Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Patch Installation

Posted on 2006-11-08
9
388 Views
Last Modified: 2010-04-13
Hi,
This is regarding windows patch management, someone could help me.

I have many windows 2000 and windows xp clients in my environment. During the initial installation of the clients, i used to install the uptodate patches that available until the time of client installation. but now, most of them not updated for long time. Now, if i want to update all of them, whats the best way?

Should i apply all the patches from beginning to now? (windows may skip the patch that is already installed?)
or should i search in all systems which are installed or not installed?

Thanks for any advice

0
Comment
Question by:Basheerpt
  • 4
  • 4
9 Comments
 
LVL 14

Expert Comment

by:inbarasan
ID: 17897129
Dear Basheerpt,
You may use WSUS to deploy patches and automate the patch deployment. If you want to apply patches individually then you can go to site http://update.microsoft.com , With that you can update patches

To know more about wsus check the link http://www.microsoft.com/windowsserversystem/updateservices/

Cheers!
0
 
LVL 5

Author Comment

by:Basheerpt
ID: 17897424
I may be downloaded all the patches from security bulletin website. how to install them offline without checking what is already installed  and not?
0
 
LVL 2

Expert Comment

by:DennisPost
ID: 17937883
I was looking at SUS & WSUS to keep everything up to date.
In the end I just turn on Automatic Updates. (Users don't need to be an Administrator)

I also created a batch file:
\\<server>\Hotfixes\xp-kb885250.exe -z -u
\\<server>\Hotfixes\xp-kb887472.exe -z -U
\\<server>\Hotfixes\xp-kb888113.exe -z -U
\\<server>\Hotfixes\xp-kb888302.exe -z -U
\\<server>\Hotfixes\xp-kb890046.exe -z -U
\\<server>\Hotfixes\qchain.exe

Check out this site for more information:
support.microsoft.com/kb/296861
AND
support.microsoft.com/kb/815062

This is a simple batch. If you have lots of workstations then you might want to improve it a bit.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 5

Author Comment

by:Basheerpt
ID: 17938121
Thanks Dennis,

How do I turn on the Automatic Update and point the clients to get updates from lacal server as mentioned in the batchfile? Sorry, its an instant reply, i didnt read the KBs you recommended, i will read now

Thanks
0
 
LVL 2

Expert Comment

by:DennisPost
ID: 17938231
You don't.
You could just enable Automatic Updates on each machine or via GPO. All updates will be downloaded and installed.

If you already have a whole bunch of hotfixes ready, then create the batch file and run it on each machine.
I only created the batchfile because it takes a very long time to download then install all the hotfixes.
With the batch file you don't have to download all the hotfixes for each machine, once only then the machines
will read it from a central location.
Also if I have to setup a new machine then all I have to do is run the batch and it's as up to date as my batch is.

Alternatively you could do as inbarasan suggested.
On each machine goto update.microsoft.com and run the updates from there.
Personally I wouldn't do this because as each update comes out, you'll have to do it again on each machine. (Very tedious).

We only have 20 workstations here so my way was easiest for me. If you've got a larger environment then WSUS is probably the way to go.

But check out the site inbarasan gave you and decide for yourself.

goodluck!
0
 
LVL 5

Author Comment

by:Basheerpt
ID: 17944833
Thanks for this nice information Dennis.

My Scenario is little different as follows:

1. There are mixed of Windows XP and Windows 2000, so i may have to create separate GPO for each of them and put those relevant computers where applicable.

2. I already have installed some of the patches, if i install the whole bunch of patch in my batch file, how it will treated? overwrite the existing or skipping?

I somewhere read that, if your computer run smoothly, dont patch anything!! (someone posted from real experience, unofficial comment.:-)

Thanks
0
 
LVL 2

Accepted Solution

by:
DennisPost earned 50 total points
ID: 17945193
How to configure and use Windows 2000 Automatic Updates:
http://support.microsoft.com/kb/327850

How to schedule Automatic Updates:
http://support.microsoft.com/kb/327838

Here's a forum about it.
http://www.tek-tips.com/viewthread.cfm?qid=1274074

As far as the exact behaviour of how patches react if you reinstall them, I don't know. I can tell you that I have done it
many many times before and did not experienced any difficulties. The only time it might become a problem is if  patch2 updates patch1 and then you reinstall patch1.
I found this MS article about hotfixes:
http://www.microsoft.com/windows2000/downloads/servicepacks/SP4/HFDeploy.htm
If you are really worried about unforseen things happening, then run automatic updates on all machines before creating the batch file. (Remeber you don't even really need to).

What you heard about don't patch if it's not needed is true to a degree. "If it's not broken, don't try to fix it".
But most updates via Automatic Updates are security fixes.  You may not know it's broken until it's too late.
There are a lot of optional updates. These can cause trouble if you don't actually need them. Automatic Update doesn't
download these optional updates automatically. I fact Microsoft recommends that you don't install them unless your situation is exactly as described in the KB about the patch, otherwise wait for the fully tested service pack to come out.
This is also why people use WSUS. Then they can test every patch that comes out. If it doesn't cause problems then
they can deploy it to the enterprise. This is over the top for a small company like mine.

Hope this answers your question. :-)
Goodluck!!
0
 
LVL 5

Author Comment

by:Basheerpt
ID: 17945260
Dennis, Thanks a lot. You are so informative! all of my workstations doesnt have the Internet, so I cannot think of running AU on all systems. I will go through the articles u suggested and I hope i would find an acceptable solution for my scenario.

I appreciate your help and i am happy to give you the point..:-)
0
 
LVL 2

Expert Comment

by:DennisPost
ID: 17945278
Thanks and goodluck to you!
Remeber if you ever get stuck on anything, post it here!
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 2000 Kerberos problem 5 331
ClamAV for Old Windows 2000 Server 7 2,081
Retrieve process time in memory in VB 6 128
Windows startup/shutdown date/time log 7 147
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question