Deployment of Windows Updates

  • Thread starter Thread starter Ian Baldwin
  • Start date Start date
I

Ian Baldwin

This is more of a plea than a question in the hope that
someone at microsoft is monitoring this newsgroup.
However, if my facts are wrong I would welcome correction.

The plea: please, please, please can updates, especially
critical updates, be provided as msi files such that they
can be deployed through AD group policies? Windows 2000
provides the facility, but Microsoft doesn't use it for
the most important updates to their operating system
(Service Packs are provided like this and easily
deployed). By making it so difficult for the user
community to deploy updates, I frankly believe that MS
deserves any denial of service aimed at it by this route.
In fact, it deserves far worse.

"Use Windows Update or SUS", they (ie MS) tell us. But
users must have administrative rights for that which makes
a mockery of all those lovely security facilities on
Windows 2000 clients - I might as well have Windows 95!

So then there's SMS, but isn't that a bit of an over-kill
if you only want it for patches?

I've spent hours applying, or trying to apply, updates.
Wasted hours. Do I rant and rave at the pimply-faced
little nerds that create the viruses that I'm having to
protect my network against? No. I'm sorry Microsoft but I
blame you entirely. I accept that software is going to
have faults, I'm grateful for the free updates so easily
available, but please make it easy for us to apply them
over a large network.

Ian
 
The best method I've found to deploy updates is via shutdown scripts. It
works for about 99% of them and doesn't require the users to have
administrator access. The only problem is when patches require an admin
logon to 'finish them off' which does kind of make a mockery of the whole
system. It does also require the admin to download the patches manually sort
them out and work out what switches to use to run them with :)

Using the IEAK and the shutdown script even managed to deploy IE6 SP1 this
way without requiring admin logons (although it was still required for a
couple of PC's)

Jason
 
Back
Top