Jump to content

Help! Login Script For Patches


kevan79

Recommended Posts

I'm trying to find a login script that will patch your network computers/servers with any patches you have downloaded to a file server.

Info: Servers running W2k3, all clients running XP Pro. Windows Auto-update is disabled.

So, any ideas? I'm not yet big into vbs scripts, though I'm trying to learn as fast as I can plus reading different things on this forum as well.

Please email at airkevan@hotmail.com with any suggestions and/or post here.

Thanks

Kevan

Link to comment
Share on other sites


Yeah, that really looks nice, but again, it's an outside program, so it wouldn't be allowed. i.e. I can't use WIndows update itself and I can't use outside programs...has to basically be a script...and it sucks...but that's the rules I got to follow...if that makes any sense, which I know it don't.

Link to comment
Share on other sites

Would a microsoft-provided utility be allowed? If so, then you can install the MBSA (Microsoft Baseline Security Analyzer) and run it from the command line as follows:

mbsacli.exe /hf <options>

This gives you pretty much the same functionality as hfnetchk, but in a MS-supplied tool.

If even this is verbotten, you're most likely stuck using scripted file version and registry checks in order to ascertain patch deficiencies. Filever.exe and reg.exe are your friends in this case. Most security bulletins contain information on how to manually determine what patches are installed (ie registry keys/values altered, file version numbers, etc). Google can also prove helpful. By searching for the patch name/number along with terms such as "detection", "versions", "registry", etc, you can often find enough information to script a detection routine. As a last resort, you can install the patch on a test box and search for registry entries modified, added, etc. You may even need to use filemon.exe and regmon.exe from sysinternals to accomplish this. In any event, once you've generated a list of needed patches, it's merely a matter of scripting the calling of each hotfix installer (most likely supressing reboots and dialogs), with a nice execution of qchain at the end.

Note that you should run this as a startup and not a logon script, unless your users logging on locally have admin rights.

- Ravashaak

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...