Solved

Deploy Service Pack 3 for XP via Login script in a Windows 2003 server environment

Posted on 2008-10-21
14
2,260 Views
Last Modified: 2013-12-12
I want to Deploy Service Pack 3 for XP  to our XP Service pack 2 clients via a Login script.

I have multiple sites to update to service pack 3, so I have decided to send a CD out to the sites and included on the CD will be the WindowsXP-KB936929-SP3-x86-ENU.exe and also the new dot net framework dotnetfx35.exe.

The CD will be put in the site server's CDROM. From there I wish to run a script that installs both XP SP3 and the new dot net.

Can someone please provide me with a script or batch file to complete this task when a user logs into their machine. For example - User logs in and the script checks if they are updated to XP SP3 with latest dotnet, if not, the script runs and install begins, if so the script closes.
0
Comment
Question by:SCRLPB
  • 5
  • 5
  • 3
14 Comments
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22772749
Have you considered using GPOs instead of login scripts:

http://www.itcore.us/windows/38-windows-xp-professional/93-deploy-windows-xp-service-pack-3-using-group-policy

Also, I take it you don't have WSUS in your infrastructure?
0
 
LVL 5

Expert Comment

by:lecaf
ID: 22772753
hmmm not very elegant solution (quite ugly IMHO all users are admins???)
try WindowsXP-KB936929-SP3-x86-ENU.exe /? for command line options

better use WSUS...you need it for patch management

or a at least a GPO software installation (with DFS you can get a source to be local)

m   a   r  c
0
 

Author Comment

by:SCRLPB
ID: 22773026
okay then how do I use group policy with DFS to install the XP SP3
WSUS is not yet in use.
The trouble is the large cross site topology. I don't want to install from our central server as each site will have to download it from that central server causing havoc on our bandwidth. I have a W2k3 DC at each site so can someone give me info on how to deploy the SP3 via GPO without pointing to one DC to flood our bandwidth.
0
 

Author Comment

by:SCRLPB
ID: 22773323
I followed the directions of this article
 http://technet.microsoft.com/en-gb/library/bb457070.aspx
That will work fine, BUT, I can't have each client at our multiple sites coming back to the central server where the share is located to get the XPSP3 update, otherwise they might as well just download it off the internet themselves.
I would love for the XPSP3 update to be somehow assigned to each sites Domain controller and then when the users login, they get a Group Policy that direct's them to a share on their local Domain controller to install XPSP3.
I do not want to have to login to each of our 38 Domain controllers at our 38 sites and setup a share, and copy the XPSP3 update into it unless absoulutely necessary.
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22773557
Well, you have two options (that I know of).

Put the file on a DFS share that has replication partners at all the sites that need the update. Point the GPO towards the \\DFSShare\Path\Update.exe and then each client will pull it from his local DFS partner.

OR

Create a OU in AD for each site, associate the machine accounts from the various sites with their respective OUs, and apply different GPOs to each specifying a local path.
0
 
LVL 5

Accepted Solution

by:
lecaf earned 500 total points
ID: 22779338
OUs and multiple GPOs can work but is going to be hell to support.

First make sure active directory site and services are well populated
you have a site for each physical site
in each site you have at least one DC
subnets are well defined
http://technet.microsoft.com/en-us/library/cc758663.aspx

then create a DFS
http://technet.microsoft.com/en-us/library/bb727150.aspx
I would call it "install" so you can use it for other application deployment later on
imagine deploying adobe reader java of whatever msi (even office) the same way (www.appdeploy.com is a good source). you can modify sync schedule to run only overnight so there will be no network impact.

wait for all the DFS to sync
make sure users can read in there

deploy a GPO to install application and give as an install source path \\domain.com\install\whateverfolder\whatever.msi
If step 1 is correct every computer will resolve this share as being the in its own site so you'll get only local traffic.
one problem though users will have to wait for the install to finish before login in so you need to communicate before.

If you plan to deploy WSUS accelerate it and use it for SP3 much better. if you have a small number of users on the sites with good Internet connection then you can even not store updates locally and let BITS download it slowly from MS thus decreasing the number of servers and storage needed.  a good config can even catch homeworkers.

You can configure WSUS  using GPO on site (see 1st step) so even traveling users will get to the correct WSUS server.

m   a   r   c
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 5

Expert Comment

by:lecaf
ID: 22779419
oups just noticed
38 DCs ???????? how many users ?

thousands ?
forget all that; get professional help and install a deployment tool such as SMS or other

hundreds?
then you've got a design problem I would speculate half of WAN traffic is used for replication.

m a  r   c
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22780809
Yeah, I didn't realize you had 38 sites with 38 DCs. You should REALLY have a WSUS or SMS infrastructure to manage your updates.
0
 

Author Comment

by:SCRLPB
ID: 22781934
Okay so I setup a software install policy to distribute Adobe Reader (as a test) and it worked fine. The folder I put the installer in was \\ourdomain.com\SYSVOL\ourdomain.com\staging areas\adobe
This worked fine from my PC in the same site as the main domain controller. This adobe folder has replicated out to our 38 sites overnight, so they now all have a copy of it in their local DC SYSVOL folders.
If I was to apply the GPO to one of the sites, would it now install Adobe Reader from it's local DC SYSVOL folder, or would it come back to the main domain controller? How would I confirm where it is installing it from?
Is there a problem in using the SYSVOL folder to deploy software, or should I be using a DFS share. If I should be using a DFS share, does that replicate to all sites like SYSVOL and if so where is it located?
0
 

Author Comment

by:SCRLPB
ID: 22791160
Easy for you to say, you didn't inherit a network with many problems in terms of it's design. I know many of the risks faced with what I am trying to accomplish using SYSVOL, but we are desperate to get this update out to our sites and I have a deadline of 1 week so I would appreciate advice rather than petty criticism when you know nothing of our time contraints or the state of the network.
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22798788
As long as your AD sites are set up correctly the clients should read the SYSVOL folder from the local DC against which they authenticate.
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22800883
I think your a little over the line lecaf.

I think he is well aware that his network isn't in the best shape, but he is asking a question so he can do a job in the time allotted with the tools he currently has. There is no need to come down hard on him.
0
 

Author Comment

by:SCRLPB
ID: 22809996
I have implemented DFS and setup replication to occur during the night. Because of this I am now able to apply a GPO to distribute the patch without dramaticly affecting the network.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Today companies are subjected to more-and-more data, and it won't stop any time soon.  But there are obvious opportunities for reducing data, particularly data duplicated among companies.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
The viewer will learn common shortcuts with easy ways to remember them. The viewer will then learn where to find all of the keyboard shortcuts, how to create/change them, and how to speed up their workflow.
Using Adobe Premiere Pro, the viewer will learn how to set up a sequence with proper settings, importing pictures, rendering, and exporting the finished product.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now