December 13th, 2002, 01:53 PM
Distributing Microsoft Patches
I was just wondering if anybody knew of an easy way to distribute patches easily on a windows 2000 network. At work we have downloaded all the Microsoft patches using MBSA but now need to distribute them. I know we could write a script that would run the patches on all the machines but wouldn't that require a lot of clicking of the users part (accept , restart etc) especially since most of the machines need about 14 patches. Sorry if this seems like a stupid question but I just can't find a way round it
December 13th, 2002, 02:31 PM
http://www.ecora.com/ecora/ has a proggie called patchmeister that I am Beta'ing... It is working quite well so far and will be a Godsend on a large network. It is relatively cost effective too.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
December 13th, 2002, 02:40 PM
Check out SUS (Software Update Service) from MS..
Credit travels up, blame travels down -- The Boss
December 13th, 2002, 02:57 PM
Thanks a lot, the links were very helpful, looks like we have almost got the problem sorted, cheers guys !
December 13th, 2002, 04:42 PM
Thought I would post this just in case anybody else needed some info on how to easily install multiple hotfixes. This is using qchain which is a free MS utility:
This is how to use qchain in such a way that you only have to reboot once:
December 13th, 2002, 04:47 PM
Thanks for the QChain link. Also, couldnt you send this out through Active Directory in Win2k Server? You can assign the Group Policy to have everyone run the patches on startup or shutdown.
N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)
December 13th, 2002, 06:20 PM
You could very easily do this through login scripts. But if you don't setup the installer to run through Qchain, they cannot install multiple hotfixes together at the same time, an avoid rebooting multiple times. Your script would also have to be intelligent enough to check what OS the person is running and other little checks like that. Otherwise you might end up trying to push hotfixes to the wrong OS type. Of course, if all of your client machines look the same, this might not be an issue you have to worry about.
December 13th, 2002, 09:56 PM
I have found this little proggie particularly useful in the past.
"...to some of us
reading the manual is
December 14th, 2002, 12:36 AM
There a few programs which I have experience with.
SUS (which is what Ammo suggested) is a program I have had very good experiences with, plus it's fairly easy to set up and maintain. I use SUS for most of my networking needs at my office, with one of my employees writing custom scripts when I need specific patches which SUS doesn't inherently support.
Another program I have used is UpdateEXPERT by St. Bernard (www.updateexpert.com). It can update Windows, IIS, Windows Media and Office.
Finally, if you're looking to simply search for updates across a SOHO network, I would recommend Microsoft Baseline Security Analyzer or HFNetChk (you can also spend some money and purchase more advanced versions of both of those from Shavlik Technologies, though I haven't had any experience with any of those).