Re: Update patches in a network

Hi Lieven,
I have done it for the most critical patches we needed to get out. The
MS patches are created in different ways. Some of them accept batch
mode parameters that allow you to make it run silently and not restart
the computer after eatch patch, some dont. It will get qite messy if
you want to handle all your patching this way.
I would look into SUS or WSUS.

Here are my scripts if you can use them:
The first script does the job, the second script runs the first one
with local admin privileges.
You will need to create the user "yourDomain\Patchinst" who has local
admin previllages in the clients.

------------------------------------------------
'* Installes patches

Dim sp, key, sd, ver, iever, ie

Set WshShell = WScript.CreateObject("WScript.Shell")

On error resume next
sp = WshShell.RegRead("HKLM\Software\Microsoft\Windows
NT\CurrentVersion\CSDVersion")
ver = WshShell.RegRead("HKLM\Software\Microsoft\Windows
NT\CurrentVersion\CurrentVersion")
iever = WshShell.RegRead("HKLM\Software\Microsoft\Internet
Explorer\Version")
sd = False
If ver = "5.0" Then
If right (sp,1) > 2 Then

'*** Patch KB823980
Key = "A"
key = WshShell.RegRead("HKLM\SOFTWARE\Microsoft\Updates\Windows
2000\SP5\KB823980\Type")
If key = "A" Then
WshShell.Popup "Installs Patch KB823980" & Chr(13) & "Takes a
minute. Then restart.", 4, "Allways be safe", 64
WshShell.Run "p:\fasttrack\patchar\Windows2000-KB823980-x86-ENU.exe
-u -z", 1, true
sd = True
End if

'*** Patch KB828749
Key = "A"
key = WshShell.RegRead("HKLM\SOFTWARE\Microsoft\Updates\Windows
2000\SP5\KB828749\type")
If key = "A" Then
WshShell.Popup "Installes Patch KB828749" & Chr(13) & "Takes a
minute. Then restart.", 4, "Allways be safe", 64
WshShell.Run "p:\fasttrack\patchar\Windows2000-KB828749-x86-ENU.exe
-u -z", 1, true
sd = true
End if

'*** Patch Q810833
If right (sp,1) < 4 Then
Key = "A"
key = WshShell.RegRead("HKLM\SOFTWARE\Microsoft\Updates\Windows
2000\SP4\Q810833\type")
If key = "A" Then
WshShell.Popup "Installes Patch Q810833" & Chr(13) & "Takes a
minute. Then restart.", 4, "Safetybelt", 64
WshShell.Run "p:\fasttrack\patchar\Q810833_W2K_SP4_X86_EN.exe -u
-z", 1, true
sd = true
End if
End if

'*** Internet Explorer patch Q818506.
If left (iever,3) = "6.0" Then
ie =
WshShell.RegRead("HKLM\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\MinorVersion")
If instr(1, ie, "SP1") <> 0 Then
If instr(1, ie, "Q818506") = 0 Then
WshShell.Popup "Installes Internet Explorer patch Q818506" &
Chr(13) & "Takes seconds. Then restart.", 4, "Hi!", 64
WshShell.Run "p:\fasttrack\patchar\Q818506.exe -q", 1, false
wscript.sleep 5000 '*** Waits for installation.
WshShell.AppActivate ("Q818506.exe")
WshShell.sendkeys "{%}n" '***Answers No to GUI question "Do you
want to restart now?"
sd = true
End if
End if
End if

'*** Internet Explorer patch Q833989.
' If left (iever,3) = "6.0" Then
' ie =
WshShell.RegRead("HKLM\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\MinorVersion")
' If instr(1, ie, "SP1") <> 0 Then
' If instr(1, ie, "Q833989") = 0 Then
' WshShell.Popup "Installes Internet Explorer patch Q833989" &
Chr(13) & "Takes seconds. Then restart.", 4, "Get safe", 64
' WshShell.Run "p:\fasttrack\patchar\IE6.0sp1-KB833989-x86-ENU.exe
-q", 1, false
' sd = true
' Wscript.sleep 20000 '*** Waits for installation.
' WshShell.AppActivate ("IE6.0sp1-KB833989-x86-ENU.exe")
' WshShell.sendkeys "{%}n" '*** Answers No to Restart...
' End if
' End if
' End if
Else
'*** Tells if the computer has les than SP3
If WshShell.RegRead("HKLM\Software\Microsoft\Windows
NT\CurrentVersion\CurrentVersion") = "5.0" Then
If right(WshShell.RegRead("HKLM\Software\Microsoft\Windows
NT\CurrentVersion\CSDVersion"),1) < 3 Then
WshShell.Popup "This computer needs a later servicepack!!!" &
Chr(13) & "Make shure it is done!",, "OBS!", 16
End if
End if
End if
'*** Restart if anything is installed.
If sd = true Then
WshShell.Run "p:\fasttrack\bin\shutdown.exe /L /R /T:10 " & Chr(34) &
"The computer will restart to activate Patches..." & Chr(34) & " /C",
1, false
End if
End if


------------------------------------------------------
Second script:
---------------------------
'* Runs the script patch.vbs as user "patchinst"

wscript.sleep(20000)
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "runas.exe /user:samhallit\patchinst ""wscript.exe
p:\fasttrack\bin\patchar.vbs""", 1, false
wscript.sleep(1000)
Wshshell.sendkeys "yourPassword"
Wshshell.sendkeys "~"
------------------------------------------------------
--------------------------------------------------------

.

Relevant Pages

  • Re: lsass.exe worm
    ... > our Login Script which is based upon the kixtart script Interpreter. ... > reboot and requires no user intervention. ... > the patches wre self extracting ZIP files. ... >> As soon as your computer reboots and Windows loads, click Start, ...
    (microsoft.public.win2000.general)
  • Help with IE 6 searching knowledgebase and with .jar
    ... IE 6.0.2800, SP1, (you know, I can't get the version info and patches ... from the IE About window by selecting it with the mouse and copying it ... the security levels in IE. ... I've made sure in IE that all messages related to script errors are ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: different patching syntax
    ... other patches as time goes. ... Wscript.Echo "Syntax Error. ... 'execute each files ... Is this the whole script as shown on this ...
    (microsoft.public.windows.server.scripting)
  • Re: different patching syntax
    ... Is this the whole script as shown on this page. ... I want to be able to run the patches without rebooting. ... "James" wrote: ... >> Another way to do this would be to trap the output from the executable. ...
    (microsoft.public.windows.server.scripting)
  • Re: combining the result of processing various commands and setting it in a variable
    ... > I need for the script to hopefully work on any Unix and Linux ... For any value of $_VER, only the 3rd one is correct. ... Bourne shell (which is an old shell you sometimes find on very ...
    (comp.unix.shell)