Re: Deploy patches with login script?

From: Torgeir Bakken \(MVP\) (Torgeir.Bakken-spam_at_hydro.com)
Date: 07/19/04 

Date: Mon, 19 Jul 2004 20:43:30 +0200

mike wrote:

> My boss has just asked if it is possible for me to modify our login
> script to patch the workstations that we have on the network. We
> are running mostly XP machines and right now our login script is
> Kix (but I would change it if need be). It seems like it would be
> easy enough to add the additional code, but do the users need to
> have administrative rights on their machines for the patches to be
> deployed? Most of the users are not admins (for obvious reasons).
> Is there a way around this? I'd really like to save the helpdesk
> the work of running around the building.
Hi

I would have considered implementing SUS (free) or something
similar (links to some 3rd party products further down)
for security patches.

Microsoft Software Update Services (SUS)
http://www.microsoft.com/windowsserversystem/sus/default.mspx

You should read the White Papers available in the link above.

Microsoft Software Update Services: Frequently Asked Questions
http://www.microsoft.com/windowsserversystem/sus/susfaq.mspx

Patch Management Using Microsoft Software Update Services - Operations Guide
http://www.microsoft.com/technet/itsolutions/msm/swdist/pmsusog.asp

Note that the current version will only install critical updates and security
rollup packages (SRPs), as well as SP4 for Win2k and SP1 for WinXP.

A new version is in the works (to be released in 1st half of 2005):
http://groups.google.com/groups?selm=ungsInEZDHA.2336%40TK2MSFTNGP09.phx.gbl
http://www.microsoft.com/windowsserversystem/sus/wusfaq.mspx
http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx

SUS needs to be installed on a IIS server. Supports Win2k, WinXP and Win2k3
clients only. SP1 for WinXP and SP3/4 for Win2k installs the WU/SUS client as
default.

There is a separate newsgroup for SUS:
microsoft.public.softwareupdatesvcs
news://msnews.microsoft.com/microsoft.public.softwareupdatesvcs

URL to the group softwareupdatesvcs for those who uses the Web
interface to access the newsgroups:
http://www.microsoft.com/windowsserver2003/community/newsgroups/dgbrowser/en-us/default.mspx?dg=microsoft.public.softwareupdatesvcs

A Web site about SUS with a FAQ and a SUS forum:

SUSserver.com
http://www.susserver.com/

More Web sites about SUS
http://www.cites.uiuc.edu/sus/faq.html
http://www.faqshop.com/sus/default.htm
http://computing.fusion13.com/SUS/Microsoft-Software-Update-Services-SUS.shtml

When evaluating hotfix administration methods/programs,
there are also 3rd party solutions available that will
give a lot more than what SUS offer, but of course, they
are not free. It is as always a cost/benefit analyze that
needs to be done.

Below is links to a 3rd party product example that does
not need a server to run and no IIS is needed (it supports
NT4 clients as well). You can deploy mostly all types of
hotfixes and service packs from an ordinary workstation
if you want.

UpdateEXPERT from Sunbelt
http://www.sunbelt-software.com/product.cfm?id=357

UpdateEXPERT reseller with a price list
http://www.softwareshelf.com/products/display.asp?p=71

Shavlik's HFNetChkPro/HFNetChkLT
If 10 computers or less htfnetchkLT is free (http://www.shavlik.com), it can
scan and push patches. It also finds patches needed for Office as well, and it
gives a really nice graphical analysis of the patch from truesecure.

Here is a third party product that supports Win9x and WinME as well:

PatchLink's Update
http://www.patchlink.com 

-- 
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx

Relevant Pages

  • Re: script to deploy hotifx
    ... Microsoft Software Update Services (SUS) ... Microsoft Software Update Services: Frequently Asked Questions ... NT4 clients as well). ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.windows.server.scripting)
  • Re: Windows Update Server or cache
    ... Microsoft Software Update Services (SUS) can be run on a Windows 2000 ... also links to some 3rd party solutions that does not need a Server OS ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.windowsupdate)
  • Re: Push SASSER patch to 85 workstations?
    ... SUS 1.0 is available now and has been for a long time. ... It maps a drive, copies the patch, then executes ... > it but the Admin requirement comes up. ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.win2000.general)
  • Re: Download windows updates for network deployment
    ... > save having to download the updates simaltaniously all ... take a look at the "free" Microsoft Software Update ... Services (SUS), more here: ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Windows update for 100s of PCs?
    ... THese users only have Power USer ... Microsoft Software Update Services (SUS) is a kind of "Windows Update" ... Note that the current version will only install critical updates and security ...
    (microsoft.public.win2000.general)