We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Patch Installation

Basheerpt
Basheerpt asked
on
Medium Priority
424 Views
Last Modified: 2010-04-13
Hi,
This is regarding windows patch management, someone could help me.

I have many windows 2000 and windows xp clients in my environment. During the initial installation of the clients, i used to install the uptodate patches that available until the time of client installation. but now, most of them not updated for long time. Now, if i want to update all of them, whats the best way?

Should i apply all the patches from beginning to now? (windows may skip the patch that is already installed?)
or should i search in all systems which are installed or not installed?

Thanks for any advice

Comment
Watch Question

Dear Basheerpt,
You may use WSUS to deploy patches and automate the patch deployment. If you want to apply patches individually then you can go to site http://update.microsoft.com , With that you can update patches

To know more about wsus check the link http://www.microsoft.com/windowsserversystem/updateservices/

Cheers!

Author

Commented:
I may be downloaded all the patches from security bulletin website. how to install them offline without checking what is already installed  and not?
I was looking at SUS & WSUS to keep everything up to date.
In the end I just turn on Automatic Updates. (Users don't need to be an Administrator)

I also created a batch file:
\\<server>\Hotfixes\xp-kb885250.exe -z -u
\\<server>\Hotfixes\xp-kb887472.exe -z -U
\\<server>\Hotfixes\xp-kb888113.exe -z -U
\\<server>\Hotfixes\xp-kb888302.exe -z -U
\\<server>\Hotfixes\xp-kb890046.exe -z -U
\\<server>\Hotfixes\qchain.exe

Check out this site for more information:
support.microsoft.com/kb/296861
AND
support.microsoft.com/kb/815062

This is a simple batch. If you have lots of workstations then you might want to improve it a bit.

Author

Commented:
Thanks Dennis,

How do I turn on the Automatic Update and point the clients to get updates from lacal server as mentioned in the batchfile? Sorry, its an instant reply, i didnt read the KBs you recommended, i will read now

Thanks
You don't.
You could just enable Automatic Updates on each machine or via GPO. All updates will be downloaded and installed.

If you already have a whole bunch of hotfixes ready, then create the batch file and run it on each machine.
I only created the batchfile because it takes a very long time to download then install all the hotfixes.
With the batch file you don't have to download all the hotfixes for each machine, once only then the machines
will read it from a central location.
Also if I have to setup a new machine then all I have to do is run the batch and it's as up to date as my batch is.

Alternatively you could do as inbarasan suggested.
On each machine goto update.microsoft.com and run the updates from there.
Personally I wouldn't do this because as each update comes out, you'll have to do it again on each machine. (Very tedious).

We only have 20 workstations here so my way was easiest for me. If you've got a larger environment then WSUS is probably the way to go.

But check out the site inbarasan gave you and decide for yourself.

goodluck!

Author

Commented:
Thanks for this nice information Dennis.

My Scenario is little different as follows:

1. There are mixed of Windows XP and Windows 2000, so i may have to create separate GPO for each of them and put those relevant computers where applicable.

2. I already have installed some of the patches, if i install the whole bunch of patch in my batch file, how it will treated? overwrite the existing or skipping?

I somewhere read that, if your computer run smoothly, dont patch anything!! (someone posted from real experience, unofficial comment.:-)

Thanks
How to configure and use Windows 2000 Automatic Updates:
http://support.microsoft.com/kb/327850

How to schedule Automatic Updates:
http://support.microsoft.com/kb/327838

Here's a forum about it.
http://www.tek-tips.com/viewthread.cfm?qid=1274074

As far as the exact behaviour of how patches react if you reinstall them, I don't know. I can tell you that I have done it
many many times before and did not experienced any difficulties. The only time it might become a problem is if  patch2 updates patch1 and then you reinstall patch1.
I found this MS article about hotfixes:
http://www.microsoft.com/windows2000/downloads/servicepacks/SP4/HFDeploy.htm
If you are really worried about unforseen things happening, then run automatic updates on all machines before creating the batch file. (Remeber you don't even really need to).

What you heard about don't patch if it's not needed is true to a degree. "If it's not broken, don't try to fix it".
But most updates via Automatic Updates are security fixes.  You may not know it's broken until it's too late.
There are a lot of optional updates. These can cause trouble if you don't actually need them. Automatic Update doesn't
download these optional updates automatically. I fact Microsoft recommends that you don't install them unless your situation is exactly as described in the KB about the patch, otherwise wait for the fully tested service pack to come out.
This is also why people use WSUS. Then they can test every patch that comes out. If it doesn't cause problems then
they can deploy it to the enterprise. This is over the top for a small company like mine.

Hope this answers your question. :-)
Goodluck!!

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Dennis, Thanks a lot. You are so informative! all of my workstations doesnt have the Internet, so I cannot think of running AU on all systems. I will go through the articles u suggested and I hope i would find an acceptable solution for my scenario.

I appreciate your help and i am happy to give you the point..:-)
Thanks and goodluck to you!
Remeber if you ever get stuck on anything, post it here!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.