RE: Windows 2000 Patch Order

• Previous message: John Gormly: "RE: FW: Windows 2000 Patch Order"
• In reply to: Carles Fragoso i Mariscal: "RE: Windows 2000 Patch Order"
• Next in thread: Alex Byron: "RE: Windows 2000 Patch Order"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 12 Jun 2003 16:22:25 -0500
To: "Carles Fragoso i Mariscal" <cfragoso@cesca.es>, <focus-ms@securityfocus.com>

You can run HFNetChkPro - the LT registered version - it's free (after
registration) and will scan all machines and will deploy to 50
machines. You can deploy with the 'Copy Only' feature - it will download
the patch from Microsoft, check to ensure it's signed by MS, then it copies
the patch to a secure directory on the remote machine, along with a batch
file containing the installation switches. You can use it to deploy
multiple patches at once - it orders them properly, and runs qchain at the
end. You can either have it schedule to run the batch file for you, or you
can launch the batch file yourself (or edit and launch the bat file). (For
security purposes, it checks the file signature again just before deployment).

At 07:50 PM 6/12/2003 +0200, Carles Fragoso i Mariscal wrote:
>Bryan and anyone who wishes to answer, :)
>
>Is there any way to run that batch file on a remote host?
>I mean interactively, without enabling the telnet server.
>
>I think someone mentioned a time ago about setting up that
>through copying the files (or in a shared network folder)
>and then forcing a scheduled task (starting 'now').
>
>I know some software does that kind of remote patching like
>Shavlik Pro and LanGuard but I do rather prefer scripting
>way. ;)
>
>Anyone knows any Open-Source project that faces centralized
>Windows Patching? I haven't found anything at SourceForge.
>
>Thanks in advance,
>
>-- Carlos
>
>-----Mensaje original-----
>De: Mikus, Bryan [mailto:BMikus@reliant.com]
>Enviado el: jueves, 12 de junio de 2003 18:12
>Para: Kallio, Steve J.; focus-ms@securityfocus.com
>Asunto: RE: Windows 2000 Patch Order
>
>
>Steve,
>
>If Windows Update isn't something you want to use, simply run Qchain at
>the end. It will pick out the most recent stuff and make sure your
>patches don't step on one another. Here's an example batch file that I
>used for just this sort of thing:
>
>Q276471.EXE -z -m
>Q285156.EXE -z -m
>q296185_W2K.exe -z -m
>Q299687.EXE -z -m
>Q302755.exe -z -m
>Q311967.exe -z -m
>Q313450SP3.exe -z -m
>Q313829.exe -z -m
>Q314147_W2K.exe -z -m
>Q318138_W2K.exe -z -m
>Q318593.exe -z -m
>Q321599_W2K.exe -z -m
>q323172_W2K_SP4.exe -z -m
>Q323255.exe -z -m
>Q324096_W2K_SP4.exe -z -m
>Q324380.exe -z -m
>Q326830_W2K_SP4.exe -z -m
>Q326886.exe -z -m
>Q327696_W2K.exe -z -m
>Q328310_W2K_SP4_X86_EN.exe -z -m
>Q329115_W2K.exe -z -m
>Q329170_W2K_SP4_X86_EN.exe -z -m
>Q331953_W2K.exe -z -m
>Q810649_W2K_SP4_X86_EN.exe -z -m
>Q810833_W2K_SP4_X86_EN.exe -z -m
>Q815021_W2K_sp4_x86_EN.EXE -z -m
>qchain.exe installlog.txt
>shutdown /L /R /T:5 "This server is being rebooted." /C
>
>Hope this helps!
>
>Bryan
>
>-----Original Message-----
>From: Kallio, Steve J. [mailto:Steve.Kallio@rfets.gov]
>Sent: Thursday, June 12, 2003 9:37 AM
>To: focus-ms@securityfocus.com
>
>This may be an old topic, but I'm new to the list:
>
>Does anyone know of a reference that provides the proper order to
>install Post SP3 patches onto a Windows 2000 server?
>
>If you just install the patches in order of their release date you will
>end up with files from the more recent patch overwriting files from the
>older patch that have a newer file date. Example:
>
>MS02-071 installs basesrv.dll with a file date of 11/1/2002 and a
>version of 5.0.2195.5265.
>MS03-013 installs basesrv.dll with a file date of 8/15/2002 and version
>of 5.0.2195.5265.
>
>Same versions, different file dates, different checksums.
>Obviously microsoft has poor version control and doesn't check the file
>dates on install. But maybe newer doesn't mean better either.
>
>I'm sure someone in the user community has gone through this before, its
>too bad MS leaves it up to us.
>Thanks in advance for your responses.
>
>
>
>
>------------------------------------------------------------------------
>-----
>------------------------------------------------------------------------
>------
>
>
>
>
>----------------------------------------------------------------------------
>-
>----------------------------------------------------------------------------
>--
>
>
>
>-----------------------------------------------------------------------------
>------------------------------------------------------------------------------

-----------------------------------------------------------------------------
------------------------------------------------------------------------------

• Previous message: John Gormly: "RE: FW: Windows 2000 Patch Order"
• In reply to: Carles Fragoso i Mariscal: "RE: Windows 2000 Patch Order"
• Next in thread: Alex Byron: "RE: Windows 2000 Patch Order"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]