How do you know which Windows updates to deploy?

Till now we never controlled any of the Windows 10 update in our company. But recently we started getting so many blue screen error in our computers and mostly once the receive any Windows 10 updates.

You can control the update but how would anyone know which update will cause blue screen error for which PC?.

We have around 150 computers and laptops all of them running Windows 10 with 1809 version. Is there any centralized solution to this issue? now my manager is after me to get the better solution for this.

Any suggestions are welcome



Hi @Addison,

If you are a large company like managing 1000s of computers then you can use Windows Server Update Services (WSUS) and System Center Configuration Manager (SCCM). This both application possibly help you bypass the Microsoft update servers and let you deploy updates from a local management server instead. In order to make this happen smoothly, you need to have a dedicated IT department because this work requires significant attention from the IT department.

WSUS is the simpler of the two options. It runs as a Windows Server role and provides a central store for Windows updates within an organization. Using Group Policy, a network administrator points Windows 10 PCs to the WSUS server, which serves as the single source of downloads for the entire organization. From the WSUS administration console, administrators can approve updates and choose when to deliver them to individual client PCs or groups. PCs can be assigned to groups manually, or you can use client-side targeting to deliver updates based on existing Active Directory security groups.


This is what we follow in our organization. Whenever Microsoft releases new Updates, first it goes out to a test group 1st, maybe an IT support test group if not an actual designated end-user group. We use 3 test groups, desktop support, and security department 1st, then a bigger group with additional members of IT and then a final test group that adds selected end-users who know more than the average end-user.

We also ensure updates run 30 to 60 days behind in case Microsoft issues a stop notice. If your company is not big enough for this type of testing then you should set up a virtual test lab that has clones of a typical end-user and test on those best you can.

1 Like