Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Deploy Windows 7 SP1 Group Policy

Posted on 2011-03-04
24
Medium Priority
?
1,726 Views
Last Modified: 2012-08-14
Hi,
We have an SBS 2003 R2 server network and several Windows 7 64 bit machines which require SP1 installing.
I have created a script to install and placed it in a Shutdown event in a group policy that applies only to Windows 7 / Vista machines.

@echo off
ECHO Running Windows 7 SP1 update...
"\\myserver\Win7 SP1\windows6.1-KB976932-X64.exe" /quiet /nodialog /norestart
If %ERRORLEVEL%==0 (ECHO Update to Win 7 SP1 %DATE% %TIME% > "\\myserver\Win7 SP1\%COMPUTERNAME%.txt") ELSE (ECHO Failed with error %ERRORLEVEL% Win 7 SP1 update %DATE% %TIME% > "\\myserver\Win7 SP1\%COMPUTERNAME%.txt"

Open in new window


The install file is in a shared folder with access for everybody, but the install seems to be failing continuously.

I'm after some advice on the best way to roll this out, without manually installing.
Also we don't use WSUS or anything to manage Windows updates at the moment.

Thanks in advance.
0
Comment
Question by:chrismanncalgavin
  • 7
  • 6
  • 4
  • +3
23 Comments
 
LVL 11

Expert Comment

by:Tasmant
ID: 35036508
Did you try to run your script localy one time, with no logon or logoff script to see if it works? (it should, all seems correct).
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35036959
In the shutdown event does the script not run in the MACHINE context rather than the use?  In that case you will nedd to give DOMAIN COMUTERS rights to the share and not users or groups with users in.
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 668 total points
ID: 35036970
You would be far better off deploying a WSUS server for all of your updates.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Expert Comment

by:Tasmant
ID: 35037052
I think you point the issue Neilsr. Computers accounts most probably don't have access to the share.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35037239
"Authenticated Users" would be all you need as computers belong to this group




FYI Sp1 is still not available via WSUS or the Update Catalog as of yet
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35038686
Yes Computers DO belong to this group but Surely best practice is to be as restrictive as possible? If the share is for deploying updates that are run in the context of the computer then that should be the rights assigned to the share.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35038736
Share permissions "Authenticated Users", NTFS permissions more restrictive
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 35042586
I agree NielSr, impliment WSUS..  03/04/11 05:18 AM, ID: 35036970
"You would be far better off deploying a WSUS server for all of your updates."

Then, you don't have problems with end user licensing. Yes, if you violate EULA, most service packs and windows updates will NOT install. This is why your technet version of these trial products don't update.

There are too many outlying factors that you have to control with a script, like EULA. You are better off implimenting WSUS.

 
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 1332 total points
ID: 35050293
SBS 2003 R2 has WSUS installed and configured by default. You should only need to approve the update and it will automatically push out to client machines.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35052313
Windows 7 Sp1 has not been made available via WSUS or the Microsoft catalog yet....so administrators will have to wait until then before they can approve or import into WSUS.
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 1332 total points
ID: 35052672
Have you tried adding pause statements between the lines of the script, access and run from a PC, and see if within the DOS/Command window if any errors appear, such as those that might refer to path, permissions, or syntax?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35052874
Or placing it in startup script rather than shutdown?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35052915
or logoff script.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35052935
Sorry a logoff script would not have sufficient privlages to run the .exe unless they were an admin.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35053074
Does this vbs script work successfully ?
sExePath = "\\myserver\Win7 SP1\windows6.1-KB976932-X64.exe" 
sSwitches = " /quiet /nodialog /norestart" 


Set oShell = CreateObject("WScript.Shell") 


sRegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" 


' suppress error in case values does not exist 
On Error Resume Next 


' check for marker 
sRegMarkerValue = ""  ' init value 
sRegMarkerValue = oShell.RegRead( sRegKey & "\windows6.1-KB976932-X64.exe") 
On Error Goto 0 


' to be sure update is installed only once, test on marker 
If sRegMarkerValue <> "yes" Then 


   oShell.Run Chr(34) & sExePath & Chr(34) & " " & sSwitches, 1, True 


   ' create marker 
   oShell.RegWrite sRegKey & "\windows6.1-KB976932-X64.exe", "yes" 
End If

Open in new window

0
 
LVL 8

Author Comment

by:chrismanncalgavin
ID: 35068156
Hi all,

Thanks for the comments so far.
-So, I tried running locally and it runs fine with administrator rights.
-I added DOMAIN COMPUTERS and AUTHENTICATED USERS to the NTFS permissions and share permissions, still not working
-I do not have WSUS installed as far as I can tell, can someone maybe explain how to set it up?
I am concerned we have several web services running such as OWA and Sophos Puremessage, hopefully it won't interfere.
-Have tried dstewartjr's VB script, but still appears to fail
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35069083
Have you tried as a Startup script as dstewartjr suggested? I don't know that an install will work during shutdown. You may also have to disable UAC or did it not prompt when you manually ran the script with the /quiet switch.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35325365
Though valuable accurate information has been provided by multiple 'experts' with no final replies from the author I would suggest close/delete/refund
--Rob
0
 
LVL 8

Author Comment

by:chrismanncalgavin
ID: 35331426
Hi all,
Sorry for the long delay.
In the end I decided to try WSUS, but it seemed to use a huge amount of available memory for the SQL server database.
On our SBS server with 4gb RAM I couldn't afford to lose 1gb of available memory!
So installed all Win7 SP1 machines, and then uninstalled WSUS.

Thanks again.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35331511
So you used wsus as I recommended? Good
0
 
LVL 8

Author Closing Comment

by:chrismanncalgavin
ID: 35331536
All useful comments helped me arrive at a solution.
WSUS in my case was less than ideal though as it really slowed down our SBS 2003 R2 server and used a large amount of RAM.
With it being 32bit, RAM is limited to 4GB also.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35333152
Once WSUS has caught up with and applied updates it should not take up that much in the way of resources but it has a lot of "catching up" to do.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35333745
A little FYI, you can manage the amount of memory consumed by your WSUS.


http://bartvdw.wordpress.com/2010/03/07/limit-sql-server-maximum-memory-allocation-for-wsus-instance/


I suggest you give WSUS another shot :^)
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question