Re: deploy security patch in a login script

From: Torgeir Bakken \(MVP\) (Torgeir.Bakken-spam_at_hydro.com)
Date: 10/24/04 

Date: Sun, 24 Oct 2004 20:14:22 +0200

Eliot wrote:

> Hello,
> I want to deploy the MS03-039 patch by login script. I need the patch to be
> installed with no interaction from the users. Is there a way of doing this
> without the users having to click through the buttons on the installation
> window of that patch?. Is there a way to write the script to check to see if
> the patch has been installed and if so bypass the user the next time the user
> logs in and any subsequent logins after that? I would need the script to
> install the patch on windows 2000 and XP pro machines (2 scripts would be
> needed for each OS and i would need the script to be able to differentiate
> between the 2 OS's. The XP machines have not been updated with SP2 as of yet
> only because we are still in the testing phase.
Hi

I strongly suggest you install MS04-012/KB828741 as it supersedes and
replaces MS03-039/KB824146.

Command line switches for the updates from Microsoft is documented
in each update's Security Bulletin (under General Information
/Security Update Information).

Here is a script that installs MS04-012/KB828741 on Win2k and WinXP
if it is not already installed:

'--------------------8<----------------------
'KB828741 - MS04-012

' Check if patch is installed already
If RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" _
         & "\HotFix\kb828741\Installed") <> "1" Then

   ' path to where patch files are stored
   sPatchPath = "\\server\share\SecUpdates\KB828741"

   SetLocale "en-us" ' To avoid "Type mismatch" for some locale settings

   If GetOsVersionNumber = 5 Then
     If GetSPNumberSys < 5 Then
       ' OS is Win2k (SP4 or less)
       ' Unattended installation with no options to uninstall, suppress reboot
       oShell.Run sPatchPath _
           & "\Windows2000-KB828741-x86-ENU.EXE /u /q /z /n", 1, True
     End If
   Elseif GetOsVersionNumber = 5.1 Then
     If GetSPNumberSys < 2 Then
       ' OS is WinXP (SP1 or less)
       ' Unattended installation with no options to uninstall, suppress reboot
       oShell.Run sPatchPath _
           & "\WindowsXP-KB828741-x86-ENU.EXE /u /q /z /n", 1, True
     End If
   End If
End If

Function RegRead(ByVal sRegValue)
      Set oShell = CreateObject("WScript.Shell")
      On Error Resume Next
      RegRead = oShell.RegRead(sRegValue)
      ' If the value does not exist, error is raised
      If Err Then
        RegRead = ""
        Err.clear
      End If
      ' If a value is present but uninitialized the RegRead method
      ' returns the input value in Win2k.
      If VarType(RegRead) < vbArray Then
        If RegRead = sRegValue Then
          RegRead = ""
        End If
      End If
      On Error Goto 0
End Function

Function GetOsVersionNumber
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Determines OS by reading reg val & comparing to known values
' OS version number returned as number of type double:
' Windows 95: 1
' Windows 98: 2
' Windows ME: 3
' Windows NT4: 4
' Windows 2k: 5
' Windows XP: 5.1
' Windows 2k3: 5.2
' Windows >2k3: >5.2
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
   Dim oShell, sOStype, sOSversion
   Set oShell = CreateObject("WScript.Shell")
   On Error Resume Next
   sOStype = oShell.RegRead(_
     "HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductType")
   If Err.Number<>0 Then
     ' Hex(Err.Number)="80070002"
     ' - Could not find this key, OS must be Win9x
     Err.Clear

     sOStype = oShell.RegRead(_
       "HKLM\SOFTWARE\Microsoft\Windows" & _
       "\CurrentVersion\VersionNumber")

     Select Case sOStype
       Case "4.00.950"
         sOSversion = 1 ' Windows 95A
       Case "4.00.1111"
         Dim sSubVersion
         sSubVersion = oShell.RegRead(_
           "HKLM\SOFTWARE\Microsoft\Windows" & _
           "\CurrentVersion\SubVersionNumber")
         Select Case sSubVersion
           Case " B"
             sOSversion = 1 ' Windows 95B
           Case " C"
        sOSversion = 1 ' Windows 95C
           Case Else
             sOSversion = 1 ' Unknown Windows 95
         End Select
       Case "4.03.1214"
         sOSversion = 1 ' Windows 95B
       Case "4.10.1998"
         sOSversion = 2 ' Windows 98
       Case "4.10.2222"
         sOSversion = 2 ' Windows 98SE
       Case "4.90.3000"
         sOSversion = 3 ' Windows Me
       Case Else
         sOSversion = 1 ' Unknown W9x/Me
     End Select
   Else ' OS is NT based
     sOSversion = oShell.RegRead(_
       "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion")
     If Err.Number<>0 Then
       GetOsVersion = "Unknown NTx"
       ' Could not determine NT version
       Exit Function ' >>>
     End If
   End If

   ' Setting Locale to "en-us" to be indifferent to country settings.
   ' CDbl might err else
   SetLocale "en-us"
   GetOsVersionNumber = CDbl(sOSversion)
End Function

Function GetSPNumber
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Determines Service Pack number by reading reg val CSDVersion in
' HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion
'
' CSDVersion in System\CCS is updated AFTER a reboot when
' installing a SP
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
  Dim oShell, sOStype, sOSversion, iSPNumber, aSPNumber

     Set oShell = CreateObject("WScript.Shell")
  On Error Resume Next
  sOStype = oShell.RegRead(_
    "HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductType")
  If Err.Number<>0 Then
    ' Hex(Err.Number)="80070002"
    ' - Could not find this key, OS must be Win9x
    Err.Clear
    GetSPNumber = "W9x"
    Exit Function ' >>>
  End If

  iSPNumber = oShell.RegRead(_
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion")
  If Err.Number<>0 Then
    GetSPNumber = 0
    ' Could not determine Service Pack
    Exit Function ' >>>
  End If

  ' CSDVersion is e.g. "Service Pack 2"
  aSPNumber = Split(iSPNumber)
  GetSPNumber = Cint(aSPNumber(2))
End Function

'--------------------8<---------------------- 

-- 
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx