Hosting Provided By

RE: Windows 2000 Patch Order

From: Carles Fragoso i Mariscal <cfragoso(at)cesca.es>
Date: Thu Jun 12 2003 - 13:50:21 EDT

Bryan and anyone who wishes to answer, :)

Is there any way to run that batch file on a remote host? I mean interactively, without enabling the telnet server.

I think someone mentioned a time ago about setting up that through copying the files (or in a shared network folder) and then forcing a scheduled task (starting 'now').

I know some software does that kind of remote patching like Shavlik Pro and LanGuard but I do rather prefer scripting way. ;)

Anyone knows any Open-Source project that faces centralized Windows Patching? I haven't found anything at SourceForge.

Thanks in advance,

Carlos

-----Mensaje original-----

De: Mikus, Bryan [mailto:BMikus@reliant.com] Enviado el: jueves, 12 de junio de 2003 18:12 Para: Kallio, Steve J.; focus-ms@securityfocus.com Asunto: RE: Windows 2000 Patch Order

Steve,

Do you need help?

If Windows Update isn't something you want to use, simply run Qchain at the end. It will pick out the most recent stuff and make sure your patches don't step on one another. Here's an example batch file that I used for just this sort of thing:

Q276471.EXE -z -m
Q285156.EXE -z -m
q296185_W2K.exe -z -m

Q299687.EXE -z -m
Q302755.exe -z -m
Q311967.exe -z -m

Q313450SP3.exe -z -m
Q313829.exe -z -m
Q314147_W2K.exe -z -m
Q318138_W2K.exe -z -m
Q318593.exe -z -m
Q321599_W2K.exe -z -m
q323172_W2K_SP4.exe -z -m
Q323255.exe -z -m
Q324096_W2K_SP4.exe -z -m
Q324380.exe -z -m
Q326830_W2K_SP4.exe -z -m
Q326886.exe -z -m

Q327696_W2K.exe -z -m
Q328310_W2K_SP4_X86_EN.exe -z -m
Q329115_W2K.exe -z -m
Q329170_W2K_SP4_X86_EN.exe -z -m
Q331953_W2K.exe -z -m
Q810649_W2K_SP4_X86_EN.exe -z -m
Q810833_W2K_SP4_X86_EN.exe -z -m
Q815021_W2K_sp4_x86_EN.EXE -z -m

qchain.exe installlog.txt
shutdown /L /R /T:5 "This server is being rebooted." /C

Hope this helps!

Bryan

-----Original Message-----

From: Kallio, Steve J. [mailto:Steve.Kallio@rfets.gov] Sent: Thursday, June 12, 2003 9:37 AM
To: focus-ms@securityfocus.com

This may be an old topic, but I'm new to the list:

Does anyone know of a reference that provides the proper order to install Post SP3 patches onto a Windows 2000 server?

If you just install the patches in order of their release date you will end up with files from the more recent patch overwriting files from the older patch that have a newer file date. Example:

Do you need more help?

MS02-071 installs basesrv.dll with a file date of 11/1/2002 and a version of 5.0.2195.5265.
MS03-013 installs basesrv.dll with a file date of 8/15/2002 and version of 5.0.2195.5265.

Same versions, different file dates, different checksums. Obviously microsoft has poor version control and doesn't check the file dates on install. But maybe newer doesn't mean better either.

I'm sure someone in the user community has gone through this before, its too bad MS leaves it up to us.
Thanks in advance for your responses.

Received on Thu Jun 12 16:03:05 2003

This message: [ Message body ]
Next message: Ryan Permeh: "RE: Question regarding su.exe"
Previous message: Jake Frost: "Fwd: FW: Windows 2000 Patch Order"
In reply to: Mikus, Bryan: "RE: Windows 2000 Patch Order"
Next in thread: Eric: "RE: Windows 2000 Patch Order"
Reply: Eric: "RE: Windows 2000 Patch Order"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:30 EDT