Hotfix Deployment

[Jeff]

Hello,

Is there anyone who can guide me as to what is the best
method to deploy the Microsoft Security and hotfixes to
our 70 Windows 2000 workstations? We are using all W2K
Workstations and W2K Domain.

I have experimented with the WinInstall LE program with
not much success. I can create an MSI package and deliver
it to the workstations, but after the install Windows
Update still says it's not installed, even though it's
listed in the Add/Remove programs. Any comments on this
method?

I have also considered creating a batch file to call for
the updates. This method works but how do you keep it from
running over and over when the use logs into the network?

I would like to hear how other people deliver these
patches and updates. Thanks in advance.

jeff

 

[Danny Sanders]

See this link for the free software from Microsoft:
http://support.microsoft.com/default.aspx?scid=kb;en-us;810796&Product=win2000

hth
DDS W 2k MVP MCSE

 

[Oli Restorick [MVP]]

You need to take a look at Software Update Services.

This allows you to download updates automatically on a schedule from Windows
Update and deploy them to your workstation. You can choose which updates
you want to approve.

Since you're on Windows 2000, this would be a good way to do it. Another
way is to use SMS, but I imagine this isn't ideal given your size and the
cost (not only of the product, but of learning the technology).

http://www.microsoft.com/windows2000/windowsupdate/sus/default.asp

Also, serivce packs are now available to be deployed using SUS.

I would very strongly recommend against using repackaging techniques such as
WinInstall LE to do this. That's a very bad idea.

Regards

Oli

 

[Gerry Hickman]

Is there anyone who can guide me as to what is the best
method to deploy the Microsoft Security and hotfixes to
our 70 Windows 2000 workstations? We are using all W2K
Workstations and W2K Domain.

HFNetChk Pro from Shavlik, SUS from Microsoft are options.

it to the workstations, but after the install Windows
Update still says it's not installed,

Don't know. I've only noted this issue with IE6 hotfixees, reg ain't
updated.

I have also considered creating a batch file to call for
the updates. This method works but how do you keep it from
running over and over when the use logs into the network?

I certainly wouldn't put it in a log-on script, are you saying these
users have admin rights??

 

[Patrick J. LoPresti]

I would very strongly recommend against using repackaging techniques
such as WinInstall LE to do this. That's a very bad idea.

Seconded.

<http://unattended.sourceforge.net/installers.html#repackaging>


- Pat

 

[Sean]

Doesn't the SUS require Administrator access to update the
service packs and patches tobe installed on users system?
If the SUS does this automatically without me going to
every system than I'm in heaven...
Sean