Novell is now a part of Micro Focus

Using AutoPatcher XP to patch workstations using ZENworks

Novell Cool Solutions: Feature
By Brian Snipes

Digg This - Slashdot This

Updated: 1 Aug 2006

Utilities needed:

  1. Install AutoPatcher (current version April, 2006) on an XP workstation. This will extract all files into 'C:\Program Files\AutoPatcher' and place shortcuts on your desktop for running and uninstalling it.
  2. Run AutoPatcher and choose all of the security patches. Make sure you DO NOT choose additional software like Macromedia Flash and Shockwave. Shockwave opens up an Internet Explorer window when installing and it would run as the SYSTEM user giving the user sitting at the machine full access to the hard drive. Choosing just the Microsoft patches doesn't do that.
  3. When you are finished choosing your patches, shift-click on the Module Details button. This will allow you to save your choices to a defaults.ini file so that you can automate the patch installs. After saving the ini file cancel the install.
  4. Copy your 'C:\Program Files\AutoPatcher' directory to a network location and place the defaults.ini file you saved earlier into that same location.
  5. Uninstall AutoPatcher from the workstation.
  6. Download the 'cmdow.exe' file and place it into the AutoPatcher directory on your server.
  7. Create a file called 'run.bat' and place it into the AutoPatcher directory on the server.

Here is an example file (modify for your paths):

--- run.bat begin ---
@echo off
\\server\data\applications\installs\zen\autopatcher\cmdow.exe @ /hid
pushd \\server\data\applications\installs\zen\autopatcher
start /wait autopatcher.exe /noreboot /unattend:t3 /noeula /defaults:defaults.ini
--- run.bat end---

Here is what the run.bat file does:

  • Disables echo to screen.
  • Runs the cmdow.exe utility and hides the command prompt that pops up when run.bat is executed.
  • Uses WinXP's built-in pushd command to create a drive letter for the SYSTEM user and puts the command shell environment into the path. This is needed since AutoPatcher will not run with a UNC path.
  • Runs autopatcher.exe unattended with no user interactions and using our defaults.ini file. There are other command-line options available. Look at the AutoPatcher Forums for the details.
  • Removes the drive letter.


Create a simple application object with the run comand pointing to the 'run.bat' file location. Example: \\server\data\applications\installs\zen\autopatcher\run.bat

Under Identification/Icon:

  1. Uncheck 'Disconnectable'
  2. Check 'Wait on force run'
  3. Check 'Determine force run order' and set your order number. I put 3 in mine since I want it to patch prior to anything else.
  4. Uncheck 'Show progress' if you don't want the user to see anything.

Under 'Distribution Options'/Options:

  1. Check 'Distribute in Workstation Security Space if Workstation Associated'
  2. Select Reboot/Always option

Under 'Run Options'/Application:
Check 'Run application once' and 'Force Run As User If Application Is Workstation Associated'

Under 'Run Options'/Environment:
Option the 'Run as unsecure system user'

Under Availability/'Distribution Rules':
Add 'OS Version' >= 5.1 for XP

Under Availability/Schedule:
Select 'Range of days', make sure the Monday through Friday buttons are pushed in and Sunday and Saturday buttons are not pushed in. Set your start and end time for the application to be run and the number of minutes to randomly spreads the starts out over.
MAJOR GOTCHA: if you have all the day buttons pushed in, the application will be available 24 hours a day and the start and end times will be ignored.


Give your workstation group (or individual workstations) RF rights to the AutoPatcher network location and assocate the application with the workstation group or workstations.

If you have any questions you may contact Brian at

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates