First of all, why do you not want windows updated to apply
to all the computers in your domain ? I can assume that is
because your computers have different OS versions. If that
is the case, then let me explain how i handle that.
I have a batch file that will run as a logon script. This
batch file will check the computer for the OS version,
then install the correct patch file.
Basically what the batch file does, is check the OS
version, then direct it to the correct patch file for that
OS version and install the patch silently. The 2nd step of
this batch file will copy a .txt file to the %systemroot%
directory, then it will look for the file, if it is found
then the batch will exit and not install the patch a 2nd
time.
I have my patch shared like this:
\\Server\OS VERSION\Patch I.E
\\Server\XP\QXXXXXX
\\Server\2000\QXXXXXX
\\Server\98\QXXXXXX and so on.
My batch file looks like this:
*********************************************************
@echo off
c:\
cd..
cd..
cd..
cls
echo.
if exist %systemroot%\ms03-026.txt goto end
echo The file MS03-026 was not found.
Echo File not found. Installing service pack MS03-026
CLS
::
ver | find "Windows XP" >nul
if not errorlevel 1 goto XP
::
ver | find "Windows 2000" >nul
if not errorlevel 1 goto 2K
::
ver | find "Windows NT" >nul
if not errorlevel 1 goto NT
::
ver | find "Windows ME" >nul
if not errorlevel 1 goto ME
::
ver | find "Windows 98" >nul
if not errorlevel 1 goto 98
::
ver | find "Windows 95" >nul
if not errorlevel 1 goto 95
::
ver | find "OEM Service Release" >nul
if not errorlevel 1 goto OEM
::
ver | find "MS-DOS" >nul
if not errorlevel 1 goto DOS
::
echo OS version not found...
goto end
:XP
echo OS is Windows XP ...
echo -------------------------------------------------
Echo Installing Security Patch MS03-026 for Windows XP
Echo -------------------------------------------------
Echo DO NOT CLOSE THIS WINDOW
\\server\patch\xp\xp.exe -q -z
copy \\server\patch\ms03-026.txt %systemroot%
CLS
Echo **********************
ECho Patch Install Complete
Echo **********************
goto end
:2K
echo OS is Windows 2K ...
echo -------------------------------------------------
Echo Installing Security Patch MS03-026 for Windows 2000
Echo -------------------------------------------------
Echo DO NOT CLOSE THIS WINDOW
\\server\patch\2000\2000.exe -q -z
copy \\server\patch\ms03-026.txt %systemroot%
CLS
Echo **********************
ECho Patch Install Complete
Echo **********************
goto end
:NT
echo OS is Windows NT ...
echo -------------------------------------------------
Echo Installing Security Patch MS03-026 for Windows NT
ECho -------------------------------------------------
Echo DO NOT CLOSE THIS WINDOW
\\server\patch\nt\nt.exe -q -z
copy \\server\patch\ms03-026.txt %systemroot%
CLS
Echo **********************
ECho Patch Install Complete
Echo **********************
goto end
:ME
echo OS is Windows ME ...
goto end
:98
echo OS is Windows 98 ...
goto end
:95
echo OS is Windows 95 ...
goto end
:OEM
echo OS is Windows OSR ...
goto end
OS
echo OS is MS-DOS mode ...
:end
exit
end
::
********************************************************
You can modify the UNC name of the patch file for your
needs. Hope this will help you apply your patches and keep
your domain safe!
D.J
A+, Net+, MCP, MCSA
Northrop Grumman IT
