Security Patches

Posted on 2004-11-29
Last Modified: 2010-04-13
I have downloaded most of win2k's security patches and placed them in a directory. could anyone help me out with a script where i could install them at one go.
I have already installed SP4

thanks in advance guys!
Question by:Fahim-M
    LVL 11

    Accepted Solution

    LVL 57

    Expert Comment

    by:Pete Long
    Why not just use SUS? then you wont have to keep revisiting the problem everytime a new critical update comes out?

    Implementing SUS (software update services)

    First download SUS from
    (SUS10SP1.exe 33009 KB)

    Go to the machine server that you want to run SUS on and ensure IIS is installed, in Server 2000 go to control panel >add remove programs > windows components, and add it in. In server 2003 go to "Manage your server and add the web server role.

    Run the above .exe file.

    go to http://localhost/SUSAdmin, click syncronise server > syncronise now

    First it will download the catalogue, this will be quite quick, then it will download all the updates and service packs (this will take a looooong time - at time of writing there are over 5000 of them and some of them are 100Mb+) Microsoft recommends you have AT LEAST 6 gb free on the server to hold all this stuff. I’ve usually found this stalls and falls over a few times, simply exit and go back into SUSAdmin and restart the "synchronise now" to pick up where it left off.

    When its complete go to the "Approve Update" tab and tick the items you want to approve for distribution.

    ------------Now you need to configure the client PC's---------------

    You can do this in two ways either by LOCAL policy that means you need to configure it on each client or through Domain Policy.

    1. If you are setting this up on the Domain skip to number 2, On the client click Start > Run > gpedit.msc {enter}

    2. If you are doing this on a Local PC skip to number 3, On a domain controller open administrative tools > Active directory users and computers, right click the domain (you can do this on an OU too if you wish) and select Properties > Group Policy > select the "default Domain Policy" and click Edit.

    3. Navigate to Computer Configuration > Administrative Templates >Windows Components > Windows Update. On the right pane locate "Configure Automatic Updates" and right click it, select properties.

    4. Select Enabled, in the first drop down box you set the action for the updates, I prefer not to frighten my users so I select "4 - Auto download and schedule the install" you can now set the schedule by default its set to 0300 which isn’t no good if all your PC's are shut down at that time (set it to 1400)

    5. Click "Next Setting" > Enable > in both box's type the URL of your SUS server (i.e. http://servername). then Click "Next Setting" > if you see a "enable client side targeting properties page click "Next Setting" the next screen shout ask for a wait period after start-up for the updates to run select enables and enter 5 minutes.

    6. Click "Next Setting" this comes in to play if an update requires a reboot, for an explanation click the "Explain" tab, I set this to Enable. that meant it will inform the user but not reboot.

    7. Click OK exit the policy editor, you can force the policy to take effect, by clicking..

    XP and server 2003: Start > run > gpupdate {enter}

    You can test to see if they have applied by right clicking "My computer" > Properties > Automatic Updates, and the time you set in policy should be shown and all the options "greyed out"

    Deployment guide

    Featured Post

    Gigs: Get Your Project Delivered by an Expert

    Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

    Join & Write a Comment

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now