Help With A Batch Script

At the servers in my network are Windows 2003. I do not run WSUS to install my updates. I would like to add on to my current login script critical updates that need to be installed. I have office PC's and shop floor PC's. All of my office PC's are running WinXP Pro along with most of my shop floor PC's. Some are running windows 2000. I am testing the following .bat file locally on my machine.

@echo off
setlocal
set PATHTOFIXES=C:\Update
%PATHTOFIXES%\WindowsXP-KB958644-X86-ENU.exe /quiet /norestart

My question is how do I incorporate an if then else statement the would only install on my office pc's and not the shop floor pc's.

Example:

If PC name = shop floor1 then "do nothing"
then
@echo off
setlocal
set PATHTOFIXES=C:\Update
%PATHTOFIXES%\WindowsXP-KB958644-X86-ENU.exe /quiet /norestart
elseif pc name = shop floor 2 then "do nothing"
then
@echo off
setlocal
set PATHTOFIXES=C:\Update
%PATHTOFIXES%\WindowsXP-KB958644-X86-ENU.exe /quiet /norestart
end if

I would also like to make it to check to see if the .exe already exists to not re-install.

Please note that I have no programming background in this so I need an easy explaination and solution.

Thanks....


djp12345Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rich RumbleSecurity SamuraiCommented:
You should change your methods a little bit... you should probably use the MBSA and it can scan a range of IP's and install critical updates on certain PC's so you don't have to wait for a hotfix to install before doing work.
http://msdn.microsoft.com/en-us/library/aa302360.aspx
Read the bottom of this article to exclude pc's through the GUI
http://technet.microsoft.com/en-us/library/cc180302.aspx

You can create a list of PC's names or IP's that you want to patch and use the /listfile option
mbsacli.exe /listfile not-shop-pcs.txt /n OS
-rich
0
djp12345Author Commented:
-rich

I am currently running the scan now but I'm not sure what you mean by your last comment:

the /listfile option
mbsacli.exe /listfile not-shop-pcs.txt /n OS

I guess my question is still how do I patch these once I get my listing? Pardon my inexperience
0
Rich RumbleSecurity SamuraiCommented:
No problem... the listfile option is for the command line scanner, not the GUI, the second link I provided above details how to exclude certain PC's in the GUI. If you do use the cli, the listfile would contain one IP or PC name per line
pc01
pc02
pc03
192.168.1.5
192.168.1.6
etc...
And you call that text file with /listfile c:\name_of_file.txt
Give the full path to the file if it's not in the MBSA directory (c:\program files\Microsoft baseline security scanner)
The GUI can do much more than the cli, for some reason... and when you do use a listfile or ip range in the cli the output is much more terse and the /ld option can't be used... for all cli options just use the standard /? ( mbsacli.exe /? ) for the help function.
GFI LNSS and HFNetChk (who actually originally created the mbsa) are also great tools for patching and scanning, and have many more features and capabilities than the MBSA
http://www.gfi.com/downloads/downloads.aspx?pid=lanss&lid=en
http://www.shavlik.com/netchk-protect.aspx
-rich
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
djp12345Author Commented:
OK I'm still missing something. I understand how to use basline security analyzer to view what machines need updates. But I don't know how to push them to the machines. I'm sorry to be a rock on this but can you detail it further for a simpleton like me.

Example: step one open cmd line
step two: do this
Step three: do something else
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.