Installing Updates From Local Disk

[ravashaak]

This is more of a suggestion than my outright saying you should do it this way:

Have you thought about adding the microsoft baseline security analyzer to your cd and scripts? If you were to do so and run it in from the command line as follows, you could eliminate detection concerns for all hotfixes this program detects:

mbsacli.exe /hf -nosum -x <path to mssecure.cab> -f <path to output file> -v

You'd need to occassionally update your mssecure.cab file in order to detect the newest hotfixes. You could run the mbsacli scan in your script, then with the output file it generates, you could parse for your hotfix numbers along with the string "Patch not". This will give you instances of needed hotfixes. Your script could then install the necessary hotfixes and run qchain at the end.

The above method should work for most hotfixes. However, I think you may still need to do manual detection for a few, such as .NET framework.

- Ravashaak

[xiphias]

I think this is a fine script, thanks ahab. I do see 1 design flaw though; what happens when a new hotfix comes out? You'd have to edit the whole script and everything. I've worked on a similar script (minus the fancy ECHOS telling me about each hotfix). Here it is:

hotfixes.bat

@echo off
cls

REM First the easy stuff, optional windows components:

ECHO Checking for Windows Media Player 10
reg query "hklm\software\microsoft\mediaplayer\10.0\registration" /v udbversion >nul
if %errorlevel% gtr 0 (
ECHO Installing WMP 10 ...
start /wait updates\WMP10silent.exe
)

ECHO Checking for .NET Framework 1.1 SP1
reg query "hklm\software\microsoft\.NETFramework\" /v InstallRoot >nul
if %errorlevel% gtr 0 (
ECHO Installing .NET Framework 1.1 SP1...
start /wait Updates\netfxsp1.exe
)

reg query "hklm\software\microsoft\.NETFramework\policy\" /v v1.1 >nul
if %errorlevel% GTR 0 (
ECHO Installing Update for .NET Framework ...
start /wait Updates\NDP1.1sp1-KB867460-X86.exe /Q
)

ECHO Checking for HighMAT CD Writting Support
reg query "hklm\software\Microsoft\" /v HMTCDWrite >nul
if %errorlevel% GTR 0 (
ECHO Installing HighMAT CD Writting Support...
start /wait updates\HMTCDWizard_enu.exe /quiet /norestart /n
)

REM Add's UNXUTILS (UNIX-like command tools @ http://unxutils.sourceforge.net)
REM This assumes that unxutils is under the current directory -> wbin; bin is for 
REM my other stuff...

path;%PATH%;%CD%\wbin;%CD%\bin;

REM Lists all hotfixes; without alphabetic stuff:

IF NOT EXIST C:\Winenima (md C:\Winenima)
IF EXIST C:\Winenima\qfecheck.txt (del /Q C:\Winenima\qfecheck.txt)
IF EXIST C:\Winenima\hfcheck.txt (del /Q C:\Winenima\hfcheck.txt)
bin\qfecheck.exe > C:\Winenima\qfecheck.txt 
tail -n+8 C:\Winenima\qfecheck.txt | tr -d [:alpha:] | tr -d [:punct:] > C:\Winenima\hfcheck.txt
rm C:\Winenima\qfecheck.txt

SET HFL="C:\Winenima\hfcheck.txt"
SET SP3_HFIXES="Updates\Pre_SP3"

FOR %%I IN (%SP3_HFIXES%\*) DO (call pre_SP3.bat %%I  %%~nI)


exit

Now for pre_SP3.bat ...

@echo off
path;%PATH%;%CD%\wbin;%CD%\bin;

SET HFL="C:\Winenima\hfcheck.txt"

REM %1 = Full path to hotfix executable
REM %2 = Just file name of same hotfix ex (for Updates\XP\Type1\327979.exe 
REM           it's just 327979)

grep %2 %HFL%
IF ERRORLEVEL 1 (start /wait %1 /passive /norestart /o /n /f)

If you know for certain that ALL post-SP2 hotfixes MUST be applied to the machine

in question, then just run:

@echo off

SET SP3_HFIXES="Updates\Pre_SP3"

FOR %I IN (%SP3_HFIXES%) DO start /wait %I /norestart /passive /f /n /o
exit

Now; please note that ALL of this assumes the following:

1. You, of course, set the variables to the proper paths. If you noticed, I'm working on a little project I like to call "Winenima," and yes it will be bad-a$$ed when I'm done.

