Security Patches

I have downloaded most of win2k's security patches and placed them in a directory. could anyone help me out with a script where i could install them at one go.
I have already installed SP4


thanks in advance guys!
Fahim-MAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Pete LongTechnical ConsultantCommented:
Why not just use SUS? then you wont have to keep revisiting the problem everytime a new critical update comes out?

Implementing SUS (software update services)

First download SUS from http://www.microsoft.com/downloads/details.aspx?FamilyId=A7AA96E4-6E41-4F54-972C-AE66A4E4BF6C&displaylang=en
(SUS10SP1.exe 33009 KB)

Go to the machine server that you want to run SUS on and ensure IIS is installed, in Server 2000 go to control panel >add remove programs > windows components, and add it in. In server 2003 go to "Manage your server and add the web server role.

Run the above .exe file.

go to http://localhost/SUSAdmin, click syncronise server > syncronise now

First it will download the catalogue, this will be quite quick, then it will download all the updates and service packs (this will take a looooong time - at time of writing there are over 5000 of them and some of them are 100Mb+) Microsoft recommends you have AT LEAST 6 gb free on the server to hold all this stuff. I’ve usually found this stalls and falls over a few times, simply exit and go back into SUSAdmin and restart the "synchronise now" to pick up where it left off.

When its complete go to the "Approve Update" tab and tick the items you want to approve for distribution.

------------Now you need to configure the client PC's---------------

You can do this in two ways either by LOCAL policy that means you need to configure it on each client or through Domain Policy.

1. If you are setting this up on the Domain skip to number 2, On the client click Start > Run > gpedit.msc {enter}

2. If you are doing this on a Local PC skip to number 3, On a domain controller open administrative tools > Active directory users and computers, right click the domain (you can do this on an OU too if you wish) and select Properties > Group Policy > select the "default Domain Policy" and click Edit.

3. Navigate to Computer Configuration > Administrative Templates >Windows Components > Windows Update. On the right pane locate "Configure Automatic Updates" and right click it, select properties.

4. Select Enabled, in the first drop down box you set the action for the updates, I prefer not to frighten my users so I select "4 - Auto download and schedule the install" you can now set the schedule by default its set to 0300 which isn’t no good if all your PC's are shut down at that time (set it to 1400)

5. Click "Next Setting" > Enable > in both box's type the URL of your SUS server (i.e. http://servername). then Click "Next Setting" > if you see a "enable client side targeting properties page click "Next Setting" the next screen shout ask for a wait period after start-up for the updates to run select enables and enter 5 minutes.

6. Click "Next Setting" this comes in to play if an update requires a reboot, for an explanation click the "Explain" tab, I set this to Enable. that meant it will inform the user but not reboot.

7. Click OK exit the policy editor, you can force the policy to take effect, by clicking..

XP and server 2003: Start > run > gpupdate {enter}
2000: Start > run > SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE  

You can test to see if they have applied by right clicking "My computer" > Properties > Automatic Updates, and the time you set in policy should be shown and all the options "greyed out"


Links
Deployment guide http://download.microsoft.com/download/c/d/8/cd8ac959-37a8-4e5b-860a-465b179984af/SUS_Deployguide_sp1.doc
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.