Mutilple patch install.........

[Zeno]

Our co. runs WinXP computers..... but rather than using the MS
Auto-update we manually download the patches and test and verfiy them
before mass deploying to our computers.......... were not using SUS or
SMS at the moment......either....

I would like to know whats the best way to install multiple patches
without at once without doing each one individually.....

Is it called slipstreaming......... b/c I read some Technet articles
in the past that showed how u could deploy mutiple patches one after
the other using dos commands(command prompt mode)and then doing the
reboot after all the patches are installed...

But now I can't seem to find the infor.........

Any directions/tips.......... please

 

[Zeno]

Just did found some things but not much is it called "Patch chaining"
but still can't find anything in technet.........

 

[Doug Knox MS-MVP]

http://support.microsoft.com/default.aspx?scid=kb;en-us;296861&sd=tech
How to install multiple Windows updates or hotfixes with only one reboot

 

[Zeno]

Doug.....


Thanks for the reply............


Cheers...........

 

[Doug Knox MS-MVP]

You're welcome

 

[Zeno]

Having read through all the details just have one last thing.........

From what I can see qchain functionality is already included in WinXP.

Therefore.... if I apply multiple patches to winXP using silent mode I
can do it with one reboot and don't need to run the qchain command
since "its already included in WinXP" is that right?

Thanks

 

[Doug Knox MS-MVP]

As long as the updates were created after the date noted in the article. Pre-SP1 updates in particular may not install correctly if you don't use QCHAIN. Updates from SP1 on, including SP1 include the QCHAIN functionality and can be installed in a batch.

http://www.microsoft.com/windowsxp/downloads/updates/sp1/hfdeploy.mspx

 

[Guest]

What about the warning in the cited KB article:

"Note The procedure that is described in this article does not work for
product updates that do not use Hotfix.exe or Update.exe as the installation
program. For example, Internet Explorer updates for Windows NT 4.0, Windows
2000, and Windows XP use an INF-based installation instead of Update.exe. As
a result, you cannot use this procedure to install multiple Microsoft
Internet Explorer updates with only one restart on Windows NT 4.0, Windows
2000, or Windows XP. Because Internet Explorer updates for Windows Server
2003 use Update.exe as the installation program, you can use this procedure
to install them."

How is one supposed to tell whether a specific update (e.g.,
WindowsXP-KB896688-x86-ENU) uses hotfix.exe, update.exe or is INF-based?

There are also posts here and articles referring to issues like
"supercedence" and "stopping specific processes before apply a patch", which
make running a simple batch file appear to be quite an iffy proposition. I'd
love it if it is really this simple, but first, Doug, is all of what I've
just mentioned no longer an issue? Or if any of it IS an issue, how do we
tell which updates are batchable and which are not? Thanks!

 

[Doug Knox MS-MVP]

These would not be operating system hotfixes, they would be for IE or another product. The documentation tells you how to determine what patches are safe to "chain" and which one's aren.t

 

[Guest]

Thank you very much for replying, Doug. Love your Security Console product!

In your earlier replies to the original post you referred to "patches" and
"updates". Now you write "these would not be operating system hotfixes, they
would be for IE or another product". These, they? (I'm confused.)

If by "documentation" you mean the article "How to install multiple Windows
updates or hotfixes with only one reboot", IMHO it contains way too many
exceptions in its text to be comprehendable by any but the most experienced
MVP or MCSE.

Let's go back down the food chain a bit and consider that most people
interested in "applying patches via batch file" want to apply the Monthly
Patches made available via Windows Update (but they can't or don't want to
use Windows Update over the internet). Even after looking at the description
of each of these patches listed in Windows Update I doubt many people would
know which ones are safe to chain.

I realize it's all very clear to you -- but you're highly trained and have a
lot of underlying experience to fill in the gaps in such "documentation".
How about using, for example, this month's list of patches (October 2005):

Windows-KB890830-V1.9-ENU.exe
WindowsXP-KB896688-x86-ENU.exe
WindowsXP-KB902400-x86-ENU.exe
WindowsXP-KB899589-x86-ENU.exe
WindowsXP-KB900725-x86-ENU.exe
WindowsXP-KB901017-x86-ENU.exe
WindowsXP-KB905749-x86-ENU.exe
WindowsXP-KB905414-x86-ENU.exe

.... and explain how one can readily tell which are installable via batch
file and which are not? (if you use the term "chainable" it makes one think
Qchain might be needed.) By this single concrete example you would be
performing a real public service.

 

[Doug Knox MS-MVP]

It appears that MS is having problems with the KB (actually its my ISP's DNS servers, I think) right now, so I can't pull up the article.

However, QChain functionality is included in XP, already, so you don't need to add it. All XP hotfixes, created after December 2002 (if I recall correctly) can be chained, safely.

When you look at the current list of fixes for October, those that specifically apply to Windows XP as an operating system (not Internet Explorer for example) are chainable, using the method outlined in the KB article. You'll need to look at the description of the hotfix, either at Windows Update or the Microsoft Downloads Center to determine whether its a Windows XP, or other application hotfix.

I don't use this method for installing hotfixes, so I can only give you my interpretation of the KB article. Perhaps someone with more direct experience would be able to offer more advice/guidance.

 

[Guest]

Thanks again, Doug.

So for those of us with limited brainwidth it sounds like the rule can be
distilled down to: "updates that are specifically for Windows XP -- not for
an app, or DirectX, or Internet Explorer, etc. but JUST the for OS itself --
are safe to install using a batch file as described in the KB."

I can deal with that.

 

[Torgeir Bakken \(MVP\)]

Hi,

Actually, all Internet Explorer Cumulative security updates since
MS04-038/KB834707 (for both IE6 SP1 and IE6 SP2) are using update.exe,
and is therefore safe to chain with other updates.


The easiest way to determine if an update is using update.exe is to
just start the update manually, and see if update.exe is listed in the
task manager under the "Processes" list.

Be sure to cancel out of the update, or press OK on any error message
dialog boxes before running the next update.


Back to your list Tim:

Windows-KB890830-V1.9-ENU.exe doesn't use update.exe, but as the
Microsoft Windows Malicious Software Removal Tool doesn't install
anything, it is safe to chain with other updates.

All of the rest of your list are using update.exe and is safe to chain:

WindowsXP-KB896688-x86-ENU.exe
WindowsXP-KB902400-x86-ENU.exe
WindowsXP-KB899589-x86-ENU.exe
WindowsXP-KB900725-x86-ENU.exe
WindowsXP-KB901017-x86-ENU.exe
WindowsXP-KB905749-x86-ENU.exe
WindowsXP-KB905414-x86-ENU.exe


Regards,
Torgeir

 

[Guest]

You da MAN, Torgeir! That's the kind of substantive answers we need here.
THANKS!!

 

[Guest]

Is there a verbose log built in too? Or do you need to use another utility
like Qfecheck along with chaining the updates together? Thanks. Good
information above too.