kevan79 Posted March 18, 2005 Share Posted March 18, 2005 I'm trying to find a login script that will patch your network computers/servers with any patches you have downloaded to a file server.Info: Servers running W2k3, all clients running XP Pro. Windows Auto-update is disabled.So, any ideas? I'm not yet big into vbs scripts, though I'm trying to learn as fast as I can plus reading different things on this forum as well. Please email at airkevan@hotmail.com with any suggestions and/or post here.ThanksKevan Link to comment Share on other sites More sharing options...
un4given1 Posted March 18, 2005 Share Posted March 18, 2005 Why not use Windows Update Serivces? (that's what the new/beta version is called..) Or System Update Services? (old version) Link to comment Share on other sites More sharing options...
kevan79 Posted March 18, 2005 Author Share Posted March 18, 2005 Basically, it is not authorized to be run. I can't go into it any more than that. Link to comment Share on other sites More sharing options...
valter Posted March 18, 2005 Share Posted March 18, 2005 Check this one http://www.shavlik.com/hf.aspx Link to comment Share on other sites More sharing options...
kevan79 Posted March 21, 2005 Author Share Posted March 21, 2005 Yeah, that really looks nice, but again, it's an outside program, so it wouldn't be allowed. i.e. I can't use WIndows update itself and I can't use outside programs...has to basically be a script...and it sucks...but that's the rules I got to follow...if that makes any sense, which I know it don't. Link to comment Share on other sites More sharing options...
valter Posted March 21, 2005 Share Posted March 21, 2005 You can make a batch file listing all hotfixes (placed somwhere on the shared location) with QChain.exe and call it from your logon script to execute after users log on ... Link to comment Share on other sites More sharing options...
ravashaak Posted March 21, 2005 Share Posted March 21, 2005 Would a microsoft-provided utility be allowed? If so, then you can install the MBSA (Microsoft Baseline Security Analyzer) and run it from the command line as follows:mbsacli.exe /hf <options>This gives you pretty much the same functionality as hfnetchk, but in a MS-supplied tool.If even this is verbotten, you're most likely stuck using scripted file version and registry checks in order to ascertain patch deficiencies. Filever.exe and reg.exe are your friends in this case. Most security bulletins contain information on how to manually determine what patches are installed (ie registry keys/values altered, file version numbers, etc). Google can also prove helpful. By searching for the patch name/number along with terms such as "detection", "versions", "registry", etc, you can often find enough information to script a detection routine. As a last resort, you can install the patch on a test box and search for registry entries modified, added, etc. You may even need to use filemon.exe and regmon.exe from sysinternals to accomplish this. In any event, once you've generated a list of needed patches, it's merely a matter of scripting the calling of each hotfix installer (most likely supressing reboots and dialogs), with a nice execution of qchain at the end.Note that you should run this as a startup and not a logon script, unless your users logging on locally have admin rights. - Ravashaak Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now