check patches run succesfully

[Guest]

hi,

i would like to find out how to verify that patches are successfully rolled
out to users. i rolled out the patches thru batch file in silent mode.

i understand that for each patch, a log file is created, ie for sasser
patch, kb835732.log is created in c:\windows. but this file is created even
if patch is unsuccessful eg crypto service error.

we used the log file to determine if patch is successfull, which in this
case is a wrong indication. any other file that is a more accurate
indication??

 

[Carey Frisch [MVP]]

Qfecheck.exe Verifies the Installation of Windows 2000 and Windows XP Hotfixes
http://support.microsoft.com/default.aspx?scid=kb;en-us;282784

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

----------------------------------------------------------------------------------

:

| hi,
|
| i would like to find out how to verify that patches are successfully rolled
| out to users. i rolled out the patches thru batch file in silent mode.
|
| i understand that for each patch, a log file is created, ie for sasser
| patch, kb835732.log is created in c:\windows. but this file is created even
| if patch is unsuccessful eg crypto service error.
|
| we used the log file to determine if patch is successfull, which in this
| case is a wrong indication. any other file that is a more accurate
| indication??

 

[Guest]

hi carey,

thx for the reply. i downloaded the tool, very useful.
but how can i be sure that the tool is able to scan for latest fixes?
i discover kb834707 is not reflected.

 

[Guest]

Is there a way to push this file out to a number of workstations in our
office. Something similar to using the KB824146scan with a series of IP
addresses?
I would rather not install qfecheck on every machine I want to check.

 

[Torgeir Bakken \(MVP\)]

Is there a way to push this file out to a number of workstations in our
office. Something similar to using the KB824146scan with a series of IP
addresses?
I would rather not install qfecheck on every machine I want to check.

Hi

I suggest you download and run the Microsoft Baseline Security
Analyzer (MBSA), it can scan computers remotely (but not for
MS Office updates though):

<quote>
Microsoft Baseline Security Analyzer (MBSA):

The Microsoft Baseline Security Analyzer allows administrators to
scan local and remote systems for missing security patches as well
as common security misconfigurations. More information on MBSA is
available at:

http://www.microsoft.com/technet/security/tools/mbsahome.asp

</quote>

and

Microsoft Baseline Security Analyzer (MBSA) 1.2 Q&A
http://www.microsoft.com/technet/security/tools/mbsaqa.mspx


It has it own newsgroup as well:

microsoft.public.security.baseline_analyzer

 

[Guest]

Thank you Torgeir,
I would very much like to run MBSA in our offices, however, in our
circumstances I haven't been able to get it to work the way I want. Which
is..... we have a number of small offices that are networked locally as
Workgroups. These offices are independent of each other so each location has
their own private ISP, etc. When I visit these offices I would like to run
MBSA from my laptop (about once per quarter). My problem is that when I
connect to the office network and run MBSA from my laptop I get an error
because I am not a local administrator on each of the machines in the office
workgroup. And I do not want to run around and install MBSA on each
workstation (some offices are quite large even though they do not have a
Windows server, AD, etc). Do you have any suggestions on how to accomplish
this using MBSA (which is my preferred method)?