Script to load security patches

  • Thread starter Thread starter Kevin
  • Start date Start date
K

Kevin

I have machines XP, win2K, and Windows NT 4.0 workstations on my network.

I want to load a security patch via a login script, but there is a different
patch file (.exe) for each for each OS.

I'm sure there is a way to have the script check the OS of the system and
run the appropriate file, but I can not figure out the syntax. I generally
work with Dos scripts, I'm not up to speed on my VBS or the fancy script
languages.

Any help would be appreciated

Thank,
Kevin
 
If you have a logon script you could try this, you'll
have to change the path to one that exists in your
enviroment ofc.


--------------------------------------------------

Const OpenAsASCII = 0
Const FailIfNotExist = 0
Const ForReading = 1

Set oShell = CreateObject("WScript.Shell")
Set oFSO = CreateObject("Scripting.FileSystemObject")
sTemp = oShell.ExpandEnvironmentStrings("%TEMP%")
sTempFile = sTemp & "\runresult.tmp"


oShell.Run "%comspec% /c ver >" & sTempFile, 0, True

Set fFile = oFSO.OpenTextFile(sTempFile, ForReading,
FailIfNotExist, OpenAsASCII)

sResults = fFile.ReadAll
fFile.Close
oFSO.DeleteFile(sTempFile)

Select Case True
Case InStr(sResults, "Windows NT") > 1 :

if RegKeyExists
("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\KB824146") then
else

oshell.Run "\\a.domain.net\SysVol\a.domain.net\scr
ipts\MS03-039\nt\Workstation\ms03-039-nt.exe -z -q"
end if

Case InStr(sResults, "Windows 2000") > 1 :

if RegKeyExists
("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP5\KB824146") then
else

oshell.Run "\\a.domain.net\SysVol\a.domain.net\scr
ipts\MS03-039\2K\ms03-039-2k.exe -z -q"
end if

Case InStr(sResults, "Windows XP") > 1 :

if RegKeyExists
("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
XP\SP2\KB824146\Filelist") then
else

oshell.Run "\\a.domain.net\SysVol\a.domain.net\scr
ipts\MS03-039\xp\ms03-039-xp.exe -z -q"
end if
End Select


Function RegKeyExists(sRegKey)
Dim RegReadReturn
RegKeyExists = True
sRegKey = Trim (sRegKey)
If Not Right(sRegKey, 1) = "\" Then
sRegKey = sRegKey & "\"
End if
On Error Resume Next
RegReadReturn = oShell.RegRead(sRegKey)
If Err Then
If Lcase(Left(err.description,7)) = "invalid" Then
'key not found...
RegKeyExists = False
'ElseIf Left(err.description,6) = "Unable" Then
'no default value set, but key exists...
'Else
'unexpected error
End if
Err.clear
End if
On Error Goto 0
End Function

---------------------------------------------------------
 
They changed the KB. It used to refer to NT4.0 in it I believe. You could
try to modify it and substitute NT4.0 configuration instead of W2003. ---
Steve
 
Hello.

What you can try is to look for a file that is unique
within all systems and write a dos command that test to
see if that file exist (ex. IF EXIST "WIN2000.txt"). If
the file exist, then copy the correct update to that
workstation. If it doesn't exist, then you can use the dos
command "GOTO" to jump over. You can also make a dummy
file for each workstation to test for if you can't find a
unique file but you will have to copy it over to their
workstation first.

Hope this helps.
 
That thought had occured to me. I just wasn't aware of a unique file.

Anyone know of a file unique to XP, 2K, and NT?
 
I used the following in an NT/2K/XP environment to determine the OS:

ver |find "4.0"
if errorlevel 1 goto:chk2000
if not errorlevel 1 goto:NT4

:chk2000
ver |find "XP"
if errorlevel 1 goto:2000
if not errorlevel 1 goto:XP

Scott
 
I also used file size of one of the files to be patched to determine if the
patch is installed:

:2000
for /f "tokens=3" %%a in ('dir c:\winnt\system32\rpcss.dll ^|findstr /i
/c:"rpcss.dll"') do set rpcver=%%a
if "%rpcver%"=="192,272" goto:ok
if not "%rpcver%"=="192,272" goto:report2000

:xp
for /f "tokens=4" %%a in ('dir c:\winnt\system32\rpcss.dll ^|findstr /i
/c:"rpcss.dll"') do set rpcver=%%a
if "%rpcver%"=="260,608" goto:ok
if not "%rpcver%"=="260,608" goto:reportxp

:NT4
for /f "tokens=3" %%a in ('dir c:\winnt\system32\rpcss.exe ^|findstr /i
/c:"rpcss.exe"') do set rpcver=%%a
if "%rpcver%"=="107,792" goto:ok
if not "%rpcver%"=="107,792" goto:reportnt

Scott
 
Back
Top