2. You MUST RENAME ALL HOTFIXES TO JUST THE NUMBER.EXE i.e. 999999.exe

3. When a new hotfix comes out, rename it as shown above in #2 and dump it into the hotfix folder. DONE

That's All I got folks, enjoy!

~xiphias

[oioldman]

I'll be honest, I don't have a direct use for ths type of thing, but do like the idea.

As for your shutdown, in XP there is a fill called shutdown.exe, that you could use to force this, complete with a message stating it will happen and why.

e.g. shutdown.exe -r -f -t 60 -c "Windows XP will now restart in 1 minute..."

Hope it helps

[ahab]

Have you thought about adding the microsoft baseline security analyzer to your cd and scripts?

Never thought about it, but I do like the idea. I'll look into this more.

what happens when a new hotfix comes out?

Yeah, I do have to edit it, but thats only once every few weeks. I'm going more for the quick & dirty approach right now, I do like your idea though. The "fancy" echos are there more for documentation than anything. Instead of REMing them I figured I'd just echo them.

As for your shutdown, in XP there is a fill called shutdown.exe, that you could use to force this, complete with a message stating it will happen and why.

e.g. shutdown.exe -r -f -t 60 -c "Windows XP will now restart in 1 minute..."

Sometimes after doing these updates I continue working on the computer for a while, i'd like something that would popup "Do you want to restart now?" The reminder at the end of the script will work for now.

Eventually I plan to have all machines on the network run this script from a mapped drive, then reboot if needed. Right now I'm lacking a server and the network still has some kinks to be worked out.

[oioldman]

hello again folks.

Work as developed a reason for this to be used and i appreciate the original erffot made by those in previous posts especially topic starter for giving his thoughts and code away. I've written one up but can't get one reg query to work as i need and would appreciate any thoughts on how to correct it

below is code in use that doesn't work

ECHO MS Windows XP Service Pack 2
REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v CSDVersion > nul 2>&1
IF %ERRORLEVEL% EQU 0 (
ECHO is already installed
) ELSE (
ECHO Installing...
%CDROM%\KB835935SP2.exe /quiet /forcerestart /n /f
ECHO Installation complete.
)
ECHO.
ECHO.

The CSDVersion works if only used against clean xp (NO serveice pack) as no CSDVersion key in none SP.

How can I modify it so that if a pc has ServicePack 1 installed as the CSDVersion key exists it will install ServicePack2???????

Thanks all for any help

[Ctrl-X]

You could use the For command to parse the output of the Reg Query command and assign the value to an environment variable:

ECHO MS Windows XP Service Pack 2
[color="#FF0000"]FOR /F "SKIP=4 TOKENS=3*" %%V IN ('REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v CSDVersion') DO SET CSDVERSION=%%V %%W
IF "%CSDVERSION%"=="Service Pack 2" ([/color]
ECHO is already installed
) ELSE (
ECHO Installing...
%CDROM%\KB835935SP2.exe /quiet /forcerestart /n /f
ECHO Installation complete.
)
ECHO.
ECHO.

[oioldman]

Thank you Ctrl-X that seems to be working.

Will test a bit more later and update with result.

[edit]

Ctrl-X - thank you mate, that works an absolute treat.

[/edit]

Edited September 8, 2006 by oioldman

[oioldman]

old thread alert, but also a very useful one.

I use this often for new pc's to get up to scratch and it works fine with XP.

I want to now use with W2k3 Server but the code that Ctrl-X wrote doesn't work.

I'm think and can't code for toffee but understand vaguely what he was doing.

So,

Can anybody hash it to work with W2k3 Server please?

NeilW

[edit]

all sorted and will test and update tonight when home

now understand teh skip & tokens -> which is key bit here

For XP SP3 use

ECHO MS Windows XP Service Pack 3
FOR /F "TOKENS=3*" %%V IN ('REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v CSDVersion') DO SET CSDVERSION=%%V %%W
IF "%CSDVERSION%"=="Service Pack 3" (
ECHO is already installed
) ELSE (
ECHO Installing...
%CDROM%\KB???????.exe /quiet /forcerestart /n /f
ECHO Installation complete.
)
pause

you will need filename entered as i do not know it off top of head

[/edit]

[edit]

This will now work on XP and W2k3 fine and dandy.

slightly modified to remove the SKIP=n command as not needed

[/edit]

Edited April 29, 2009 by oioldman