Solved

Help With A Batch Script

Posted on 2008-10-24
4
710 Views
Last Modified: 2012-05-05
At the servers in my network are Windows 2003. I do not run WSUS to install my updates. I would like to add on to my current login script critical updates that need to be installed. I have office PC's and shop floor PC's. All of my office PC's are running WinXP Pro along with most of my shop floor PC's. Some are running windows 2000. I am testing the following .bat file locally on my machine.

@echo off
setlocal
set PATHTOFIXES=C:\Update
%PATHTOFIXES%\WindowsXP-KB958644-X86-ENU.exe /quiet /norestart

My question is how do I incorporate an if then else statement the would only install on my office pc's and not the shop floor pc's.

Example:

If PC name = shop floor1 then "do nothing"
then
@echo off
setlocal
set PATHTOFIXES=C:\Update
%PATHTOFIXES%\WindowsXP-KB958644-X86-ENU.exe /quiet /norestart
elseif pc name = shop floor 2 then "do nothing"
then
@echo off
setlocal
set PATHTOFIXES=C:\Update
%PATHTOFIXES%\WindowsXP-KB958644-X86-ENU.exe /quiet /norestart
end if

I would also like to make it to check to see if the .exe already exists to not re-install.

Please note that I have no programming background in this so I need an easy explaination and solution.

Thanks....


0
Comment
Question by:djp12345
  • 2
  • 2
4 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
You should change your methods a little bit... you should probably use the MBSA and it can scan a range of IP's and install critical updates on certain PC's so you don't have to wait for a hotfix to install before doing work.
http://msdn.microsoft.com/en-us/library/aa302360.aspx
Read the bottom of this article to exclude pc's through the GUI
http://technet.microsoft.com/en-us/library/cc180302.aspx

You can create a list of PC's names or IP's that you want to patch and use the /listfile option
mbsacli.exe /listfile not-shop-pcs.txt /n OS
-rich
0
 

Author Comment

by:djp12345
Comment Utility
-rich

I am currently running the scan now but I'm not sure what you mean by your last comment:

the /listfile option
mbsacli.exe /listfile not-shop-pcs.txt /n OS

I guess my question is still how do I patch these once I get my listing? Pardon my inexperience
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 100 total points
Comment Utility
No problem... the listfile option is for the command line scanner, not the GUI, the second link I provided above details how to exclude certain PC's in the GUI. If you do use the cli, the listfile would contain one IP or PC name per line
pc01
pc02
pc03
192.168.1.5
192.168.1.6
etc...
And you call that text file with /listfile c:\name_of_file.txt
Give the full path to the file if it's not in the MBSA directory (c:\program files\Microsoft baseline security scanner)
The GUI can do much more than the cli, for some reason... and when you do use a listfile or ip range in the cli the output is much more terse and the /ld option can't be used... for all cli options just use the standard /? ( mbsacli.exe /? ) for the help function.
GFI LNSS and HFNetChk (who actually originally created the mbsa) are also great tools for patching and scanning, and have many more features and capabilities than the MBSA
http://www.gfi.com/downloads/downloads.aspx?pid=lanss&lid=en
http://www.shavlik.com/netchk-protect.aspx
-rich
0
 

Author Comment

by:djp12345
Comment Utility
OK I'm still missing something. I understand how to use basline security analyzer to view what machines need updates. But I don't know how to push them to the machines. I'm sorry to be a rock on this but can you detail it further for a simpleton like me.

Example: step one open cmd line
step two: do this
Step three: do something else
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now