Solved

Patch Installation

Posted on 2006-11-08
9
385 Views
Last Modified: 2010-04-13
Hi,
This is regarding windows patch management, someone could help me.

I have many windows 2000 and windows xp clients in my environment. During the initial installation of the clients, i used to install the uptodate patches that available until the time of client installation. but now, most of them not updated for long time. Now, if i want to update all of them, whats the best way?

Should i apply all the patches from beginning to now? (windows may skip the patch that is already installed?)
or should i search in all systems which are installed or not installed?

Thanks for any advice

0
Comment
Question by:Basheerpt
  • 4
  • 4
9 Comments
 
LVL 14

Expert Comment

by:inbarasan
Comment Utility
Dear Basheerpt,
You may use WSUS to deploy patches and automate the patch deployment. If you want to apply patches individually then you can go to site http://update.microsoft.com , With that you can update patches

To know more about wsus check the link http://www.microsoft.com/windowsserversystem/updateservices/

Cheers!
0
 
LVL 5

Author Comment

by:Basheerpt
Comment Utility
I may be downloaded all the patches from security bulletin website. how to install them offline without checking what is already installed  and not?
0
 
LVL 2

Expert Comment

by:DennisPost
Comment Utility
I was looking at SUS & WSUS to keep everything up to date.
In the end I just turn on Automatic Updates. (Users don't need to be an Administrator)

I also created a batch file:
\\<server>\Hotfixes\xp-kb885250.exe -z -u
\\<server>\Hotfixes\xp-kb887472.exe -z -U
\\<server>\Hotfixes\xp-kb888113.exe -z -U
\\<server>\Hotfixes\xp-kb888302.exe -z -U
\\<server>\Hotfixes\xp-kb890046.exe -z -U
\\<server>\Hotfixes\qchain.exe

Check out this site for more information:
support.microsoft.com/kb/296861
AND
support.microsoft.com/kb/815062

This is a simple batch. If you have lots of workstations then you might want to improve it a bit.
0
 
LVL 5

Author Comment

by:Basheerpt
Comment Utility
Thanks Dennis,

How do I turn on the Automatic Update and point the clients to get updates from lacal server as mentioned in the batchfile? Sorry, its an instant reply, i didnt read the KBs you recommended, i will read now

Thanks
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 2

Expert Comment

by:DennisPost
Comment Utility
You don't.
You could just enable Automatic Updates on each machine or via GPO. All updates will be downloaded and installed.

If you already have a whole bunch of hotfixes ready, then create the batch file and run it on each machine.
I only created the batchfile because it takes a very long time to download then install all the hotfixes.
With the batch file you don't have to download all the hotfixes for each machine, once only then the machines
will read it from a central location.
Also if I have to setup a new machine then all I have to do is run the batch and it's as up to date as my batch is.

Alternatively you could do as inbarasan suggested.
On each machine goto update.microsoft.com and run the updates from there.
Personally I wouldn't do this because as each update comes out, you'll have to do it again on each machine. (Very tedious).

We only have 20 workstations here so my way was easiest for me. If you've got a larger environment then WSUS is probably the way to go.

But check out the site inbarasan gave you and decide for yourself.

goodluck!
0
 
LVL 5

Author Comment

by:Basheerpt
Comment Utility
Thanks for this nice information Dennis.

My Scenario is little different as follows:

1. There are mixed of Windows XP and Windows 2000, so i may have to create separate GPO for each of them and put those relevant computers where applicable.

2. I already have installed some of the patches, if i install the whole bunch of patch in my batch file, how it will treated? overwrite the existing or skipping?

I somewhere read that, if your computer run smoothly, dont patch anything!! (someone posted from real experience, unofficial comment.:-)

Thanks
0
 
LVL 2

Accepted Solution

by:
DennisPost earned 50 total points
Comment Utility
How to configure and use Windows 2000 Automatic Updates:
http://support.microsoft.com/kb/327850

How to schedule Automatic Updates:
http://support.microsoft.com/kb/327838

Here's a forum about it.
http://www.tek-tips.com/viewthread.cfm?qid=1274074

As far as the exact behaviour of how patches react if you reinstall them, I don't know. I can tell you that I have done it
many many times before and did not experienced any difficulties. The only time it might become a problem is if  patch2 updates patch1 and then you reinstall patch1.
I found this MS article about hotfixes:
http://www.microsoft.com/windows2000/downloads/servicepacks/SP4/HFDeploy.htm
If you are really worried about unforseen things happening, then run automatic updates on all machines before creating the batch file. (Remeber you don't even really need to).

What you heard about don't patch if it's not needed is true to a degree. "If it's not broken, don't try to fix it".
But most updates via Automatic Updates are security fixes.  You may not know it's broken until it's too late.
There are a lot of optional updates. These can cause trouble if you don't actually need them. Automatic Update doesn't
download these optional updates automatically. I fact Microsoft recommends that you don't install them unless your situation is exactly as described in the KB about the patch, otherwise wait for the fully tested service pack to come out.
This is also why people use WSUS. Then they can test every patch that comes out. If it doesn't cause problems then
they can deploy it to the enterprise. This is over the top for a small company like mine.

Hope this answers your question. :-)
Goodluck!!
0
 
LVL 5

Author Comment

by:Basheerpt
Comment Utility
Dennis, Thanks a lot. You are so informative! all of my workstations doesnt have the Internet, so I cannot think of running AU on all systems. I will go through the articles u suggested and I hope i would find an acceptable solution for my scenario.

I appreciate your help and i am happy to give you the point..:-)
0
 
LVL 2

Expert Comment

by:DennisPost
Comment Utility
Thanks and goodluck to you!
Remeber if you ever get stuck on anything, post it here!
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now