General discussion


windows patch installation in enterprise

anyone has a good solution to install windows patches automatically throughout enterprise? it is a nightmare to install the patch one by one if i have several hundreds to install the patch.
Last time Blast virus has driven us mad when installing such a little patch on all pcs.

anyone can help?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by tech_wiz03 In reply to windows patch installatio ...

Ok, big problem with blaster virus is due to microsofts failure to keep the internet inactive during installs. As soon as you have installed and before you can put in protection microsofts auto update open all channels and tries to dialout or connect through the lan/adsl. So start by making sure machine is disconnected from all internet sources until you have firewall in place. Next restrict all access in and out until individual confirmation by you is given. Download updates to store them locally without install. download blaster fix without install option. disconnect from net, scann downloaded files first then install baster patch first then updates.

Note other computers on the network should not be attached during all this. when you have first pc fully set up, attach one computer at a time without net and upgrade it. Proceed to next untill all are upgraded then you may connect to net and should be safe.


Collapse -

by pgm554 In reply to windows patch installatio ...

The only sure way to automate distribution of patches to a network would be to use some sort of management product.

The ones that come to mind are M$ SMS and Novell Zen Works.
In a mixed network env (3.1, 95, 98,NT4,2000,XP,Linux)Zen covers all of the bases.
You don't need a Novell server,you can run it off of NT or 2000.It takes care of all desktop and server management issues from top to bottom.
It has imaging built in (a la Ghost).

SMS 2.0, works kinda,but has many issues and doesn't support anything but M$.
There is a new version of SMS coming out, but it requires AD 2003.

Anyway you look at it ,the best ways are going to cost $.

Collapse -

by bill7718 In reply to windows patch installatio ...

MS has a tool that scans the network for PC's "KB 824146 Scanner for MS03-026 and MS03-039 Patches". Then you put the results in a VB script that MS has (article 827227) and it'll push the patch out to each machine. It installs the patch and reboots the PC then moves on to the next one on the list. Pretty slick to run at night as long as all machines are on.

Collapse -

by azizhakim In reply to windows patch installatio ...

free tool from SUS.Software Update services is the way to go.Download install.All Patches and will test all patches on test Computer and if all is well,Authorize the fixes,create group policy on revelant computers or users if you prefer.All pc's will be forced install or to your prefrerance.Synchronize from MS Site @ schedule.Look into it and hope it helps

Collapse -

by Maity-boy In reply to windows patch installatio ...

Trying to do the same thing mate. see my post printed off the microsoft scripted rollout but it looks rather confusing (3 pages of VB Script) wondered if my rolling out via logon script (If I can find the correct Environment variable to distinguish between NT 2K and XP)will work using netlogon to hold the files and distributing to bdc's via replication?

Collapse -

by Maity-boy In reply to

I've offered 2000pts in my post so we might get a solution

Related Discussions

Related Forums