Patch deployment across a non-AD network

[Warder45]

Hi, I'm trying to mess with getting a patch pushed to all our desktops in our office. We do not use AD and we don't have any third party software like SMS.

I initially tried to use the msiexec command and put it in the batch file. However after trying it the patch wants administrator rights to install and thus doesn't really work. The msiexec command has an administrative install command but it seems like it just extracts the .msi to a network location.

Is there anything I'm missing with this approach? or is there another free solution to deploying this patch? Thanks for any help. - John

 

[mechBgon]

You might be able to run the patch with Admin-level credentials by doing a runas /user:domain\domainadminaccount in your batchfile, and just create a temporary domain-admin account for that purpose, then disable it as soon as it's served its purpose. Not an entirely safe practice, but whatever.

 

[dclive]

WSUS is a great solution to this. You'll need to get the WSUS registry stuff into the computers somehow (login script with admin creds?) and then once that's done, the rest is automatic.

WSUS is free from MS. Search on thier pages for the info; ask with Q's.

 

[RebateMonger]

Originally posted by: dclive
WSUS is a great solution to this. You'll need to get the WSUS registry stuff into the computers somehow (login script with admin creds?) and then once that's done, the rest is automatic.

But WSUS requires Windows Server, and they must not have that, since they aren't using AD.

 

[dclive]

They can still have Windows servers without an AD infrastructure. I'd question *why*, but it is certainly possible.

 

[Warder45]

Thanks for all the suggestions. We already have a WSUS server up and running. However the patch I'm trying to install is not a windows patch. I don't remember reading it and I don't think it can, but can WSUS push other vender patches out to clients as well?

Thanks again.

 

[KB]

Is this a large number of PCs? If not you could batch script the install on other machines by remotely executing the installer on each PC:

Your batch would look like this:
COPY c:\patch.exe /B \\PC1\C$\patch.exe
psexec \\PC1 -i -d -s c:\patch.exe
COPY c:\patch.exe /B \\PC2\C$\patch.exe
psexec \\PC2 -i -d -s c:\patch.exe
COPY c:\patch.exe /B \\PC3\C$\patch.exe
psexec \\PC3 -i -d -s c:\patch.exe
....

This (PSEXEC) is the utility you would need to do this.
http://www.sysinternals.com/Utilities/PsExec.html

 

[RebateMonger]

Originally posted by: Warder45
Thanks for all the suggestions. We already have a WSUS server up and running. However the patch I'm trying to install is not a windows patch. I don't remember reading it and I don't think it can, but can WSUS push other vender patches out to clients as well?

WSUS FAQ
"Can I add my own updates to WSUS?
No. Only updates synchronized from Microsoft Update ......."

As you probably already know, Microsoft relies on four primary methods to distribute updates to client computers:
1) AD with Group Policy
2) Windows Update
3) WSUS
4) SMS

Group Policies can push non-Microsoft patches to clients.

 

[Warder45]

Thanks again for the help. We got a encrypted VB script to work. However now I'm looking for a program that can package EXE's into MSI's.