Page 1 of 1 1
Topic Options
#77223 - 2003-10-24 10:05 AM Automated patch update system in KiX
Mit Offline
Fresh Scripter

Registered: 2002-06-05
Posts: 36
Loc: Derby, UK
Howdy pardners.

We have rolled out Windows 2000 onto all our desktop PCs over the summer but still have NT4 on the server end. As such, when it comes to rolling out security updates and so forth I've been unable to use SMS and other Microsoft systems to apply the updates. Instead, I've created my own automatic update system.

Basically there's a share on one of our servers called PATCHES which contains a folder ("AVAILABLE") in which the patch EXE files are stored. There's also a file called INDEX.TXT which contains an index of the patches that are available for the system to install.

The index file uses three lines per patch. The first line is an English description of the patch. The second line is the name of the EXE file and the third line is the name of the EXE file again but with the commandline switches that need to be used in order to apply the patch in unattended or hands-free mode.

It seems to work wonderfully - I'm very happy with it. However, there is one problem that I just can't seem to get sorted.....

Staff here run as Power Users on their PCs. The patches need to be installed using an account with Administrator rights. The RUNAS command in Win2K doesn't allow you to pass it a password for some god-known reason. Therefore I managed to track down a VBS script called VBRUNAS.VBS which allows you to get round this limitation.

VBRUNAS seems to work by calling the RUNAS command in the standard way and then sending the password to the commandline afterwards.

The problem is that every now and then, VBRUNAS doesn't manage to pass the password through properly, and RUNAS prompts for a password. Obviously this isn't good as I don't want people having to type in a password in order for their PC to be updated!

I am pretty sure that the problem does not lie with VBRUNAS as I have 100% success with using it "standalone" rather than being called from KIX.

My KIX script, InstallPatches.Kix is copied below.

code:
; install windows 2000 patches
break on
? "Windows 2000 automated patch installer"
? "by T.Wiser"
? ""

; open the text file that contains the list of patches that are available for installing
if Open(1, "\\nts40bdc\Patches\Index.txt") = 0
; file opened ok
else
$response = MESSAGEBOX("Your PC could not be updated at this time.", "Software update", 32)
endif

While @ERROR = 0
; we're not at the end of the file yet, so read a new patch from the file
$description = ReadLine(1)
$filename = ReadLine(1)
$actual_filename = ReadLine(1)

if $description<>""
if exist("c:\winnt\RolledOutPatches\"+$filename)
? " * Patch $filename is already installed"
else
? " * New patch available! Installing "+$filename+CHR(13)+CHR(13)+CHR(13)
copy "\\nts40bdc\patches\available\"+$filename "%WINDIR%\RolledOutPatches\"+$filename
; this bit of code writes the complete command into a batch file stored inside %TEMP% and then executes it
$finalCommand = "cscript c:\winnt\VBRUNAS.VBS DOMAIN\account password "+CHR(34)+"C:\WINNT\ROLLEDOUTPATCHES\"+$actual_filename+CHR(34)
if exist("%TEMP%\ApplyPatch.bat") del "%TEMP%\ApplyPatch.bat" endif
OPEN(5, "%TEMP%\ApplyPatch.bat", 5)
WRITELINE(5, $finalCommand)
CLOSE(5)
shell("%TEMP%\ApplyPatch.bat")
; and now terminate the script
GOSUB Terminate
Exit 1
endif
endif
Loop


:Terminate

; close the file as we're finished with it now
If Close(1) = 0
; file closed successfully
else
? "Could not close file"
endif

Can anyone (a) work out what I'm trying to say, and (b) see anything that could cause a problem?

[ 24. October 2003, 10:05: Message edited by: Mit ]

Top
#77224 - 2003-10-24 10:20 AM Re: Automated patch update system in KiX
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
You've got quite a few errors in the script, but none that would directly affect the execution of the VB script.

Try including "%COMSPEC% /C" in the execution string, to ensure that the batch file is executed correctly under the command interpreter.

Top
#77225 - 2003-10-24 10:33 AM Re: Automated patch update system in KiX
Mit Offline
Fresh Scripter

Registered: 2002-06-05
Posts: 36
Loc: Derby, UK
Mmmm.... I've just put that in and tests are going OK so far. Fingers crossed! Thanks.

Can you elaborate on the errors please?

