Page 1 of 1 1
Topic Options
#119040 - 2004-05-05 10:15 AM Check for installed patch
scolombo Offline
Fresh Scripter

Registered: 2003-02-17
Posts: 31
Loc: Europe
Hi I searched in the forum but didn't find a solution yet .
I'd like to check for installed patch on Win2000/XP systems.

I found an old script which use the hfnetcheck tool but I wonder if there's something using WMI or similar .

Top
#119041 - 2004-05-05 12:31 PM Re: Check for installed patch
Co Offline
MM club member
***

Registered: 2000-11-20
Posts: 1341
Loc: NL
You can check the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix

For example:

Code:

$KBPath='\\server1\patches\KB835732_XP.exe'

If KeyExist('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB835732')=0

If Exist ('%tmp%\KB835732_XP.exe')<>1
Shell '%comspec% /c xcopy $KBPath %tmp% /c /h /r'
EndIf
Shell '%comspec% /c %tmp%\KB835732_XP.exe'
Endif

_________________________
Co


Top
#119042 - 2004-05-05 02:49 PM Re: Check for installed patch
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
I use this... basically if dirs all the files in the folder $setup+'\Win2k_Hotfixes' and then compares portions of the filename to subkeys of 'HKLM\SOFTWARE\Microsoft\Updates\Windows 2000\SP5'

Any file without a matching subkey will get executed. After all the files are compared, if any patches have been installed the PC will restart.

A recent modification to this will prevent any patches of over 500KB from being installed on RAS clients

Code:
 		;************************************ W2K HotFix Updates *****************************************

$arrkey = arrEnumKey('HKLM\SOFTWARE\Microsoft\Updates\Windows 2000\SP5')
$arrdir = FileList($setup+'\Win2k_Hotfixes','.exe',1)
$MaxSize= 500000
if not @error
$reboot = 0
for each $dir in $arrdir
$installed = 0
$parsed = split($dir,'-')[1]
for each $key in $arrkey
if $key = $parsed $installed = 1 endif
next
if not $installed
if (@ras and GETFILESIZE($dir) < $MaxSize) or not @ras
$=sendmessage(@wksta,"A CRTICAL upgrade is now starting. Your computer will restart on it's own in about 2-3 minutes.")
? color c+/n ' Installing Security Update '+$parsed
shell '%comspec% /c ' + $dir + ' -q -z -u -n -o'
$reboot = 1
endif
endif
next
if $reboot
ShutDown ('', 'Updates have been applied that require to computer to restart', 5, 1, 1)
quit
endif
endif



which uses 2 UDFs from the UDF forum... FileList() and arrEnumKey()
_________________________
How to ask questions the smart way <-----------> Before you ask

Top
#119043 - 2004-05-05 07:04 PM Re: Check for installed patch
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Rad,

possible to trim long line?

Also, how does your script handle clients that fail the install? If this is fully automated and a client install fails, it will keep installing and rebooting in a loop.

Top
#119044 - 2004-05-05 07:20 PM Re: Check for installed patch
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
well...
that's better than windows update, when it's installs fail, it marks them as installed.
_________________________
!

download KiXnet

Top
#119045 - 2004-05-05 07:26 PM Re: Check for installed patch
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
It manages every patch applied to 1500 win2k desktops since SP4...

and quite frankly, with the nature of the security patches (and security lapses) I wouldn't want an unpatched machine on the network... the reebooting loop that you mentioned (but I haven't seen) would ensure that the potential victim couldn't get on the network for very long to get infected.
_________________________
How to ask questions the smart way <-----------> Before you ask

Top
#119046 - 2004-05-05 10:34 PM Re: Check for installed patch
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
LOL

Good point there I suppose Rad

Top
#119047 - 2004-08-03 01:50 AM Re: Check for installed patch
Jose Offline
Seasoned Scripter
*****

Registered: 2001-04-04
Posts: 693
Loc: Buenos Aires - Argentina
Rad...I carnt find arrEnumKey(). Do you have a copy?

_________________________
Life is fine.

Top
#119048 - 2004-08-03 02:09 AM Re: Check for installed patch
Jose Offline
Seasoned Scripter
*****

Registered: 2001-04-04
Posts: 693
Loc: Buenos Aires - Argentina
arrayenumkey()
Maybe the code you used has an older version.

Thanks indeed.
_________________________
Life is fine.

Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 466 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.089 seconds in which 0.051 seconds were spent on a total of 12 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org