We help IT Professionals succeed at work.

logon script using GPO

I need to create a logon script to install a Windows Patch. I have a bat file that is named silentinstall.cmd:

\\domain.net\SYSVOL\domain.net\scripts\DSTKB2570791.exe /quiet /norestart

I have the cmd file and update in the folder. Is this all I need to get it to install on the machines? I dont want the systems to force a reboot.
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2013
Commented:
You would need an MSI file to install using group policy.  You can use WSUS which is free and is the main tool used for patching workstations.

Thanks

Mike
Thomas NSystems Analyst - Windows System Administrator

Author

Commented:
Thanks Mike but I have wsus and I have another question open on it but it says that this patch is not applicable, which is not the case. Its the DST patch and half my machines are an hour behind so I need to force an install.
Thomas NSystems Analyst - Windows System Administrator

Author

Commented:
do u have a site that shows how to create the msi file and possibly setting it up in a GPO logon script?
CERTIFIED EXPERT
Top Expert 2013

Commented:
ok since you have WSUS you are on top of things.

Then in your case since there is this one issue your method should work.  Make sure you link the policy to where your machines are.

Thanks

Mike
Bradley FoxLAN/WAN Systems Administrator
CERTIFIED EXPERT
Commented:
You can run this script through group policy but you might want to set a flag on the system once the update is successful so the script doesn't re-run itself every time a user logs in or machine starts.  I would just create a file somewhere on the system and use the IF command to check for the file before running.

Insert the script into a new GPO under
Computer Conifg, Policies, Widows Settings, Scripts (Startup/Shutdown), Startup

If you want it to run when the user logs on
User Config, Policies, Windows Settings, Scripts (Logon/Logoff), Logon

IF EXIST C:\somefolder\DSTKB2570791.txt GOTO END 

\\domain.net\SYSVOL\domain.net\scripts\DSTKB2570791.exe /quiet /norestart

ECHO %date% %time% > c:\somefolder\DSTKB2570791.txt

:END
quit

Open in new window

Steve KnightIT Consultancy
CERTIFIED EXPERT

Commented:
Damn, mcsween got their first with what I was about to suggest.... aside from setting up WSUS and all the rest I second that approach as the users will not have (hopefully) rights to run it from a login script.

Steve
Thomas NSystems Analyst - Windows System Administrator

Author

Commented:
I installed the script and I checked, saw the script ran. The log file has a date\time of Wed 11/02/2011  9:24:47.67 but the time is still wrong. What could be the problem?
Thomas NSystems Analyst - Windows System Administrator

Author

Commented:
Also I set it as a workstation startup script.
Bradley FoxLAN/WAN Systems Administrator
CERTIFIED EXPERT

Commented:
Did you run this as a computer startup script, as dragon-it mentioned; the users probably don't have permissions to run this under their logon.

I'm not sure what you mean about the time; I didn't see any mention of time in your original question; was just asking how to install this update from a script.
Thomas NSystems Analyst - Windows System Administrator

Author

Commented:
I did a pause and the error is:

'\\domain.net\sysvol\domain.net\scripts'
CMD.EXE was started with the above path as the current directory.
UNC paths are not supported.  Defaulting to Windows directory.
Thomas NSystems Analyst - Windows System Administrator

Author

Commented:
yes I put it as a computer startup script
Thomas NSystems Analyst - Windows System Administrator

Author

Commented:
I copied mcsween's script and he has this line in there:

ECHO %date% %time% > c:\somefolder\DSTKB2570791.txt


To output a date and time.
Thomas NSystems Analyst - Windows System Administrator

Author

Commented:
sorry your script lol.  I didnt realize you asked the question.
Steve KnightIT Consultancy
CERTIFIED EXPERT
Commented:
\\domain.net\sysvol\domain.net\scripts'
CMD.EXE was started with the above path as the current directory.
UNC paths are not supported.  Defaulting to Windows directory.

is normal.  It is what it says, when you run a batch script it is just saying it set the current directory to the dir. where the batch.  Nothing to worry about.

