Solved

Deploy Windows 7 SP1 Group Policy

Posted on 2011-03-04
24
1,642 Views
Last Modified: 2012-08-14
Hi,
We have an SBS 2003 R2 server network and several Windows 7 64 bit machines which require SP1 installing.
I have created a script to install and placed it in a Shutdown event in a group policy that applies only to Windows 7 / Vista machines.

@echo off
ECHO Running Windows 7 SP1 update...
"\\myserver\Win7 SP1\windows6.1-KB976932-X64.exe" /quiet /nodialog /norestart
If %ERRORLEVEL%==0 (ECHO Update to Win 7 SP1 %DATE% %TIME% > "\\myserver\Win7 SP1\%COMPUTERNAME%.txt") ELSE (ECHO Failed with error %ERRORLEVEL% Win 7 SP1 update %DATE% %TIME% > "\\myserver\Win7 SP1\%COMPUTERNAME%.txt"

Open in new window


The install file is in a shared folder with access for everybody, but the install seems to be failing continuously.

I'm after some advice on the best way to roll this out, without manually installing.
Also we don't use WSUS or anything to manage Windows updates at the moment.

Thanks in advance.
0
Comment
Question by:chrismanncalgavin
  • 7
  • 6
  • 4
  • +3
24 Comments
 
LVL 11

Expert Comment

by:Tasmant
ID: 35036508
Did you try to run your script localy one time, with no logon or logoff script to see if it works? (it should, all seems correct).
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35036959
In the shutdown event does the script not run in the MACHINE context rather than the use?  In that case you will nedd to give DOMAIN COMUTERS rights to the share and not users or groups with users in.
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 167 total points
ID: 35036970
You would be far better off deploying a WSUS server for all of your updates.
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35037052
I think you point the issue Neilsr. Computers accounts most probably don't have access to the share.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35037239
"Authenticated Users" would be all you need as computers belong to this group




FYI Sp1 is still not available via WSUS or the Update Catalog as of yet
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35038686
Yes Computers DO belong to this group but Surely best practice is to be as restrictive as possible? If the share is for deploying updates that are run in the context of the computer then that should be the rights assigned to the share.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35038736
Share permissions "Authenticated Users", NTFS permissions more restrictive
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 35042586
I agree NielSr, impliment WSUS..  03/04/11 05:18 AM, ID: 35036970
"You would be far better off deploying a WSUS server for all of your updates."

Then, you don't have problems with end user licensing. Yes, if you violate EULA, most service packs and windows updates will NOT install. This is why your technet version of these trial products don't update.

There are too many outlying factors that you have to control with a script, like EULA. You are better off implimenting WSUS.

 
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 333 total points
ID: 35050293
SBS 2003 R2 has WSUS installed and configured by default. You should only need to approve the update and it will automatically push out to client machines.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35052313
Windows 7 Sp1 has not been made available via WSUS or the Microsoft catalog yet....so administrators will have to wait until then before they can approve or import into WSUS.
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 333 total points
ID: 35052672
Have you tried adding pause statements between the lines of the script, access and run from a PC, and see if within the DOS/Command window if any errors appear, such as those that might refer to path, permissions, or syntax?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35052874
Or placing it in startup script rather than shutdown?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35052915
or logoff script.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35052935
Sorry a logoff script would not have sufficient privlages to run the .exe unless they were an admin.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35053074
Does this vbs script work successfully ?
sExePath = "\\myserver\Win7 SP1\windows6.1-KB976932-X64.exe" 
sSwitches = " /quiet /nodialog /norestart" 


Set oShell = CreateObject("WScript.Shell") 


sRegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" 


' suppress error in case values does not exist 
On Error Resume Next 


' check for marker 
sRegMarkerValue = ""  ' init value 
sRegMarkerValue = oShell.RegRead( sRegKey & "\windows6.1-KB976932-X64.exe") 
On Error Goto 0 


' to be sure update is installed only once, test on marker 
If sRegMarkerValue <> "yes" Then 


   oShell.Run Chr(34) & sExePath & Chr(34) & " " & sSwitches, 1, True 


   ' create marker 
   oShell.RegWrite sRegKey & "\windows6.1-KB976932-X64.exe", "yes" 
End If

Open in new window

0
 
LVL 8

Author Comment

by:chrismanncalgavin
ID: 35068156
Hi all,

Thanks for the comments so far.
-So, I tried running locally and it runs fine with administrator rights.
-I added DOMAIN COMPUTERS and AUTHENTICATED USERS to the NTFS permissions and share permissions, still not working
-I do not have WSUS installed as far as I can tell, can someone maybe explain how to set it up?
I am concerned we have several web services running such as OWA and Sophos Puremessage, hopefully it won't interfere.
-Have tried dstewartjr's VB script, but still appears to fail
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35069083
Have you tried as a Startup script as dstewartjr suggested? I don't know that an install will work during shutdown. You may also have to disable UAC or did it not prompt when you manually ran the script with the /quiet switch.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35325365
Though valuable accurate information has been provided by multiple 'experts' with no final replies from the author I would suggest close/delete/refund
--Rob
0
 
LVL 8

Author Comment

by:chrismanncalgavin
ID: 35331426
Hi all,
Sorry for the long delay.
In the end I decided to try WSUS, but it seemed to use a huge amount of available memory for the SQL server database.
On our SBS server with 4gb RAM I couldn't afford to lose 1gb of available memory!
So installed all Win7 SP1 machines, and then uninstalled WSUS.

Thanks again.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35331511
So you used wsus as I recommended? Good
0
 
LVL 8

Author Closing Comment

by:chrismanncalgavin
ID: 35331536
All useful comments helped me arrive at a solution.
WSUS in my case was less than ideal though as it really slowed down our SBS 2003 R2 server and used a large amount of RAM.
With it being 32bit, RAM is limited to 4GB also.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35333152
Once WSUS has caught up with and applied updates it should not take up that much in the way of resources but it has a lot of "catching up" to do.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35333745
A little FYI, you can manage the amount of memory consumed by your WSUS.


http://bartvdw.wordpress.com/2010/03/07/limit-sql-server-maximum-memory-allocation-for-wsus-instance/


I suggest you give WSUS another shot :^)
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Learn about cloud computing and its benefits for small business owners.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now