The solution I have developed can fully patch a system (including MS and third party) from a CD, satisfying the "no unpatched systems on the network". It can also be used to patch and install environmental applications in an unattended manner.
The product actually interfaces with WSUS, so you can invoke a series of software installs and patches, and the patches available thru WSUS will be downloaded and installed at that moment. This allows tight control of when updates are applied. In our environment, that's only once per month for the application servers, Dev, then QA, and finally production.
We've used this tool to apply a critical MS patch to 400+ servers in under an hour, including the time to download & configure the new patch.
I'd be willing to discuss this offline if anyone wants to test it.
Glenn
_________________________
Actually I
am a Rocket Scientist!
