Re: Install Windows Patch via GPO

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

One last question.
I also downloaded the patch for Vista OS. Its a .msu file but it dosent do
anything when I double click on it on a Vista machine. Is there something
speacial about msu files? We just have two Vista machine so I wont go the GPO
route on these.

"Meinolf Weber [MVP-DS]" wrote:

Hello Asif,

Congrat's. Nice to hear that you got it running.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


Holy Diggleberries!!!
That did it. I removed the one I had there and clicked Add, browse and
selected the conflicker.bat file, applies and ok'ed out of everything.
Did a
gpupdate on ther server and machine, restarted the machine and it
started
showing "Running Startup Scripts", and now it shows its installed.
Awesome.
Thank you so much Meinolf for your help.
"Meinolf Weber [MVP-DS]" wrote:

Hello Asif,

Just to make sure, the script name is the patchfile name? Choose Add
and do not type "patch", click the browse button and then use the
batch file which contains the commands.

If you install the patch from the policy location it works?

Open
\\domain.com\SysVol\domain.com\Policies\{3F30361D-1A8A-4B3F-xxxx-xxxx
xxxx}\Machine\Scripts\Startup\ from the run line and doubleclick the
batch file.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Meinolf,

Any ideas???
I changed my setup to match yours. Only thing that is different is
the
name
of my script - I go in to the OU, edit the GPO, Startup scripts and
called
the script name "Patch". I click "Show Files" and there I see
conflicker.bat
(which contains the statements you mention in your last post), the
KB
exe,
and the empty KB txt file.
I did gpresult on the PCs and the GPO is showing up now. Not sure
why
but it
took a week on this particular PC. I moved another PC to the OU and
it
showed
up during next reboot.
However, the patch is not installing on any computer. I rebooted
couple of
times and did gpupdate both on the server and computers. Let me know
what you
think. Thanks.
"Asif Shah" wrote:
Meinolf,

I think I see what might be the problem.
When I go to my OU and open the GPO, I then go to Computer
Configuration -
Windows Settings - Startup, double click on it and I see the path
to
the .cmd
file that has the command that runs the .exe:
Path to cmd file: \\servername\NETLOGON\patch.cmd
Command in cmd file:
\\servername\public\z_WindowsXP-KB958644-x86-ENU.exe
/quite
I think I have to put either the .exe in the path that comes up
when
you hit Browse when you want to add a new script (which is what you
have) or put the cmd file there. The path that comes up when you
hit
Browse is:
\\domain.com\SysVol\domain.com\Policies\{3F30361D-1A8A-4B3F-xxxx-xx
xx
xxxx}\Machine\Scripts\Startup\
Is this correct? What should I put there, the exe or the cmd?

"Meinolf Weber [MVP-DS]" wrote:

Hello Asif,

I am running out of ideas, i will describe the way i did it in my
domains, a bit different, but also your way should work if the
configuration is as you described it. Here is my way:

I use a startup script, including this in a GPO:

------------------------------------------------------------------
-- -------------------------------------------------

;install KB958644(Conficker worm) in silent mode and creates
logfile to prevent

loop on install

if not exist %systemroot%\W2KKB958644.log
\\domain.com\SysVol\domain.com\Policies\{3F30361D-1A8A-4B3F-xxxx-x
xx xxxxx}\Machine\Scripts\Startup\W2KKB958644.exe /quiet

if not exist %systemroot%\W2KKB958644.log copy
\\domain.com\SysVol\domain.com\Policies\{3F30361D-1A8A-4B3F-xxxx-x
xx xxxxx}\Machine\Scripts\Startup\W2KKB958644.txt

%systemroot%\W2KKB958644.log /y

------------------------------------------------------------------
-- -------------------------------------------------

The .txt file is empty, just a placeholder on the disk for
skipping the patch at next reboot.

