ensure critical vulnerabilities are addressed promptly:
| Severity | Approval |
|---|---|
| Critical | Automatic approval |
| Important | Automatic approval |
| Moderate | Automatic approval |
| Low | Automatic approval |
| CVSS > 1 | Automatic approval |
Feature and Quality Updates are deferred until released and vetted by the ConnectWise NOC to ensure stability.
Why We Patch Aggressively
Unpatched systems are the leading cause of security breaches. By maintaining aggressive patching schedules, we:
- Close security vulnerabilities before attackers can exploit them
- Ensure compliance with security frameworks and regulations
- Maintain system stability through regular updates
- Reduce technical debt from accumulated missed updates
Daytime Patching
If your computer is offline during scheduled patch windows, our Daytime Patching feature ensures updates are still applied. This means:
- Laptops that are closed or turned off at night still receive updates
- Updates may install during the workday if the scheduled window was missed
- Your system stays secure even with non-standard working hours
For more information, see our Daytime Patching Policy.
Best Practices for Users
To ensure smooth patching with minimal disruption:
- Keep your computer powered on overnight (connected to AC power for laptops)
- Save and close all work before leaving for the night
- Do not disable Windows Update or patch management agents
- Report any unusual behavior after updates to our support team
About the Author
Quick Answers
- When do Windows updates get installed?
- Workstation updates are scheduled during overnight hours (typically 2-4 AM) to avoid disrupting your workday. Critical security patches may be deployed sooner. Servers follow a separate schedule with advance notification for any required downtime.
- Can I delay or skip Windows updates?
- Security updates are mandatory and cannot be skipped as they protect against known vulnerabilities. If you need to postpone a reboot for an urgent deadline, contact support - we can usually accommodate short delays but updates must be completed within 48 hours.