So it sounds like it is going past your install line and onto the flag file line.

So maybe there is something in the event log about the program installing or not?

Add in some debugging perhaps:

if exist \\domain.net\SYSVOL\domain.net\scripts\DSTKB2570791.exe echo File exists OK >"%temp%\log.txt"
\\domain.net\SYSVOL\domain.net\scripts\DSTKB2570791.exe /quiet /norestart  >> "%temp%\log.txt" 2>&1
if errorlevel 1 echo Error %errorlevel% >> "%temp%\log.txt"

And see if that drops anythign in the log file in temp on pc... note this may not be the user's temp as it will run as computer.

Do you see the script running OK?

Steve

Commented:
Here is the command line I use to install the following update in my logon script:
WindowsXP-KB970653-v3-x86-ENU.exe  /z /q /u

Hope that helps!
Bradley FoxLAN/WAN Systems Administrator
CERTIFIED EXPERT

Commented:
The Date and Time echoed are coming from the system time so if the date/time is wrong on the computer it will be wrong in the text file the script outputs.

I didn't have any error control in my script (thanks Dragon).  Normally I would use VBScript or powershell for this; I'm not the best with command language.  You could very well be getting an error during the install due to incorrect switches or something else.

The directory error  you are getting is normal; it is because you started the script from a network folder and the command shell normally defaults to the directory where the batch file was launched from.
Commented:
Inspired by mcsween's comment, I just want to point out that the command line I use also have the notlogon path as the following:

"\\DomainController\netlogon\WindowsXP-KB970653-v3-x86-FRA.exe" /z /q /u

Why don't you just try your command line with the switches I use?
Thomas NSystems Analyst - Windows System Administrator

Author

Commented:
thanks i will try with those switched and then try to add the debugging from dragon-it
Thomas NSystems Analyst - Windows System Administrator

Author

Commented:
dragon-it where do i put the debugging part in the script? After the install line?
Steve KnightIT Consultancy
CERTIFIED EXPERT

Commented:
cant see my own comment at the mo but replace your existing one line running the exe with those lines i gave... Currently walking to chippy on way home...

Hth

Steve
Hth
Thomas NSystems Analyst - Windows System Administrator

Author

Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for thomastxiee's comment http:/Q_27427558.html#37071947

for the following reason:

I fixed it, i used a scheduled task instead of GPO

Commented:
@thomastxiee:
You received help, but you want to close your question without giving points nor say "thanks" ;(

Commented:
Assistance was provided.
Bradley FoxLAN/WAN Systems Administrator
CERTIFIED EXPERT

Commented:
A solution was provided for the question asked.  Another issue popped up after solving the initial question so I also think points should be awarded.

Commented:
@modus_operandi:
My solution [37071007] works for me. The poster did not follow-up on it and most likely was used in the poster's final solution in [37310368].

However, all contributed if different way as it was a collaborative effort. May I suggest point split to all according to quantity of posts?
Steve KnightIT Consultancy
CERTIFIED EXPERT

Commented:
Fair enough.

http:#37070044 mkline71 is the "proper" way using WSUS IMO.
but as the OP had problems with that method then this suggestion

http:#37070166 mscsween us next best
I suggested debugging of that in http:#37070996

http:#37071504 ReneGe command options work for the same patch for him...

So would suggest split as said with http:#37070166 as Accepted.

Commented:
@modus_operandi:
May also suggest points to Steve for his troubleshooting contribution in [37070996]?

@dragon-it:
O.T Question. Could you please tell me if yoe hve an easy trick to generate reference links like the one you did on you previous comment, or you do them manually?

Cheers
Steve KnightIT Consultancy
CERTIFIED EXPERT

Commented:
RenGe - copy the ID number, type http:# before it :-)   Takes you to that post on the current page if you don't specify a URL.


Steve

Commented:
Let me try it!
http:#37314272

Commented:
Awsome!!!!
Thanks pal :)
Bradley FoxLAN/WAN Systems Administrator
CERTIFIED EXPERT

Commented:
I agree, since everyone contributed just split the points equally among all contributors.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.