Push SASSER patch to 85 workstations?

  • Thread starter Thread starter Tsuru
  • Start date Start date
T

Tsuru

Is there an easy way (script) to push the new Sasser
security patch from Microsoft out to 85 workstations vs.
going around to each one or using something like VNC?

I have downloaded the patch itself. Thx in advance.
 
Oli,
Thx for the reply. The MS site talks about the update
capability coming out later this year (not much help now)

I've already tested a login script that works up to the
point of requiring Admin permissions to install the
patch. It maps a drive, copies the patch, then executes
it but the Admin requirement comes up.

Any help with overcoming the Admin issue would be most
helpful.

And I only used the name SASSER to speak of the essence of
what I was trying to do and not trying to be specific.
 
Oli,
Thx for the reply. The MS site talks about the update
capability coming out later this year (not much help now)
Click to expand...

SUS 1.0 is available now and has been for a long time. The upcoming
version MS is talking about is SUS 2.0 (or WUS as it is renamed to).
I've already tested a login script that works up to the
point of requiring Admin permissions to install the
patch. It maps a drive, copies the patch, then executes
it but the Admin requirement comes up.

Any help with overcoming the Admin issue would be most
helpful.
Click to expand...

You might get something to work using a Runas wrapper utility or similar,
take a look here:

http://groups.google.com/[email protected]
 
What I really need is to get around the 'admin'
permissions issue on installing the patch. I have written
a script that maps a drive and copies the patch exe file
to the client then runs it, BUT, it stops installing when
it realizes the user has no local admin rights.

How can I get around this?

Thx in advance.
 
As Torgeir says, a RunAs wrapper could be used.

http://groups.google.com/[email protected]

The other alternative is to give your users admin rights to the machines.
Or, you could use a computer startup script within Active Directory if you
are using it.

One issue, though. How are you going to stop the patch setup running again
and again, even when the patch is installed?

I know you need to get this patch deployed now, but SUS really is the best
all round solution for future patches. SUS is available now, WUS will be
even better when it's released.

Another alternative is the excellent GFI LANguard Network Security Scanner,
which can push patches over the network. There's a 60-day eval version
which then reverts to the Freeware version, which in itself is worth having
just for network scanning. See www.gfi.com. It's fairly intuitive, but I
will add that clicking Tools | Security Scanner is the way you select the
results window, from which you can right-click the a computer having
completed a scan.

Hope this helps

Oli
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

'Push' a MS patch to 85 workstations? 7
How to test MDS (Zombieload) patch status on Windows systems 1
Samsung Slow Patching 1
Patch Deployment 3
Windows 7 Don't panic: Microsoft mistakenly posted a 'test' Windows update patch 3
US Justice Department renews push to mandate phone backdoor 0
How to manage all the MS Patches with going to every workstation 3
Remote Login and Domain Security Policy 1

Back
Top