| scolombo |
| (Fresh Scripter) |
| 2004-05-05 10:15 AM |
Check for installed patch
|
Hi I searched in the forum but didn't find a solution yet .
I'd like to check for installed patch on Win2000/XP systems.
I found an old script which use the hfnetcheck tool but I wonder if there's something using WMI or similar .
| Co |
| (MM club member) |
| 2004-05-05 12:31 PM |
|
Re: Check for installed patch
|
You can check the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix
For example:
Code:
$KBPath='\\server1\patches\KB835732_XP.exe'
If KeyExist('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB835732')=0
If Exist ('%tmp%\KB835732_XP.exe')<>1
Shell '%comspec% /c xcopy $KBPath %tmp% /c /h /r'
EndIf
Shell '%comspec% /c %tmp%\KB835732_XP.exe'
Endif
| Radimus |
| (KiX Supporter) |
| 2004-05-05 02:49 PM |
|
|
Re: Check for installed patch
|
I use this... basically if dirs all the files in the folder $setup+'\Win2k_Hotfixes' and then compares portions of the filename to subkeys of 'HKLM\SOFTWARE\Microsoft\Updates\Windows 2000\SP5'
Any file without a matching subkey will get executed. After all the files are compared, if any patches have been installed the PC will restart.
A recent modification to this will prevent any patches of over 500KB from being installed on RAS clients
Code:
;************************************ W2K HotFix Updates *****************************************
$arrkey = arrEnumKey('HKLM\SOFTWARE\Microsoft\Updates\Windows 2000\SP5')
$arrdir = FileList($setup+'\Win2k_Hotfixes','.exe',1)
$MaxSize= 500000
if not @error
$reboot = 0
for each $dir in $arrdir
$installed = 0
$parsed = split($dir,'-')[1]
for each $key in $arrkey
if $key = $parsed $installed = 1 endif
next
if not $installed
if (@ras and GETFILESIZE($dir) < $MaxSize) or not @ras
$=sendmessage(@wksta,"A CRTICAL upgrade is now starting. Your computer will restart on it's own in about 2-3 minutes.")
? color c+/n ' Installing Security Update '+$parsed
shell '%comspec% /c ' + $dir + ' -q -z -u -n -o'
$reboot = 1
endif
endif
next
if $reboot
ShutDown ('', 'Updates have been applied that require to computer to restart', 5, 1, 1)
quit
endif
endif
which uses 2 UDFs from the UDF forum... FileList() and arrEnumKey()
NTDOC
|
| (KiX Master) |
| 2004-05-05 07:04 PM |
|
|
Re: Check for installed patch
|
Rad,
possible to trim long line?
Also, how does your script handle clients that fail the install? If this is fully automated and a client install fails, it will keep installing and rebooting in a loop.
|
Lonkero
|
| (KiX Master Guru) |
| 2004-05-05 07:20 PM |
|
Re: Check for installed patch
|
well...
that's better than windows update, when it's installs fail, it marks them as installed.
| Radimus |
| (KiX Supporter) |
| 2004-05-05 07:26 PM |
|
|
|
Re: Check for installed patch
|
It manages every patch applied to 1500 win2k desktops since SP4...
and quite frankly, with the nature of the security patches (and security lapses) I wouldn't want an unpatched machine on the network... the reebooting loop that you mentioned (but I haven't seen) would ensure that the potential victim couldn't get on the network for very long to get infected.
|
NTDOC
|
| (KiX Master) |
| 2004-05-05 10:34 PM |
|
|
|
Re: Check for installed patch
|
LOL
Good point there I suppose Rad
| Jose |
| (Seasoned Scripter) |
| 2004-08-03 01:50 AM |
|
|
Re: Check for installed patch
|
Rad...I carnt find arrEnumKey(). Do you have a copy?
| Jose |
| (Seasoned Scripter) |
| 2004-08-03 02:09 AM |
|
|
|
Re: Check for installed patch
|
arrayenumkey()
Maybe the code you used has an older version.
Thanks indeed.