?
Solved

Security Patches

Posted on 2004-11-29
2
Medium Priority
?
280 Views
Last Modified: 2010-04-13
I have downloaded most of win2k's security patches and placed them in a directory. could anyone help me out with a script where i could install them at one go.
I have already installed SP4


thanks in advance guys!
0
Comment
Question by:Fahim-M
2 Comments
 
LVL 11

Accepted Solution

by:
cfairley earned 500 total points
ID: 12695228
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12695440
Why not just use SUS? then you wont have to keep revisiting the problem everytime a new critical update comes out?

Implementing SUS (software update services)

First download SUS from http://www.microsoft.com/downloads/details.aspx?FamilyId=A7AA96E4-6E41-4F54-972C-AE66A4E4BF6C&displaylang=en
(SUS10SP1.exe 33009 KB)

Go to the machine server that you want to run SUS on and ensure IIS is installed, in Server 2000 go to control panel >add remove programs > windows components, and add it in. In server 2003 go to "Manage your server and add the web server role.

Run the above .exe file.

go to http://localhost/SUSAdmin, click syncronise server > syncronise now

First it will download the catalogue, this will be quite quick, then it will download all the updates and service packs (this will take a looooong time - at time of writing there are over 5000 of them and some of them are 100Mb+) Microsoft recommends you have AT LEAST 6 gb free on the server to hold all this stuff. I’ve usually found this stalls and falls over a few times, simply exit and go back into SUSAdmin and restart the "synchronise now" to pick up where it left off.

When its complete go to the "Approve Update" tab and tick the items you want to approve for distribution.

------------Now you need to configure the client PC's---------------

You can do this in two ways either by LOCAL policy that means you need to configure it on each client or through Domain Policy.

1. If you are setting this up on the Domain skip to number 2, On the client click Start > Run > gpedit.msc {enter}

2. If you are doing this on a Local PC skip to number 3, On a domain controller open administrative tools > Active directory users and computers, right click the domain (you can do this on an OU too if you wish) and select Properties > Group Policy > select the "default Domain Policy" and click Edit.

3. Navigate to Computer Configuration > Administrative Templates >Windows Components > Windows Update. On the right pane locate "Configure Automatic Updates" and right click it, select properties.

4. Select Enabled, in the first drop down box you set the action for the updates, I prefer not to frighten my users so I select "4 - Auto download and schedule the install" you can now set the schedule by default its set to 0300 which isn’t no good if all your PC's are shut down at that time (set it to 1400)

5. Click "Next Setting" > Enable > in both box's type the URL of your SUS server (i.e. http://servername). then Click "Next Setting" > if you see a "enable client side targeting properties page click "Next Setting" the next screen shout ask for a wait period after start-up for the updates to run select enables and enter 5 minutes.

6. Click "Next Setting" this comes in to play if an update requires a reboot, for an explanation click the "Explain" tab, I set this to Enable. that meant it will inform the user but not reboot.

7. Click OK exit the policy editor, you can force the policy to take effect, by clicking..

XP and server 2003: Start > run > gpupdate {enter}
2000: Start > run > SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE  

You can test to see if they have applied by right clicking "My computer" > Properties > Automatic Updates, and the time you set in policy should be shown and all the options "greyed out"


Links
Deployment guide http://download.microsoft.com/download/c/d/8/cd8ac959-37a8-4e5b-860a-465b179984af/SUS_Deployguide_sp1.doc
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question