• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 342
  • Last Modified:

Need to install patches/softwares to more than 200 worstations.

Hi, We need to install patches/software to more than 200 workstations. Please help to get easy way to push the softwares/patch to all the workstations without doing manual install.
0
Sekar Chinnakannu
Asked:
Sekar Chinnakannu
  • 18
  • 14
  • 4
  • +3
1 Solution
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
How you do it depends on what you are patching - Windows?  Then use WSUS.  
0
 
Sekar ChinnakannuSenior EngineerAuthor Commented:
WSUS no yet configured, planning with group policy? any idea
0
 
Neil RussellTechnical Development LeadCommented:
Group policy does not install windows updates.

You need to install and configure wither WSUS or SCCM

A WSUS install on windows 2008 takes about 2 hours to get up and running ready to go. Then you use a GPO to point all your workstations at the WSUS server for updates. Job done.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Sekar ChinnakannuSenior EngineerAuthor Commented:
forget patches forget at this point.  how about software installation for example adobe reader and winzip,

I need this 2 software to push more than 200 workstations.
0
 
LikeWindowsCommented:
You have two ways to do that with GPO:

1. Creating a startup script which runs the installation of the programs and run it per GPO (in Computer Configuration/Windows Settings/Scripts)
2. Creating an MSI Package of the Software and deploy it per GPO (in Computer Configuration/Software Settings/Software Installations)

In both ways when restarting the workstations the software will be installed during startup.
0
 
LikeWindowsCommented:
Important is when you run the installation as a script that you have to run the installation in silent/quiet mode without user input.

For Adobe Reader here is a link in the forum what the command line would look like:
http://forums.adobe.com/thread/754256
0
 
David Johnson, CD, MVPOwnerCommented:
gfi languard is what we use here http://www.gfi.com
0
 
Sekar ChinnakannuSenior EngineerAuthor Commented:
Hi, Like windows, Could you please help me to get the steps to run the installation at startup while restarting.
0
 
LikeWindowsCommented:
Yes , I can do that.

For Adobe Reader X:
1. Create a new Batch File, like script.bat , with an Editor (like Windows Editor) with following:

@Echo Off
\\DomainControllerComputerName\AdobeRdr.exe /msi EULA_ACCEPT=YES /qn

2. Save the File into the Netlogon Folder on the Domain Controller. (\\DC\NETLOGON). Also save the Adobe Reader Installation File there.
3. Then Open the Group Policy Management Console and Create a New Group Policy called "GP SW Install" or similar.
4. Edit the new GP under Computer Settings/Windows Settings/Scripts(Startup/Shutdown) and add the new Script by Browsing to the Netlogon Folder : \\DC\NETLOGON.
5. Close the Group Policy Console.
6. After restart the computers where this policy is assigned to should get the Installation. You might need to restart twice to get this policy assigned.
0
 
Sekar ChinnakannuSenior EngineerAuthor Commented:
Hi, Like windows, how about permission to user. In our environment users dont have access to install the softwares.
0
 
LikeWindowsCommented:
When you add the script under Computer Configuration in the Group Policy it will use the SYSTEM Account to execute the script and not the User account. The SYSTEM account has full access.
0
 
Sekar ChinnakannuSenior EngineerAuthor Commented:
System account you mean local account which is member of the admin group right.
0
 
LikeWindowsCommented:
Yes this is correct. This account has admin rights.
0
 
Sekar ChinnakannuSenior EngineerAuthor Commented:
but someone have to login using that account on each and every workstation to install, most of our workstations are in remote locatoin.
0
 
David Johnson, CD, MVPOwnerCommented:
no the SYSTEM account is a built-in account no one can log into it!
0
 
David Johnson, CD, MVPOwnerCommented:
WSUS on your server will update windows updates for your clients, but for non-Microsoft you will need some way of identifying what patches are available and how to send them via group policy to the clients.  Which is why we use GFI languard it maintains a list of non-microsoft updates and you can push them to the clients it uses an agent on the client you do have to setup a user account with admin privileges (the user does not have to know the password for this account).  It is not free but during the 2011 beta you can use it for free or evaluate it for 30 days for free.
0
 
