• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Patch deployment across a non-AD network

W

Warder45

Senior member
Hi, I'm trying to mess with getting a patch pushed to all our desktops in our office. We do not use AD and we don't have any third party software like SMS.

I initially tried to use the msiexec command and put it in the batch file. However after trying it the patch wants administrator rights to install and thus doesn't really work. The msiexec command has an administrative install command but it seems like it just extracts the .msi to a network location.

Is there anything I'm missing with this approach? or is there another free solution to deploying this patch? Thanks for any help. - John
 
You might be able to run the patch with Admin-level credentials by doing a runas /user:domain\domainadminaccount in your batchfile, and just create a temporary domain-admin account for that purpose, then disable it as soon as it's served its purpose. Not an entirely safe practice, but whatever.
 
WSUS is a great solution to this. You'll need to get the WSUS registry stuff into the computers somehow (login script with admin creds?) and then once that's done, the rest is automatic.

WSUS is free from MS. Search on thier pages for the info; ask with Q's.
 
Originally posted by: dclive
WSUS is a great solution to this. You'll need to get the WSUS registry stuff into the computers somehow (login script with admin creds?) and then once that's done, the rest is automatic.
Click to expand...
But WSUS requires Windows Server, and they must not have that, since they aren't using AD.
 
They can still have Windows servers without an AD infrastructure. I'd question *why*, but it is certainly possible.
 
Thanks for all the suggestions. We already have a WSUS server up and running. However the patch I'm trying to install is not a windows patch. I don't remember reading it and I don't think it can, but can WSUS push other vender patches out to clients as well?

Thanks again.
 
Is this a large number of PCs? If not you could batch script the install on other machines by remotely executing the installer on each PC:

Your batch would look like this:
COPY c:\patch.exe /B \\PC1\C$\patch.exe
psexec \\PC1 -i -d -s c:\patch.exe
COPY c:\patch.exe /B \\PC2\C$\patch.exe
psexec \\PC2 -i -d -s c:\patch.exe
COPY c:\patch.exe /B \\PC3\C$\patch.exe
psexec \\PC3 -i -d -s c:\patch.exe
....

This (PSEXEC) is the utility you would need to do this.
http://www.sysinternals.com/Utilities/PsExec.html
 
Originally posted by: Warder45
Thanks for all the suggestions. We already have a WSUS server up and running. However the patch I'm trying to install is not a windows patch. I don't remember reading it and I don't think it can, but can WSUS push other vender patches out to clients as well?
Click to expand...
WSUS FAQ
"Can I add my own updates to WSUS?
No. Only updates synchronized from Microsoft Update ......."

As you probably already know, Microsoft relies on four primary methods to distribute updates to client computers:
1) AD with Group Policy
2) Windows Update
3) WSUS
4) SMS

Group Policies can push non-Microsoft patches to clients.
 

Thanks again for the help. We got a encrypted VB script to work. However now I'm looking for a program that can package EXE's into MSI's.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top