Pathes and Updates

[Guest]

Greetings,
I am responsible for about 70 client machines that require patches on a
routine basis. The network we operate on is moving towards using SUS for
automatically updating our systems in the future. My problem is that now when
a machine goes down that needs to have a fresh installation of the OS that I
must manually install all the latest patches before I can rejoin the domain.
My question is simple. Is there a software program that assembles all the
patches for the machine and can autoinstall all of the patches that I include
in either a list or directory? The process of manually installing 40 seperate
patches for OS, Office, Outlook etc is simply to time consuming. Please help.

 

[Steven L Umbach]

The links below may help and shows how to use batch files to install
multiple patches at one time. If you have high speed internet access you
might save a lot of time by going to Windows Updates after installing the
service pack on the fresh install. I would not install all updates at once
though but I have had good luck with up to ten at a time. Otherwise consider
using an imaging program such as Norton Ghost that can create an image that
has the service pack and critical updates already installed. You can avoid
the problem of duplicate machine sids by using the free newsid utility from
SysInternals to change the computer sid right after the install of the image
and before joining the domain. Of course you would need to give it a unique
name also at the same time and there could still be critical updates to
install that may have been published since that date of the image. Images
could save you a ton of time. --- Steve

http://support.microsoft.com/kb/296861
http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/hfdeploy.htm
http://www.sysinternals.com/ntw2k/source/newsid.shtml -- newsid.

 

[Miha Pihler]

Hi Eric,

Steve gave you few very good ways to patch your new computers. I also use
few of mentioned ways.

What I would like to add is be careful with unpatched computers and putting
them on the LAN. If you can, connect your unpatched computers to separated
segment of the network away from your other computers and potential source
of a virus or worm and go to www.windowsupdate.com from this segment.
Another option is to enable personal firewall on Windows XP before they are
first connected to the network and only after ICF is enabled patch your
computer over network...

I have seen newly installed computers get infected before they were even
setup all the way. They were e.g. still missing the graphic and other
drivers, but they had network drivers and got infected...

Mike

Greetings,
I am responsible for about 70 client machines that require patches on a
routine basis. The network we operate on is moving towards using SUS for
automatically updating our systems in the future. My problem is that now when
a machine goes down that needs to have a fresh installation of the OS that I
must manually install all the latest patches before I can rejoin the domain.
My question is simple. Is there a software program that assembles all the
patches for the machine and can autoinstall all of the patches that I include
in either a list or directory? The process of manually installing 40 seperate
patches for OS, Office, Outlook etc is simply to time consuming. Please

help.