LikeWindowsCommented:
Hi Sekarc4u,

With the script in the GPO Computer Configuration the software will be installed at computer startup in the background before somebody logs into the machine.
0
 
Sekar ChinnakannuSenior EngineerAuthor Commented:
Hi, Like windows, I tried no luck. After several restart
0
 
LikeWindowsCommented:
Can you log in as Administrator and check the Event Log if there is something in there. Usually when you apply the GP to the machines and restart them it should tell you in the start up window before the Windows login screen comes up : Applying Computer Configuration, Run Start Up Scripts.
0
 
Sekar ChinnakannuSenior EngineerAuthor Commented:
I am able to see while startup indication installing...once I login the software not installed and not able to see. For example I tried adobe flash player. I pused .msi format.
0
 
LikeWindowsCommented:
So were you using the Software Installation Node  in Group Policy under Computer Settings or did you use the Startup/Shutdown Scripts node ?
When you are using MSI Packages then you should use the Software Installation node under Computer Configuration/Software Settings.
0
 
Sekar ChinnakannuSenior EngineerAuthor Commented:
I am using Startup/Shutdown Scripts node as per your steps.

1. Create a new Batch File, like script.bat , with an Editor (like Windows Editor) with following:

@Echo Off
\\DomainControllerComputerName\AdobeRdr.exe /msi EULA_ACCEPT=YES /qn

2. Save the File into the Netlogon Folder on the Domain Controller. (\\DC\NETLOGON). Also save the Adobe Reader Installation File there.
3. Then Open the Group Policy Management Console and Create a New Group Policy called "GP SW Install" or similar.
4. Edit the new GP under Computer Settings/Windows Settings/Scripts(Startup/Shutdown) and add the new Script by Browsing to the Netlogon Folder : \\DC\NETLOGON.
5. Close the Group Policy Console.
6. After restart the computers where this policy is assigned to should get the Installation. You might need to restart twice to get this policy assigned.
0
 
David Johnson, CD, MVPOwnerCommented:
how are you going to maintain the adobe and other third party apps.. adobe reader is a major malware target these days.. need a logon script to disable scripting in reader/acrobat
0
 
Sekar ChinnakannuSenior EngineerAuthor Commented:
Still i am in testing phase, and we pushing some adobe patches after consulting with Adobe. Once it get success we proceed with prod.
0
 
vak73Commented:
0
 
Sekar ChinnakannuSenior EngineerAuthor Commented:
We dont wnat any third party tools, Please help me to get this done throug GPO.
0
 
LikeWindowsCommented:
HI sekarc4u,

Please can you post the used script here ? Also can you run that script manually in Windows and see if it works. After that we can troubleshoot it further.
0
 
Sekar ChinnakannuSenior EngineerAuthor Commented:
@Echo Off
\\abcd.defg.com\sysvol\scripts\AdobeRdr.exe /msi EULA_ACCEPT=YES /qn
0
 
LikeWindowsCommented:
The installation file name in sysvol  is (re)named adoberdr.exe , isn't it ? Just asking, as I think the original download file is named different.
0
 
Sekar ChinnakannuSenior EngineerAuthor Commented:
original file name adopereader.exe, communicatiorplus.msi
0
 
LikeWindowsCommented:
So you modifed the script to:

@Echo Off
\\abcd.defg.com\sysvol\scripts\AdobeReader.exe /msi EULA_ACCEPT=YES /qn

right ?
0
 
Sekar ChinnakannuSenior EngineerAuthor Commented:
yes
0
 
LikeWindowsCommented:
ok, so when you run this script manually as a test in Windows on the command line does it do anything ?
0
 
Sekar ChinnakannuSenior EngineerAuthor Commented:
no i never tried manually by running this script, if you want I will check and update.
0
 
LikeWindowsCommented:
yes that would be good , then we can see if this suggested script is actually working properly.
0
 
Sekar ChinnakannuSenior EngineerAuthor Commented:
ran the script manually got popup and closed
0
 
LikeWindowsCommented:
can you run it from the command line directly instead of doubleclicking on the script. Then we can see if there is any error message.
0
 
Sekar ChinnakannuSenior EngineerAuthor Commented:
will check and update you.
0
 
Sekar ChinnakannuSenior EngineerAuthor Commented:
working fine
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 18
  • 14
  • 4
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now