Vince,
In this case, I would propose you use a batch file (.cmd) and a subdir with all the patches you require. In most cases, but not all, patches can be "chained" together, without rebooting and then at the end reboot to complete the patching. The 'chaining' program is called (duh!) "QCHAIN.EXE".
Below is an example of how I handled SP4 and some other patches with QChain. I used a small font size to keep the size down.
===========================================================
@echo off
REM ==============================================
REM Patchset for
REM Windows 2000 SP4
REM ==============================================
REM Description
REM -----------
REM Installation of all needed Security Patches
REM for OS
REM ==============================================
REM
REM Author :
REM Created :
REM Change History
REM ==============================================
set VER=SP4 4.4
cls
echo VER. %VER%
net send %computername% "!!!!!!!!! PLEASE CONFIRM ALL POPUP'S WITH NO AND REBOOT THE SERVER MANUALLY AFTER
INSTALLATION !!!!!!!!!
@echo off
Echo ========================================================
Echo Patchset for Windows 2000 with SP4
Echo OS Service Pack and Hotfixes
Echo ========================================================
echo.
echo Starting with W2K Patches ....
echo.
REM -------------------------------------------------------------------------------------------------------------
echo Install Service Pack 4
echo (Pls. be patient (e.g. Single PIII-500MHz = 20 min. !!!)
W2KSP4_EN.EXE -z
REM *************************************************************************************************************
REM disable automatic update for SP4
REM *************************************************************************************************************
echo Disabling Automatic Windows Updates
reg add "hklm\software\microsoft\windows\currentversion\windowsupdate\auto update" /v AUOptions /t REG_DWORD /d 1
/f
reg add "hklm\software\microsoft\windows\currentversion\windowsupdate\auto update" /v AUState /t REG_DWORD /d 7 /f
reg add "hklm\System\CurrentControlSet\Services\wuauserv" /v Start /t REG_DWORD /d 4 /f
echo.
REM -------------------------------------------------------------------------------------------------------------
echo Install Patch Bulletin MS03-41 [823182] Vulnerability in Authenticode Verification Could Allow Remote Code
Execution
Windows2000-KB823182-x86-ENU.exe -z
echo.
REM -------------------------------------------------------------------------------------------------------------
echo Install Patch Bulletin MS03-42 [826232] Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow
Code Execution
Windows2000-KB826232-x86-ENU.exe -z
echo.
REM -------------------------------------------------------------------------------------------------------------
echo Install Patch Bulletin MS03-43 [828035] Buffer Overrun in Messenger Service Could Allow Code Execution
Windows2000-KB828035-x86-ENU.EXE -z
echo.
REM -------------------------------------------------------------------------------------------------------------
echo Install Patch Bulletin MS03-49 [KB828749] Buffer Overrun in the Workstation Service Could Allow Code
Execution
Windows2000-KB828749-x86-ENU.exe -z
echo.
REM -------------------------------------------------------------------------------------------------------------
echo Install Patch Bulletin MS04-003 [Q832483] Unchecked Buffer in MDAC Function Could Enable System Compromise
filever "%systemroot%\system32\odbc32.dll" >%temp%\odbc.ver.txt
for /f "tokens=5" %%i in (%temp%\odbc.ver.txt) do for /f "delims=. tokens=3" %%p in ("%%i") do set version=%%p
IF %version% LSS 9042 ENU_Q832483_MDAC_x86.EXE
del %temp%\odbc.ver.txt
echo.
REM -------------------------------------------------------------------------------------------------------------
echo Install Patch Bulletin MS04-006 [830352] Vulnerability in the Windows Internet Naming Service (WINS) Could
Allow Code Execution
Windows2000-KB830352-x86-ENU.EXE -z
echo.
REM -------------------------------------------------------------------------------------------------------------
echo Install Patch Bulletin MS04-011 [835732] Security Update for Microsoft Windows
Windows2000-KB835732-x86-ENU.EXE -z
echo.
REM -------------------------------------------------------------------------------------------------------------
echo Install Patch Bulletin MS04-012 [828741] Cumulative Update for Microsoft RPC/DCOM
Windows2000-KB828741-x86-ENU.EXE -z
echo.
REM -------------------------------------------------------------------------------------------------------------
echo Install Patch Bulletin MS04-014 [837001] Vulnerability in the Microsoft Jet Database Engine Could Allow Code
Execution
Windows2000-KB837001-x86-ENU.EXE -z
echo.
REM -------------------------------------------------------------------------------------------------------------
echo QCHAIN [Q296861] Use QChain.exe to Install Multiple Hotfixes with Only One Reboot
qchain.exe c:\osit\log\qchain.log
echo.
===========================================================
Now, you can't do this to all patches since some need to be rebooted alone. But in most cases it'll work.
You could also use something like HFNetCheck, which can handle 50 machines without a license (I think).
Hope this helps. If you need more information let me know. Two of us mananged over 400 Citrix servers and were able to patch all in a matter of a few hours using batch files.
cheers,
--
And always try the MS KB first before posting.
The answer is probably already posted.
MS KB:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;KBHOWTO
----
Mark-Allen Perry
ALPHA Systems
Marly, Switzerland
mark-allen_AT_mvps_DOT_org
Back a few months ago Microsoft had an update cd available for Win 98-XP for
Critical updates. Is there such an animal for 2000? I have 45 Windows 2000
machines to update. Even with the sp4 installed I still have about 32
updates to get on each machine. A cd would be so nice.
Thanks
