Novell Home

Distributing Microsoft Security Patches Silently

Novell Cool Solutions: Trench
By Justin Birt

Rate This Page

Reader Rating  stars  from 14 ratings

Digg This - Slashdot This

Posted: 4 Feb 2004 		 

I have been working at a site of approximately 600 workstations, and needed a way of distributing the latest Security Patches from Microsoft to counter RPC attacks.

There was a requirement to do this by "stealth," so the distribution had to be hidden and the workstation re-boot suppressed. (Patch would not be in place until the next day when users started their machines and logged in.)

SOLUTION: A simple ZEN app was created that copied the Security patch to C:\WINNT\TEMP on the users workstation.

This was then run by placing the following in the Run Options > Path to File field:

C:\WINNT\TEMP\Windows2000-KB824146-x86-ENU.exe /z /q

The /z and /q switches suppressed the re-boot and made the install silent. The application object was set to Force Run with Run Application Once enabled. For good measure Application Distribution Success and Application Launch Success were logged to a csv for audit purposes.

This method was considered preferable to a snAppShot as it utilised Microsoft's own installer to do all the work.

If you have any questions you may contact Justin at justin.birt@virgin.net

Other Suggestions

Sangita Patel

Command line parameter: /q /C:"dahotfix.exe /q /n"

Run the \ENU_Q832483_MDAC_x86.EXE

That's it.

Reader Comments

  • You would need to use Unsecure Sytem User or Secure Sytem user if they are a restricted user. you could copy it locallly and not to change the rest of your setup or give the workstation read access to where you have the updates. Also you may need to use: /quiet /norestart for the newer fixes or /q:a /c:"dasetup.exe /q /n" (for things like MDAC) See: http://support.microsoft.com/default.aspx?kbid=262841
  • bang on
  • We do the same, but instead of using 'run once' check for patch install via existence of the registry key recommended by MacroSoft (as the NAL app running doesn't guarantee actually indicate successful patch deployment...)
  • Works a treat
  • I leave it up to automatic update combined with our own SUS server from Microsoft. With ZENWorks would be great if there was a way to determine the support pack level or language of a workstation.
  • Wouldn't it be great is Micro$oft would build silent/non-reboot functionality into SUS and save us some time!?

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

Novell® Making IT Work As One

© 2008 Novell, Inc. All Rights Reserved.