installing patches remotely

J

Jayjay

I'm trying to find the best way to push out an installation of the MS
patches via a logon script or some automated process.

Servers are NT - so no active directory.
clients are all win2000
All users use the same login script. (there are over 100 users).
All users have Poweruser privs to their system.
and like any company out there - people take time off, so they may not
log in daily. This needs to be done on "next login" but run only
once.

My current thought process was:
1. through the login script - add a runonce entry to the registry to
run the script file to do the updates
2. The script file runs the update w/ the runas command and inputs
the admin password automatically.

I have the above process working, but the problem with the above is
that the 3rd time the machine is logged into the process will begin
again. I have about a dozen people on vacation this week, so I have
to leave the entry in the logon script for a few weeks to be sure to
catch everyone.

Any suggestions on how to do something like this that will catch all
users over the time period, without manually visiting every desktop to
do this and interrupting users worktime?
 
J

Jenn

JayJay,

We're using login scripts w/ the RunAs - it's working
well. (we patched over 1000 machines today w/ it)

Instead of putting it in runonce, look for the appropriate
registry key to see if the patch is installed. No key -
do the install. Key exists, skip install.

The registry key to check for Win2K systems is:
HKLM\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB824146

For XP:
HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB824146

Hope this helps!
J.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top