Howdy pardners.

We have rolled out Windows 2000 onto all our desktop PCs over the summer but still have NT4 on the server end. As such, when it comes to rolling out security updates and so forth I've been unable to use SMS and other Microsoft systems to apply the updates. Instead, I've created my own automatic update system.

Basically there's a share on one of our servers called PATCHES which contains a folder ("AVAILABLE") in which the patch EXE files are stored. There's also a file called INDEX.TXT which contains an index of the patches that are available for the system to install.

The index file uses three lines per patch. The first line is an English description of the patch. The second line is the name of the EXE file and the third line is the name of the EXE file again but with the commandline switches that need to be used in order to apply the patch in unattended or hands-free mode.

It seems to work wonderfully - I'm very happy with it. However, there is one problem that I just can't seem to get sorted.....

Staff here run as Power Users on their PCs. The patches need to be installed using an account with Administrator rights. The RUNAS command in Win2K doesn't allow you to pass it a password for some god-known reason. Therefore I managed to track down a VBS script called VBRUNAS.VBS which allows you to get round this limitation.

VBRUNAS seems to work by calling the RUNAS command in the standard way and then sending the password to the commandline afterwards.

The problem is that every now and then, VBRUNAS doesn't manage to pass the password through properly, and RUNAS prompts for a password. Obviously this isn't good as I don't want people having to type in a password in order for their PC to be updated!

I am pretty sure that the problem does not lie with VBRUNAS as I have 100% success with using it "standalone" rather than being called from KIX.

My KIX script, InstallPatches.Kix is copied below.

code:
; install windows 2000 patches
break on
? "Windows 2000 automated patch installer"
? "by T.Wiser"
? ""

; open the text file that contains the list of patches that are available for installing
if Open(1, "\\nts40bdc\Patches\Index.txt") = 0
; file opened ok
else
$response = MESSAGEBOX("Your PC could not be updated at this time.", "Software update", 32)
endif

While @ERROR = 0
; we're not at the end of the file yet, so read a new patch from the file
$description = ReadLine(1)
$filename = ReadLine(1)
$actual_filename = ReadLine(1)

if $description<>""
if exist("c:\winnt\RolledOutPatches\"+$filename)
? " * Patch $filename is already installed"
else
? " * New patch available! Installing "+$filename+CHR(13)+CHR(13)+CHR(13)
copy "\\nts40bdc\patches\available\"+$filename "%WINDIR%\RolledOutPatches\"+$filename
; this bit of code writes the complete command into a batch file stored inside %TEMP% and then executes it
$finalCommand = "cscript c:\winnt\VBRUNAS.VBS DOMAIN\account password "+CHR(34)+"C:\WINNT\ROLLEDOUTPATCHES\"+$actual_filename+CHR(34)
if exist("%TEMP%\ApplyPatch.bat") del "%TEMP%\ApplyPatch.bat" endif
OPEN(5, "%TEMP%\ApplyPatch.bat", 5)
WRITELINE(5, $finalCommand)
CLOSE(5)
shell("%TEMP%\ApplyPatch.bat")
; and now terminate the script
GOSUB Terminate
Exit 1
endif
endif
Loop


:Terminate

; close the file as we're finished with it now
If Close(1) = 0
; file closed successfully
else
? "Could not close file"
endif

Can anyone (a) work out what I'm trying to say, and (b) see anything that could cause a problem?

[ 24. October 2003, 10:05: Message edited by: Mit ]