Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

deploy security patch in a login script

7 views
Skip to first unread message

Eliot

unread,
Oct 22, 2004, 3:15:02 AM10/22/04
to
Hello,
I want to deploy the MS03-039 patch by login script. I need the patch to be
installed with no interaction from the users. Is there a way of doing this
without the users having to click through the buttons on the installation
window of that patch?. Is there a way to write the script to check to see if
the patch has been installed and if so bypass the user the next time the user
logs in and any subsequent logins after that? I would need the script to
install the patch on windows 2000 and XP pro machines (2 scripts would be
needed for each OS and i would need the script to be able to differentiate
between the 2 OS's. The XP machines have not been updated with SP2 as of yet
only because we are still in the testing phase. The 2000 machines are
somewhat current with all service packs but are missing some critical updates
due to the fact of lousy or none existant updating proceedures before we took
over the network. After the patch is installed i would like the script to
check the Run and Run Services folder in the registry for the ei10.exe file,
it is the worm_agobot.aaa virus and it is running rampant on our network. we
have a handle on it but deleting those registry entries on the machines that
still have it takes longer than we have time for.

Thank you in advance.

Torgeir Bakken (MVP)

unread,
Oct 24, 2004, 2:14:22 PM10/24/04
to
Eliot wrote:

> Hello,
> I want to deploy the MS03-039 patch by login script. I need the patch to be
> installed with no interaction from the users. Is there a way of doing this
> without the users having to click through the buttons on the installation
> window of that patch?. Is there a way to write the script to check to see if
> the patch has been installed and if so bypass the user the next time the user
> logs in and any subsequent logins after that? I would need the script to
> install the patch on windows 2000 and XP pro machines (2 scripts would be
> needed for each OS and i would need the script to be able to differentiate
> between the 2 OS's. The XP machines have not been updated with SP2 as of yet
> only because we are still in the testing phase.

Hi

I strongly suggest you install MS04-012/KB828741 as it supersedes and
replaces MS03-039/KB824146.

Command line switches for the updates from Microsoft is documented
in each update's Security Bulletin (under General Information
/Security Update Information).

Here is a script that installs MS04-012/KB828741 on Win2k and WinXP
if it is not already installed:


'--------------------8<----------------------
'KB828741 - MS04-012

' Check if patch is installed already
If RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" _
& "\HotFix\kb828741\Installed") <> "1" Then

' path to where patch files are stored
sPatchPath = "\\server\share\SecUpdates\KB828741"

SetLocale "en-us" ' To avoid "Type mismatch" for some locale settings

If GetOsVersionNumber = 5 Then
If GetSPNumberSys < 5 Then
' OS is Win2k (SP4 or less)
' Unattended installation with no options to uninstall, suppress reboot
oShell.Run sPatchPath _
& "\Windows2000-KB828741-x86-ENU.EXE /u /q /z /n", 1, True
End If
Elseif GetOsVersionNumber = 5.1 Then
If GetSPNumberSys < 2 Then
' OS is WinXP (SP1 or less)
' Unattended installation with no options to uninstall, suppress reboot
oShell.Run sPatchPath _
& "\WindowsXP-KB828741-x86-ENU.EXE /u /q /z /n", 1, True
End If
End If
End If


Function RegRead(ByVal sRegValue)
Set oShell = CreateObject("WScript.Shell")
On Error Resume Next
RegRead = oShell.RegRead(sRegValue)
' If the value does not exist, error is raised
If Err Then
RegRead = ""
Err.clear
End If
' If a value is present but uninitialized the RegRead method
' returns the input value in Win2k.
If VarType(RegRead) < vbArray Then
If RegRead = sRegValue Then
RegRead = ""
End If
End If
On Error Goto 0
End Function


Function GetOsVersionNumber
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Determines OS by reading reg val & comparing to known values
' OS version number returned as number of type double:
' Windows 95: 1
' Windows 98: 2
' Windows ME: 3
' Windows NT4: 4
' Windows 2k: 5
' Windows XP: 5.1
' Windows 2k3: 5.2
' Windows >2k3: >5.2
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim oShell, sOStype, sOSversion
Set oShell = CreateObject("WScript.Shell")
On Error Resume Next
sOStype = oShell.RegRead(_
"HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductType")
If Err.Number<>0 Then
' Hex(Err.Number)="80070002"
' - Could not find this key, OS must be Win9x
Err.Clear

sOStype = oShell.RegRead(_
"HKLM\SOFTWARE\Microsoft\Windows" & _
"\CurrentVersion\VersionNumber")

Select Case sOStype
Case "4.00.950"
sOSversion = 1 ' Windows 95A
Case "4.00.1111"
Dim sSubVersion
sSubVersion = oShell.RegRead(_
"HKLM\SOFTWARE\Microsoft\Windows" & _
"\CurrentVersion\SubVersionNumber")
Select Case sSubVersion
Case " B"
sOSversion = 1 ' Windows 95B
Case " C"
sOSversion = 1 ' Windows 95C
Case Else
sOSversion = 1 ' Unknown Windows 95
End Select
Case "4.03.1214"
sOSversion = 1 ' Windows 95B
Case "4.10.1998"
sOSversion = 2 ' Windows 98
Case "4.10.2222"
sOSversion = 2 ' Windows 98SE
Case "4.90.3000"
sOSversion = 3 ' Windows Me
Case Else
sOSversion = 1 ' Unknown W9x/Me
End Select
Else ' OS is NT based
sOSversion = oShell.RegRead(_
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion")
If Err.Number<>0 Then
GetOsVersion = "Unknown NTx"
' Could not determine NT version
Exit Function ' >>>
End If
End If

' Setting Locale to "en-us" to be indifferent to country settings.
' CDbl might err else
SetLocale "en-us"
GetOsVersionNumber = CDbl(sOSversion)
End Function

Function GetSPNumber
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Determines Service Pack number by reading reg val CSDVersion in
' HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion
'
' CSDVersion in System\CCS is updated AFTER a reboot when
' installing a SP
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim oShell, sOStype, sOSversion, iSPNumber, aSPNumber

Set oShell = CreateObject("WScript.Shell")
On Error Resume Next
sOStype = oShell.RegRead(_
"HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductType")
If Err.Number<>0 Then
' Hex(Err.Number)="80070002"
' - Could not find this key, OS must be Win9x
Err.Clear
GetSPNumber = "W9x"
Exit Function ' >>>
End If

iSPNumber = oShell.RegRead(_
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion")
If Err.Number<>0 Then
GetSPNumber = 0
' Could not determine Service Pack
Exit Function ' >>>
End If

' CSDVersion is e.g. "Service Pack 2"
aSPNumber = Split(iSPNumber)
GetSPNumber = Cint(aSPNumber(2))
End Function


'--------------------8<----------------------
--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx

0 new messages