Re: Install Windows Patch via GPO
- From: Meinolf Weber [MVP-DS] <meiweb(nospam)@gmx.de>
- Date: Sun, 12 Apr 2009 17:37:32 +0000 (UTC)
Hello Asif,
Sorry, my mistake. It's as stated by name user logging, not computer.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Seems like it found my other three GPO but all three are user configs.
I dosent show "Found..." for this computer config. GPO. Even gpresult
shows that GPO. Is this logfile only for user GPOs?
"Meinolf Weber [MVP-DS]" wrote:
Hello Asif,
Errors, maybe access denied mesages etc.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
I got the log. What should I look for?
"Meinolf Weber [MVP-DS]" wrote:
Hello Asif,
Enable logging according to this and check the logfile:
http://support.microsoft.com/kb/221833
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Meinolf,
Any ideas???
I changed my setup to match yours. Only thing that is different is
the
name
of my script - I go in to the OU, edit the GPO, Startup scripts
and
called
the script name "Patch". I click "Show Files" and there I see
conflicker.bat
(which contains the statements you mention in your last post), the
KB
exe,
and the empty KB txt file.
I did gpresult on the PCs and the GPO is showing up now. Not sure
why
but it
took a week on this particular PC. I moved another PC to the OU
and
it
showed
up during next reboot.
However, the patch is not installing on any computer. I rebooted
couple of
times and did gpupdate both on the server and computers. Let me
know
what you
think. Thanks.
"Asif Shah" wrote:
Meinolf,
I think I see what might be the problem.
When I go to my OU and open the GPO, I then go to Computer
Configuration -
Windows Settings - Startup, double click on it and I see the path
to
the .cmd
file that has the command that runs the .exe:
Path to cmd file: \\servername\NETLOGON\patch.cmd
Command in cmd file:
\\servername\public\z_WindowsXP-KB958644-x86-ENU.exe
/quite
I think I have to put either the .exe in the path that comes up
when
you hit Browse when you want to add a new script (which is what
you
have) or put the cmd file there. The path that comes up when you
hit
Browse is:
\\domain.com\SysVol\domain.com\Policies\{3F30361D-1A8A-4B3F-xxxx-
xx
xx
xxxx}\Machine\Scripts\Startup\
Is this correct? What should I put there, the exe or the cmd?
"Meinolf Weber [MVP-DS]" wrote:
Hello Asif,
I am running out of ideas, i will describe the way i did it in
my domains, a bit different, but also your way should work if
the configuration is as you described it. Here is my way:
I use a startup script, including this in a GPO:
----------------------------------------------------------------
-- -- -------------------------------------------------
;install KB958644(Conficker worm) in silent mode and creates
logfile to prevent
loop on install
if not exist %systemroot%\W2KKB958644.log
\\domain.com\SysVol\domain.com\Policies\{3F30361D-1A8A-4B3F-xxxx
-x xx xxxxx}\Machine\Scripts\Startup\W2KKB958644.exe /quiet
if not exist %systemroot%\W2KKB958644.log copy
\\domain.com\SysVol\domain.com\Policies\{3F30361D-1A8A-4B3F-xxxx
-x xx xxxxx}\Machine\Scripts\Startup\W2KKB958644.txt
%systemroot%\W2KKB958644.log /y
----------------------------------------------------------------
-- -- -------------------------------------------------
The .txt file is empty, just a placeholder on the disk for
skipping the patch at next reboot.
So if you use "Show files" in the startup properties of the GPO
under computer
configuration, there are 3 files located:
- conficker.bat
- patchfile W2KKB958644.exe (file name is shortend)
- empty W2KKB958644.txt file
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
Meinolf,
I rechecked the path and it has no spaces:
\\server-name\public\WindowsXP-KB958644-x86-ENU.exe /quite
"Meinolf Weber [MVP-DS]" wrote:
Hello Asif,
The ip configuration looks ok.
Just to make sure, in your batch file are no spaces in
between?
It
looks
really like this:
\\server-name\public\WindowsXP-KB958644-x86-ENU.exe /quite
and not similar like:
\\server name\public\WindowsXP KB958644 x86 ENU.exe /quite
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no
warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
Hello Meinolf,
Again thanks for helping out. I added another machine to that
same OU for testing (my own laptop). Below are the ipconfig
/all results. Let me know what you think. Its weird because I
have never had issues with machine not picking up GPOs.
Server:
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\Documents and Settings\Administrator.DAC>ipconfig /all
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : SERVER-NAME
Primary DNS Suffix . . . . . . . : domainname.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domainname.com
Ethernet adapter Local Area Connection 1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit
Ethernet
#4
Physical Address. . . . . . . . . : ***********
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.120.45
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.120.254
DNS Servers . . . . . . . . . . . : 192.168.120.45
192.168.120.46
Ethernet adapter Local Area Connection 2:
Media State . . . . . . . . . . . : Cable Disconnected
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit
Ethernet
#3
Physical Address. . . . . . . . . : ***********
Client:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\shaha>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Machine-name
Primary Dns Suffix . . . . . . . : domainname.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domainname.com
domainname.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domainname.com
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx
Gigabit
Cont
roller
Physical Address. . . . . . . . . : ***********
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.120.66
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.120.254
DHCP Server . . . . . . . . . . . : 192.168.120.45
DNS Servers . . . . . . . . . . . : 192.168.120.45
192.168.120.46
Lease Obtained. . . . . . . . . . : Monday, April 06, 2009
7:22:13 AM
Lease Expires . . . . . . . . . . : Tuesday, April 14, 2009
7:22:13 AM
Ethernet adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Dell Wireless 1390 WLAN
Mini-Card
Physical Address. . . . . . . . . : *************
"Meinolf Weber [MVP-DS]" wrote:
Hello Asif,
If gpresult does not list the policy, there can be the case,
either the GPO is not linked to the OU where the comupters
are located(you said that's the case), DNS is a problem,
please post an unedited ipconfig /all from the DNS server
and the client machine.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no
warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
Yes. Authenticated Users have read and apply group policy
permissions.
"Meinolf Weber [MVP-DS]" wrote:
Hello Asif,
And authenticated users have at least read on the "public"
folder?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no
warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
Yes I can. Start, Run, and type in the patch and it comes
up fine.
"Meinolf Weber [MVP-DS]" wrote:
Hello Asif,
Can you map the folder when typing \\server-name\public
in the run line? If not what error pops up?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no
warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
Thanks for the replies.
I changed the command to:
\\server-name\public\WindowsXP-KB958644-x86-ENU.exe
/quite
What else do I need to add to the script?
I checked that Authenticated users have apply group
policy.
I ran gpresult on the computer and it doesnt show my
test
GPO.
Its
.
- Follow-Ups:
- Re: Install Windows Patch via GPO
- From: Asif Shah
- Re: Install Windows Patch via GPO
- References:
- Re: Install Windows Patch via GPO
- From: Asif Shah
- Re: Install Windows Patch via GPO
- Prev by Date: Re: Install Windows Patch via GPO
- Next by Date: Re: Install Windows Patch via GPO
- Previous by thread: Re: Install Windows Patch via GPO
- Next by thread: Re: Install Windows Patch via GPO
- Index(es):
Relevant Pages
|
