Instead, I suggested that we push the executable using a GPO and simple VB script. The trick is we'd have to build into the script a way to check to make sure the executable hasn't already been installed- otherwise every computer getting the GPO will run the executable every time it boots (something we don't want). After a bit of Googling, I wrote the following VB script, which does the following:
# Pseudo Code
Check if a reg key exists
If the reg key does not exist, execute the executable installer with switches to make it a passive installer
Once the executable complete, create a registry key marking that the install has completed
Check if a reg key exists
If the reg key does not exist, execute the executable installer with switches to make it a passive installer
Once the executable complete, create a registry key marking that the install has completed
'Reg key to create. Doesn't have to be this key, but since this is technically a patch, put it in Windows Update
sRegKey="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate"
sExePath = "\\path\to\executable"
sSwitches = "/passive /warnrestart:45" 'Check available flags on Executable for options here
' Suppress error in case values do not exist
On Error Resume Next
' Check for the Reg Key Marker
sRegMarkerValue = "" ' initial value
sRegMarkerValue = oShell.RegRead( sRegKey & "\WindowsXP-KBXXXXX-x86-ENU.exe")
On Error Goto 0
' To ensure update is only installed once, test the reg key marker
If sRegMarkerValue <> "yes" then
'Run the executable with switches
oShell.Run Chr(34) & sExePath & Chr(34) & " " & sSwitches, 1, True
' Create the Reg Key marker
oShell.RegWrite sRegKey & "\WindowsXP-KBXXXXX-x86-ENU.exe", "yes"
End If
sRegKey="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate"
sExePath = "\\path\to\executable"
sSwitches = "/passive /warnrestart:45" 'Check available flags on Executable for options here
' Suppress error in case values do not exist
On Error Resume Next
' Check for the Reg Key Marker
sRegMarkerValue = "" ' initial value
sRegMarkerValue = oShell.RegRead( sRegKey & "\WindowsXP-KBXXXXX-x86-ENU.exe")
On Error Goto 0
' To ensure update is only installed once, test the reg key marker
If sRegMarkerValue <> "yes" then
'Run the executable with switches
oShell.Run Chr(34) & sExePath & Chr(34) & " " & sSwitches, 1, True
' Create the Reg Key marker
oShell.RegWrite sRegKey & "\WindowsXP-KBXXXXX-x86-ENU.exe", "yes"
End If
After applying the GPO, we rebooted all of the workstations, and our patch was successfully applied!
No comments:
Post a Comment