Remote Patch Installation

Hi People !

Ok ... Its me once again ... and this time I'm working in a different company ... I have relocated to UAE from India ... yet my role has not changed much ...

what it is ...
I need to run bug fixes/MS patches on some 25-30 machines out here ... i know about the GFI LAN guard tool ... but my manager will not but it and wants me to do this myself for the time being ... he is planning for IBM's Tivoli later this month or next ...

Is there a command or any simple utility which can be used to remotely Run pacthes on a PC ... the network here is in a Domain of all XP machines ... i hafta do this for 2 separate VLANs ...

any input will be greatly appreciated !

Syed

Not sure if this is what you mean but if you are talking about Microsoft critical updates etc then Microsoft have a free tool that may help

The tool is SUS server (Software update server) It allows you to have a central server that checks for the updates with microsoft and then clients can check in with your server to see if they need to install a patch.

have a look here
www.microsoft.com/windowsserversystem/sus/default.mspx

Hope this helps

Hi Thorpe ...

We have SUS also running ... but still that requires the client machines to do the check ... and since the users here do not have administrative rights ... they cant do it themselves ...

I'm required to go desk to desk to finish this job ...

I'm still optimistic that there must be a way I can use to run these microsoft updates on machines remotely ... since I have the domain admin right .... do u think there cud be a way ???

what can i do to Run an app on a remote machine after windows start ... only once ! ... not the startup folder ...

Help !

well you could configure a scheduled task.. but for each patch and for each machine that'll be a real pain. Are you sure your boss wont let oyu get GFI Lanscan ? Its a great product, and very well worth the cash.

You might want to look at securityfocus.com, they had a couple of articles on patch management

Not sure what you mean by the client has to check but

I have SUS running on a windows 2003 domain I schedule the sus server to check in with Microsoft for the patches.

every so often the client checks in with the server automatically to the sus server and downloads the patches automatically. at some sceduled time that i setup the clients will install the patches.

I have not administrative using logged on and the patches still install with no issues. The user do not have to do anything apart from if they are logged on save any work there is a five minute warning before rebooting

I have group policy enforce what sus server the client checks in with and at what time the installs occur. I can even stop the automatic rebooting if a user is logged on


a site that explains the Group policies is www.susserver.com/

hey ppl !

Sahir ... do u know about IBM's tivoli ?
my manager wants to go in for that ... and I've heard that it wud be cost effective only for 500+ hosts ....

i've been reading a lot about languard and even nessus ... they look pretty good to me ... but how do i convince him that this will be better ? ...

we are looking at patch management, vulnerability scan and software/hardware inventory solution ....

what shud i tell him that he'd be convinced ?

Cheers,

Nadeem