by November 10, 2003 0 comments

Windows patches are required to be installed whether you run a large, MNC organization or a SOHO setup with only a few computers. In fact, it’s usually the latter that have bandwidth issues, since most SOHOs have dialup or cable Internet connectivity. Imagine if all users needed to download the patches individually and install them over these lines!

The solution for this is centralized patch management. If you have a server where all users login using ADS, skip this article and read the one of using MS SUS to deploy the patches. However, if you are on a small network without any central Windows 2000/2003 servers, then read on to find out how you can deploy patches even then.

The trick is to designate one peer machine as a simulated “server”. This machine can be running any of the Windows OSs such as Win 95/98/Me/2K/XP. This machine, which we shall call server from now on, will require one additional software that is free. Download the Windows port of WGet from hherold/. Make sure you get the SSL libraries as well to install.

Unzip both WgetWin and the SSL libraries into a common folder, such as c:\program files\WgetWin. You can use wget to download files from the Internet and even resume transfers very easily. Next, what you need to do is create a small batch file that you will run every time you need to get and distribute new updates. Create a new folder, say C:\Updates and put the following DOWNLOAD.bat file within it.

REM Download the patches stored in DOWNLOAD.TXT, 
REM Write output to LOG.txt and only download if not already existing

wget -c -i DOWNLOAD.txt -o LOG.txt —nc

This batch file looks at a file called DOWNLOAD.txt in the same directory, creates a log in LOG.txt and downloads the URLs in the download file only if the file does not already exist in the folder. This saves on bandwidth by not repeatedly downloading the same file over and over again.

Now create the DOWNLOAD.txt file in the same folder and put the full URLs in this file, one per line. For instance,

Whenever a new update comes, simply add it to the end of the file or create a new DOWNLOAD.txt file and put the URLs in it. Once you do that, run the DOWNLOAD.bat file to download the patch into the c:\Updates folder. 

To deploy the patches automatically to the users, you will need to first share this directory for reading to all users. Next, create a folder called Updates in each client computer and put the following batch file in it. 

@echo off
Net use U: \\server\Updates
Echo Please wait while installing the updates…
for %%a in (*.exe) do if not exist C:\Updates\%%a.txt %%a
for %%a in (*.exe) do if not exist c:\Updates\%%a.txt echo Installed >

This file performs the following tasks. It first maps the updates folder on the “server” to U: drive. Next, it iterates through all the EXE files in the Updates folder and checks whether a corresponding .TXT file exists in the local Updates folder or not. If not, it simply executes the EXE file (the patch). Next it does the same check again, but this time writes out the txt file to the local updates folder with the text message “Installed” in each of them. (Note that the line wraps and should be written as a single line when creating the batch file).

A shortcut to this batch file should be made in each user’s Startup folder so that it always checks at startup if there are any new updates available. 

Although this setup works fine, there is scope for a lot of improvement. Such as the ability to create unattended installs, giving administrative privileges required to install and more. However, for a small organization, this is a good starting point to centralize patch and update deployment. 

Vinod Unny

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.