hi,

i would like to find out how to verify that patches are successfully rolled
out to users. i rolled out the patches thru batch file in silent mode.

i understand that for each patch, a log file is created, ie for sasser
patch, kb835732.log is created in c:\windows. but this file is created even
if patch is unsuccessful eg crypto service error.

we used the log file to determine if patch is successfull, which in this
case is a wrong indication. any other file that is a more accurate
indication??

Qfecheck.exe Verifies the Installation of Windows 2000 and Windows XP Hotfixes
http://support.microsoft.com/default...b;en-us;282784

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/secu...t/default.aspx

----------------------------------------------------------------------------------

"adc" wrote:

| hi,
|
| i would like to find out how to verify that patches are successfully rolled
| out to users. i rolled out the patches thru batch file in silent mode.
|
| i understand that for each patch, a log file is created, ie for sasser
| patch, kb835732.log is created in c:\windows. but this file is created even
| if patch is unsuccessful eg crypto service error.
|
| we used the log file to determine if patch is successfull, which in this
| case is a wrong indication. any other file that is a more accurate
| indication??

hi carey,

thx for the reply. i downloaded the tool, very useful.
but how can i be sure that the tool is able to scan for latest fixes?
i discover kb834707 is not reflected.

"Carey Frisch [MVP]" wrote:

> Qfecheck.exe Verifies the Installation of Windows 2000 and Windows XP Hotfixes
> http://support.microsoft.com/default...b;en-us;282784
>
> --
> Carey Frisch
> Microsoft MVP
> Windows XP - Shell/User
>
> Be Smart! Protect Your PC!
> http://www.microsoft.com/athome/secu...t/default.aspx
>
> ----------------------------------------------------------------------------------
>
> "adc" wrote:
>
> | hi,
> |
> | i would like to find out how to verify that patches are successfully rolled
> | out to users. i rolled out the patches thru batch file in silent mode.
> |
> | i understand that for each patch, a log file is created, ie for sasser
> | patch, kb835732.log is created in c:\windows. but this file is created even
> | if patch is unsuccessful eg crypto service error.
> |
> | we used the log file to determine if patch is successfull, which in this
> | case is a wrong indication. any other file that is a more accurate
> | indication??
>
>

Is there a way to push this file out to a number of workstations in our
office. Something similar to using the KB824146scan with a series of IP
addresses?
I would rather not install qfecheck on every machine I want to check.

melask8 wrote:

> Is there a way to push this file out to a number of workstations in our
> office. Something similar to using the KB824146scan with a series of IP
> addresses?
> I would rather not install qfecheck on every machine I want to check.
Hi

I suggest you download and run the Microsoft Baseline Security
Analyzer (MBSA), it can scan computers remotely (but not for
MS Office updates though):

<quote>
Microsoft Baseline Security Analyzer (MBSA):

The Microsoft Baseline Security Analyzer allows administrators to
scan local and remote systems for missing security patches as well
as common security misconfigurations. More information on MBSA is
available at:

http://www.microsoft.com/technet/sec...s/mbsahome.asp

</quote>

and

Microsoft Baseline Security Analyzer (MBSA) 1.2 Q&A
http://www.microsoft.com/technet/sec...ls/mbsaqa.mspx


It has it own newsgroup as well:

microsoft.public.security.baseline_analyzer


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scr...r/default.mspx

Thank you Torgeir,
I would very much like to run MBSA in our offices, however, in our
circumstances I haven't been able to get it to work the way I want. Which
is..... we have a number of small offices that are networked locally as
Workgroups. These offices are independent of each other so each location has
their own private ISP, etc. When I visit these offices I would like to run
MBSA from my laptop (about once per quarter). My problem is that when I
connect to the office network and run MBSA from my laptop I get an error
because I am not a local administrator on each of the machines in the office
workgroup. And I do not want to run around and install MBSA on each
workstation (some offices are quite large even though they do not have a
Windows server, AD, etc). Do you have any suggestions on how to accomplish
this using MBSA (which is my preferred method)?


"Torgeir Bakken (MVP)" wrote:

> melask8 wrote:
>
> > Is there a way to push this file out to a number of workstations in our
> > office. Something similar to using the KB824146scan with a series of IP
> > addresses?
> > I would rather not install qfecheck on every machine I want to check.
> Hi
>
> I suggest you download and run the Microsoft Baseline Security
> Analyzer (MBSA), it can scan computers remotely (but not for
> MS Office updates though):
>
> <quote>
> Microsoft Baseline Security Analyzer (MBSA):
>
> The Microsoft Baseline Security Analyzer allows administrators to
> scan local and remote systems for missing security patches as well
> as common security misconfigurations. More information on MBSA is
> available at:
>
> http://www.microsoft.com/technet/sec...s/mbsahome.asp
>
> </quote>
>
> and
>
> Microsoft Baseline Security Analyzer (MBSA) 1.2 Q&A
> http://www.microsoft.com/technet/sec...ls/mbsaqa.mspx
>
>
> It has it own newsgroup as well:
>
> microsoft.public.security.baseline_analyzer
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scr...r/default.mspx
>