Software distribution question

[Andrew Mitchell]

I'm trying to find a way to distibute the Office 2000 and 2003 patches for
the GDI+ unchecked buffer vulnerability listed at
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx.

All clients are Windows 2000 so the OS is not an issue (SUS would have taken
care of that anyway), but they do have either Office 2000 or Office 2003
installed via a GPO which I need to get patched.

My understanding of the patch (which is an MSP file) is that I need to patch
the admin installation point then trigger a redeployment of the application.
Would this cause the whole Office suit to be reinstalled?

I have a lot of users on slow links (ISDN/512K ADSL) and would like to avoid
a 300-400M download for what is only a 9M patch.

Is my understanding of the process correct and,if so, is there another way of
deploying the patch without a huge download or the need to visit each
workstation individually?

 

[Cary Shultz [A.D. MVP]]

Andrew,

Only speaking to the question of redistribute - yes it does!

But, I am not really all that clear on this. I have patched many many many
Office 2000 installations and then redeployed and it does not take all that
long for the deployment to occur. Granted, all of these have been on the
local LAN at 100Mbps.

I will need to look into this in greater detail. I mean, I have always
known that the Redistribute will cause the 'whole' package to go, but it
does not seem like it takes all that long when it actually happens!

I will ask Darren!

Cary

 

[Andrew Mitchell]

Andrew,

Only speaking to the question of redistribute - yes it does!

But, I am not really all that clear on this. I have patched many many many
Office 2000 installations and then redeployed and it does not take all that
long for the deployment to occur. Granted, all of these have been on the
local LAN at 100Mbps.

I will need to look into this in greater detail. I mean, I have always
known that the Redistribute will cause the 'whole' package to go, but it
does not seem like it takes all that long when it actually happens!

I will ask Darren!

Thanks, Cary. If you could get any more info it would be greatly appreciated.
If what you are saying is correct and it happens quite quickly, I'm wondering
if only the delta's are transferred to the local cache and the install
happens from there. That could explain the speed of redeployment.

I'm just a little concerned that a users connection could be tied up for 4-5
hours to install a patch that is only 9M in size, but by the same token I
really want to get these systems patched.
(I've got to get my SMS server up an running, pronto!!!)

 

[Ulrik Franck]

Hi

I thing it would be possible to run

msiexec /p msipatch.msp /n {00000001-0002-0000-0000-624474736554} /qb

where {0000....} is the guid for the office.

You could make a .cmd file on a network drive, that the users can execute.

If yuo are using intellimirror you could make an msi file, with a line in
the runonce key, that executes the command for you.

Regards

Ulrik Franck

 

[Cary Shultz [A.D. MVP]]

Andrew,

This is something that I probably should have known right off of the bat.

Darren did some testing and determined that the 're-deploy' is not a 'remove
and fresh install' but where the Installer does a special kind of install
with the /vomus options and that these options replace most but not all of
the package. So, this is why the 're-deploy' seemed to be quicker. It
seemed to because it is quicker. Darren noticed that it took 12 minutes to
deploy Office XP via GPO but that it took only eight minutes to do the
're-deploy' - after updating the AIP to SP3.

If you have ever worked in an environment where there are still legacy
clients ( WIN9x and WINNT ) that can not make use of GPOs then you have
possibly used an AIP to install Office 2000 or Office XP. When you patch
the AIP you then need to go to each client and run 'start msiexec.exe /i
\\blahblahblah REINSTALL=ALL REINSTALLMODE=vomus or =vomu /qb.

HTH,

Cary

Andrew,

Only speaking to the question of redistribute - yes it does!

But, I am not really all that clear on this. I have patched many many many
Office 2000 installations and then redeployed and it does not take all that
long for the deployment to occur. Granted, all of these have been on the
local LAN at 100Mbps.

I will need to look into this in greater detail. I mean, I have always
known that the Redistribute will cause the 'whole' package to go, but it
does not seem like it takes all that long when it actually happens!

I will ask Darren!

Cary

I'm trying to find a way to distibute the Office 2000 and 2003 patches for
the GDI+ unchecked buffer vulnerability listed at
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx.

All clients are Windows 2000 so the OS is not an issue (SUS would have taken
care of that anyway), but they do have either Office 2000 or Office 2003
installed via a GPO which I need to get patched.

My understanding of the patch (which is an MSP file) is that I need to patch
the admin installation point then trigger a redeployment of the application.
Would this cause the whole Office suit to be reinstalled?

I have a lot of users on slow links (ISDN/512K ADSL) and would like to avoid
a 300-400M download for what is only a 9M patch.

Is my understanding of the process correct and,if so, is there another

way

 

[Andrew Mitchell]

Andrew,

This is something that I probably should have known right off of the
bat.

Darren did some testing and determined that the 're-deploy' is not a
'remove and fresh install' but where the Installer does a special kind
of install with the /vomus options and that these options replace most
but not all of the package. So, this is why the 're-deploy' seemed to
be quicker. It seemed to because it is quicker. Darren noticed that it
took 12 minutes to deploy Office XP via GPO but that it took only eight
minutes to do the 're-deploy' - after updating the AIP to SP3.

Great news. Just had a look at http://support.microsoft.com/default.aspx?
scid=kb;EN-US;227091 and it looks like the /vomus option causes updated or
missing files to be replaced, user and computer registry entries to be
inserted and shortcuts to be recreated. Based on that, the 9meg update should
be not much more than that. Sounds like a winner.

If you have ever worked in an environment where there are still legacy
clients ( WIN9x and WINNT ) that can not make use of GPOs then you have
possibly used an AIP to install Office 2000 or Office XP. When you
patch the AIP you then need to go to each client and run 'start
msiexec.exe /i \\blahblahblah REINSTALL=ALL REINSTALLMODE=vomus or =vomu
/qb.

No worries with that here (finally). It's all Win2k or WinXP desktops.

Thanks again.

Andy.