installing patches remotely

  • Thread starter Thread starter Jayjay
  • Start date Start date
J

Jayjay

I'm trying to find the best way to push out an installation of the MS
patches via a logon script or some automated process.

Servers are NT - so no active directory.
clients are all win2000
All users use the same login script. (there are over 100 users).
All users have Poweruser privs to their system.
and like any company out there - people take time off, so they may not
log in daily. This needs to be done on "next login" but run only
once.

My current thought process was:
1. through the login script - add a runonce entry to the registry to
run the script file to do the updates
2. The script file runs the update w/ the runas command and inputs
the admin password automatically.

I have the above process working, but the problem with the above is
that the 3rd time the machine is logged into the process will begin
again. I have about a dozen people on vacation this week, so I have
to leave the entry in the logon script for a few weeks to be sure to
catch everyone.

Any suggestions on how to do something like this that will catch all
users over the time period, without manually visiting every desktop to
do this and interrupting users worktime?
 
JayJay,

We're using login scripts w/ the RunAs - it's working
well. (we patched over 1000 machines today w/ it)

Instead of putting it in runonce, look for the appropriate
registry key to see if the patch is installed. No key -
do the install. Key exists, skip install.

The registry key to check for Win2K systems is:
HKLM\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB824146

For XP:
HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB824146

Hope this helps!
J.
 
Back
Top