Deploy Service Pack 3 for XP via Login script in a Windows 2003 server environment

I want to Deploy Service Pack 3 for XP  to our XP Service pack 2 clients via a Login script.

I have multiple sites to update to service pack 3, so I have decided to send a CD out to the sites and included on the CD will be the WindowsXP-KB936929-SP3-x86-ENU.exe and also the new dot net framework dotnetfx35.exe.

The CD will be put in the site server's CDROM. From there I wish to run a script that installs both XP SP3 and the new dot net.

Can someone please provide me with a script or batch file to complete this task when a user logs into their machine. For example - User logs in and the script checks if they are updated to XP SP3 with latest dotnet, if not, the script runs and install begins, if so the script closes.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Have you considered using GPOs instead of login scripts:

Also, I take it you don't have WSUS in your infrastructure?
hmmm not very elegant solution (quite ugly IMHO all users are admins???)
try WindowsXP-KB936929-SP3-x86-ENU.exe /? for command line options

better use need it for patch management

or a at least a GPO software installation (with DFS you can get a source to be local)

m   a   r  c
SCRLPBAuthor Commented:
okay then how do I use group policy with DFS to install the XP SP3
WSUS is not yet in use.
The trouble is the large cross site topology. I don't want to install from our central server as each site will have to download it from that central server causing havoc on our bandwidth. I have a W2k3 DC at each site so can someone give me info on how to deploy the SP3 via GPO without pointing to one DC to flood our bandwidth.
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

SCRLPBAuthor Commented:
I followed the directions of this article
That will work fine, BUT, I can't have each client at our multiple sites coming back to the central server where the share is located to get the XPSP3 update, otherwise they might as well just download it off the internet themselves.
I would love for the XPSP3 update to be somehow assigned to each sites Domain controller and then when the users login, they get a Group Policy that direct's them to a share on their local Domain controller to install XPSP3.
I do not want to have to login to each of our 38 Domain controllers at our 38 sites and setup a share, and copy the XPSP3 update into it unless absoulutely necessary.
Well, you have two options (that I know of).

Put the file on a DFS share that has replication partners at all the sites that need the update. Point the GPO towards the \\DFSShare\Path\Update.exe and then each client will pull it from his local DFS partner.


Create a OU in AD for each site, associate the machine accounts from the various sites with their respective OUs, and apply different GPOs to each specifying a local path.
OUs and multiple GPOs can work but is going to be hell to support.

First make sure active directory site and services are well populated
you have a site for each physical site
in each site you have at least one DC
subnets are well defined

then create a DFS
I would call it "install" so you can use it for other application deployment later on
imagine deploying adobe reader java of whatever msi (even office) the same way ( is a good source). you can modify sync schedule to run only overnight so there will be no network impact.

wait for all the DFS to sync
make sure users can read in there

deploy a GPO to install application and give as an install source path \\\install\whateverfolder\whatever.msi
If step 1 is correct every computer will resolve this share as being the in its own site so you'll get only local traffic.
one problem though users will have to wait for the install to finish before login in so you need to communicate before.

If you plan to deploy WSUS accelerate it and use it for SP3 much better. if you have a small number of users on the sites with good Internet connection then you can even not store updates locally and let BITS download it slowly from MS thus decreasing the number of servers and storage needed.  a good config can even catch homeworkers.

You can configure WSUS  using GPO on site (see 1st step) so even traveling users will get to the correct WSUS server.

m   a   r   c

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
oups just noticed
38 DCs ???????? how many users ?

thousands ?
forget all that; get professional help and install a deployment tool such as SMS or other

then you've got a design problem I would speculate half of WAN traffic is used for replication.

m a  r   c
Yeah, I didn't realize you had 38 sites with 38 DCs. You should REALLY have a WSUS or SMS infrastructure to manage your updates.
SCRLPBAuthor Commented:
Okay so I setup a software install policy to distribute Adobe Reader (as a test) and it worked fine. The folder I put the installer in was \\\SYSVOL\\staging areas\adobe
This worked fine from my PC in the same site as the main domain controller. This adobe folder has replicated out to our 38 sites overnight, so they now all have a copy of it in their local DC SYSVOL folders.
If I was to apply the GPO to one of the sites, would it now install Adobe Reader from it's local DC SYSVOL folder, or would it come back to the main domain controller? How would I confirm where it is installing it from?
Is there a problem in using the SYSVOL folder to deploy software, or should I be using a DFS share. If I should be using a DFS share, does that replicate to all sites like SYSVOL and if so where is it located?
SCRLPBAuthor Commented:
Easy for you to say, you didn't inherit a network with many problems in terms of it's design. I know many of the risks faced with what I am trying to accomplish using SYSVOL, but we are desperate to get this update out to our sites and I have a deadline of 1 week so I would appreciate advice rather than petty criticism when you know nothing of our time contraints or the state of the network.
As long as your AD sites are set up correctly the clients should read the SYSVOL folder from the local DC against which they authenticate.
I think your a little over the line lecaf.

I think he is well aware that his network isn't in the best shape, but he is asking a question so he can do a job in the time allotted with the tools he currently has. There is no need to come down hard on him.
SCRLPBAuthor Commented:
I have implemented DFS and setup replication to occur during the night. Because of this I am now able to apply a GPO to distribute the patch without dramaticly affecting the network.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.