So if you use "Show files" in the startup properties of the GPO
under computer
configuration, there are 3 files located:
- conficker.bat
- patchfile W2KKB958644.exe (file name is shortend)
- empty W2KKB958644.txt file
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Meinolf,

I rechecked the path and it has no spaces:
\\server-name\public\WindowsXP-KB958644-x86-ENU.exe /quite
"Meinolf Weber [MVP-DS]" wrote:

Hello Asif,

The ip configuration looks ok.

Just to make sure, in your batch file are no spaces in between?
It
looks
really like this:
\\server-name\public\WindowsXP-KB958644-x86-ENU.exe /quite
and not similar like:
\\server name\public\WindowsXP KB958644 x86 ENU.exe /quite
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
Hello Meinolf,

Again thanks for helping out. I added another machine to that
same OU for testing (my own laptop). Below are the ipconfig
/all results. Let me know what you think. Its weird because I
have never had issues with machine not picking up GPOs.

Server:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\Documents and Settings\Administrator.DAC>ipconfig /all
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : SERVER-NAME
Primary DNS Suffix . . . . . . . : domainname.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domainname.com
Ethernet adapter Local Area Connection 1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
#4
Physical Address. . . . . . . . . : ***********
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.120.45
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.120.254
DNS Servers . . . . . . . . . . . : 192.168.120.45
192.168.120.46
Ethernet adapter Local Area Connection 2:
Media State . . . . . . . . . . . : Cable Disconnected
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
#3
Physical Address. . . . . . . . . : ***********
Client:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\shaha>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Machine-name
Primary Dns Suffix . . . . . . . : domainname.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domainname.com
domainname.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domainname.com
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx
Gigabit
Cont
roller
Physical Address. . . . . . . . . : ***********
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.120.66
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.120.254
DHCP Server . . . . . . . . . . . : 192.168.120.45
DNS Servers . . . . . . . . . . . : 192.168.120.45
192.168.120.46
Lease Obtained. . . . . . . . . . : Monday, April 06, 2009
7:22:13 AM
Lease Expires . . . . . . . . . . : Tuesday, April 14, 2009
7:22:13 AM
Ethernet adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Dell Wireless 1390 WLAN
Mini-Card
Physical Address. . . . . . . . . : *************
"Meinolf Weber [MVP-DS]" wrote:
Hello Asif,

If gpresult does not list the policy, there can be the case,
either the GPO is not linked to the OU where the comupters are
located(you said that's the case), DNS is a problem, please
post an unedited ipconfig /all from the DNS server and the
client machine.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no
warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
Yes. Authenticated Users have read and apply group policy
permissions.

"Meinolf Weber [MVP-DS]" wrote:

Hello Asif,

And authenticated users have at least read on the "public"
folder?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no
warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
Yes I can. Start, Run, and type in the patch and it comes
up fine.

"Meinolf Weber [MVP-DS]" wrote:

Hello Asif,

Can you map the folder when typing \\server-name\public in
the run line? If not what error pops up?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no
warranties,
and
.

Relevant Pages

  • Re: Group Policy
    ... You have configured/linked the GPO within GPMC, ... This posting is provided "AS IS" with no warranties, and confers no rights. ...
    (microsoft.public.windows.server.setup)
  • Re: Install Windows Patch via GPO
    ... This posting is provided "AS IS" with no warranties, and confers ... I did gpresult on the PCs and the GPO is showing up now. ...
    (microsoft.public.windows.group_policy)
  • Re: Install Windows Patch via GPO
    ... This posting is provided "AS IS" with no warranties, ... If you install the patch from the policy location it works? ... of my script - I go in to the OU, edit the GPO, Startup scripts ...
    (microsoft.public.windows.group_policy)
  • RE: xeon
    ... '--'pleas give me patch for virus W32.Esbot. ... This posting is provided "AS IS" with no warranties, ...
    (microsoft.public.win2000.ras_routing)
  • Re: MSBlast tool and Windows Update
    ... This posting is provided "AS IS" with no warranties, and confers no rights ... > copy of XP AFTER applying the patch? ...
    (microsoft.public.windowsxp.security_admin)