[ 24. October 2003, 11:06: Message edited by: Mit ]

Top
#77226 - 2003-10-24 11:17 AM Re: Automated patch update system in KiX
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
There are many logic and structural errors which mean that the code will not execute as you expect it to.

You mix "C:\WINNT.." and %WINDIR%, you use "Gosub" in a very odd manner, your main file reading loop is badly constructed, you are not checking for errors in all places that you should be, you are closing a file on which the open may have failed.

I've cleaned it up a bit but there are still some major areas you need to address to make this production quality which I'll mention after the listing.

Note, I cannot test this here, so I'll apologise in advance for any typos:

; install windows 2000 patches
Break ON
? "Windows 2000 automated patch installer"
? "by T.Wiser"
? ""
$sDQ='"'
$sSQ="'"
$sServer="\\nts40bdc"
$sPatchList=$sServer+"\Patches\Index.txt"
$sPatchSrcDir=$sServer+"\Patches\available\"
$sPatchDstDir=%WINDIR%+"\RolledOutPatches\"
$sRunAs=%COMSPEC%+" /C cscript c:\winnt\VBRUNAS.VBS"
$sAccount="DOMAIN\account"
$sPassword="password"

; open the text file that contains the list of patches that are available for installing
$fhPatchFile=FreeFileHandle()
If Open($fhPatchFile,$sPatchList)
$gNull=MessageBox("Your PC could not be updated at this time.", "Software update", 32)
Exit 1
EndIf

; Consider changing this to a single delimited line and using Split()
$sDescription = ReadLine($fhPatchFile)
$sFilename = ReadLine($fhPatchFile)
$sActualFilename = ReadLine($fhPatchFile)
While @ERROR = 0
If $sDescription
If Exist($sPatchDstDir+$sFilename)
? " * Patch "+$sFilename+" is already installed"
Else
? " * New patch available! Installing "+$sFilename+@CRLF+@CRLF+@CRLF
Copy $sPatchSrcDir+$sFilename $sPatchDstDir+$sFilename
Shell $sRunAs+" "+$sAccount+" "+$sPassword+" "+$sDQ+$sPatchDstDir+$sActualFilename+$sDQ
EndIf
EndIf
$sDescription = ReadLine($fhPatchFile)
$sFilename = ReadLine($fhPatchFile)
$sActualFilename = ReadLine($fhPatchFile)
Loop

; close the file as we're finished with it now
If Close($fhPatchFile)
? "Could not close file"
endif

Exit 0



Right, what is left to do.
  • Set "Explicit" on, and dim all your variables
  • I'd change the input file format. Use a single line for the patch, using a delimiter to split the parts. Use Split() to break them out.
  • I couldn't understand the logic of the two different file names. You use "actual filename" only in the execution, not the copy or check. This is illogical and will cause you problems when "filename" and "actual filename" differ.
    I've left the names as they were, but you should review this and correct it.
  • You don't check that the copy completed successfully
  • You don't check that the patch worked or completed.
  • The patch could be copied to local, and aborted by the user. Now that the file is present, the process will not attempt to run the patch again. Consider using a local status file (INI format) to record the state of the patch, and only mark the patch install as completed when it has completed successfully. Also consider checking the registry for patch levels
There are other, quite mature systems already available on the board for rolling out patches. Consider using these (KSMS spring to mind) as they are pretty robust, and include techniques which avoid the possibility of exposing passwords.

Top
#77227 - 2003-10-24 11:33 AM Re: Automated patch update system in KiX
Mit Offline
Fresh Scripter

Registered: 2002-06-05
Posts: 36
Loc: Derby, UK
the two different filenames is a hang-over from when i was trying to sort the problem out last time. i know there's no error checking - i wanted to get the script up and running in a simple form before adding the checking.

Thanks for the tips though, and I'll take a look at KSMS [Smile]

Top
#77228 - 2003-10-25 02:31 PM Re: Automated patch update system in KiX
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11163
Loc: Boston, MA, USA
And use a .INI file format for the index file.
_________________________
There are two types of vessels, submarines and targets.

Top
Page 1 of 1 1


Moderator:  Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 275 anonymous users online.
Newest Members
Praveer, Ollero, rayyo, Foxlicht, DonChild
17742 Registered Users

Generated in 0.031 seconds in which 0.011 seconds were spent on a total of 12 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org