Distribute Windows NT Security Updates
Novell Cool Solutions: Tip
By Richard Engel
Digg This -
Posted: 23 Jul 2004
For distribution of NT 4.0 security updates I created an appobject in ZfD 3.2 that will run a Wsh script to distribute updates.
Once the appobject and script are created, all that is required is copying the latest security updates to a "update repository" on a shared drive and then updating the Wsh script with an entry for each patch as shown in script sample.
The install directory for each specific critical update is used as a flag to determine if the critical update needs to be installed. If the specific patch "install directory" does not exist, the patch will be installed. This allows for some logic in the scripting process to keep current with distribution of patches and allows current updates to be pushed out as required.
Reboot of the workstation after the install can be set as needed using the appropriate switch.
The nice thing is that it only requires one appobject; you just need to keep current with newly released critical updates and update the associated wsh script.
Sample entry for NT update wsh script:
IF NOT WSHFileSystem.FolderExists("C:\Winnt\$NtUninstallKB824146$") THEN WSHShell.Run "Q:\UPDATES\WindowsNT4Workstation-KB824146-x86-ENU.exe -z -q", 1, TRUE END IF
Great idea, but initially it didn't work for us. I spoke with one of our developers who managed to add the following lines into the beginning of the .vbs file that is run from a NAL object:
Dim WSHShell Dim WSHFileSystem Set WSHShell = WScript.CreateObject("WScript.Shell") Set WSHFileSystem= WScript.CreateObject("Scripting.FileSystemObject")
Also, we found that if you are running Win2K SP3 or before you will have to add the CompatibleRUPSecurity registry flag value as per TID 10074402 or you don't get your roaming profile anymore.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com