#67920 - 2002-07-08 09:55 PM
Updates vis Kix ??
|
futte
Fresh Scripter
Registered: 2002-07-02
Posts: 49
Loc: Denmark
|
Hello fellows
Please help i want to use Kixtart to push out ex. a servicepack for windows, or a patch.. Is this possible ??
Thanks ![[Wink]](images/icons/wink.gif)
|
|
Top
|
|
|
|
|
#67922 - 2002-07-08 10:12 PM
Re: Updates vis Kix ??
|
futte
Fresh Scripter
Registered: 2002-07-02
Posts: 49
Loc: Denmark
|
What I really want is ex. to check if the client have the latest servicepack for windows, and if not i would like to have Kix to update the client. I don't know if it's possible or there are some other possiblities..
Thanks
|
|
Top
|
|
|
|
#67923 - 2002-07-08 10:25 PM
Re: Updates vis Kix ??
|
MCA
KiX Supporter
Registered: 2000-04-28
Posts: 5152
Loc: Netherlands, EU
|
|
|
Top
|
|
|
|
|
#67924 - 2002-07-08 11:13 PM
Re: Updates vis Kix ??
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
ok...
Yes, you can check for any of the service packs and/or the hotfixes.
and Yes, you can install them through the script.
However, if the user logging on is not local admin, it will not work without some jumping through of hoops.
GIGO strikes again
|
|
Top
|
|
|
|
|
#67925 - 2002-07-09 04:10 PM
Re: Updates vis Kix ??
|
futte
Fresh Scripter
Registered: 2002-07-02
Posts: 49
Loc: Denmark
|
Hey again
I know i can check for servicepack an so on, and the user is logged on as local admin. My question is how do i roll out ex. a servicepack for windows 2000, with kix, when i have checked it's not updated ?
Thanks ![[Smile]](images/icons/smile.gif)
|
|
Top
|
|
|
|
#67927 - 2002-07-09 04:34 PM
Re: Updates vis Kix ??
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
|
|
Top
|
|
|
|
|
#67928 - 2002-07-09 04:34 PM
Re: Updates vis Kix ??
|
bleonard
Seasoned Scripter
Registered: 2001-01-19
Posts: 581
Loc: Chicago, IL
|
Use these command line switches for WinNT/Win2K service pack installations (update.exe -switches):
-c = Create uninstall directory (Win2K Only!)
-f = Force other apps to close at shutdown
-n = Do not create uninstall directory (do not backup files for uninstall)
-o = Overwrite OEM files without prompting
-q = Quiet mode - do not show user interface (i.e. silent install)
-u = Unattended
-z = Do not reboot when installation is complete
-s: = Slipstream installation method (Win2K Only! - used to include into a CD-ROM-based O/S image on a Remote Installation Service (RIS))
Bill
|
|
Top
|
|
|
|
|
#67930 - 2002-07-09 05:33 PM
Re: Updates vis Kix ??
|
bleonard
Seasoned Scripter
Registered: 2001-01-19
Posts: 581
Loc: Chicago, IL
|
Here is a script that utilizes HFNETCHK to check for installed hotfixes/patches. It will install hotfixes/patches and Service Packs (SP's NT-tested only).
Most of this has already been posted on this board in some fashion. Some reading between the lines required - i.e. pathing to where patches are stored ($AppPath), specific syntax for storing patches (winnt_ie550sp1_...), emailing app (Postie), etc. Anyone wishing to use, modify for you specific configuration.
Note, the top portion of script contains rough placement of code bits from my other script(s) that are utilized by this script. This stuff does not belong in this called script, but is posted to help others who may wish to adapt this script for their usage.
Lastly, "trust, but verify" - test thoroughly before using in production environment.
Bill
code:
; ################################
; ## FILE NAME: HOTFIX.KIX ##
; ## LOCATION : \NETLOGON ##
; ## REVISION : 2002.01.02 ##
; ## KiX VER : 3.63 ##
; ################################
; REM ** Local variables in use by this script are:
DIM $AddKeyIdx, $AppDate, $ChkKeyIdx, $HLogIdx, $Line, $LocalScriptVer, $QRegIdx, $RC, $RC1 ; REM ** Various indexes, local script identifier, date, return code holders
DIM $ChkCurSP, $ChkInsSP, $ChkValSP ; REM ** Numeric values to store SP level, and evaluate if proper for auto install to be performed
DIM $FixArt, $FixFil, $FixNum ; REM ** Parsed Hotfix Article IDs/File Names/Numbers
DIM $FullKey, $MyRegKey, $RegKey, $RegTmp, $RegLen, $SrpBatFil, $SrpExePth ; REM ** Registry variables, locations etc. for WinNT post-SP6a Security Rollup Package
DIM $HfxBatFil, $HfxDir, $HfxFilPath, $HfxFixPath ; REM ** Hotfix and QChain files, network storage locations etc.
DIM $RunArticle, $RunExeDate, $RunExeFile, $RunExePath, $RunExeSize, $RunHotFix, $RunSvcPack ; REM ** Final values for Article ID, Exe File and Path, Hotfix number for hotfixes being applied
DIM $ShutPath, $SrpBatFil, $SrpExeFil, $SrpExePth ; REM ** Security Rollup Pack values, locations, switch settings etc.
DIM $ReqSpace, $SvcBatFil, $SvcExeFil, $SvcExePth ; REM ** Service Pack values, locations, etc.
DIM $IeSwitch, $OsSwitch, $RunSwitch, $ShutSwitch, $SvcSwitch, $Switch ; REM ** Variable to store command-line switch options for various executables
DIM $RemainCnt, $SvcSkipCnt, $SvcSkipMax, $SkipCt, $SkipDt ; REM ** Variable to track end-user opt-out of Service Pack installation
DIM $MSRegKey, $TmpChk1, $TmpChk2, $TmpChk3, $TmpChk4, $TmpChk5, $TmpChk6, $TmpChk7 ; REM ** Values for WinNT pre-SP6a Hotfixes
DIM $TmpDate,$TmpFixDate, $TmpFixNum, $TmpFixSize, $TmpKey, $TmpSp, $TmpText, $TmpVal ; REM ** Various reused temp variables
$LocalScriptVer = "2002.01.02" ; REM ** Track what scripts used to update workstations
$AppDate = $MM + "/" + $DD + "/" + $YY ; REM ** Format date into mm/dd/yyyy
$FullKey = "" ; REM ** Track parsed value for registry key to add
$HfxBatFil = "%temp%\QChain_Batch.cmd" ; REM ** QChain file to execute if necessary
$HfxDir = "$LogDir\Hotfix\QChain_File" ; REM ** Network copy of qchain batch file built
$HfxFilPath = "$CallDrv\Files\HotFix" ; REM ** Path to 'hfnetchk.xml' and 'qchain.exe' files on DC Netlogon share
$HfxFixPath = "$AppPath\Microsoft\Security_Patches" ; REM ** Network location security patches stored under
$IeSwitch = "-q" ; REM ** Command line switches invoked during installation of Internet Explorer updates (-q = quiet mode)
$IeExeFile = "*$OS*$IEHotFix*.exe" ; REM ** Hotfix file names for Internet Explorer updates (i.e. MS01-001_winnt_ie501sp1_q123456_*.exe / MS01-002_win2k_ie600_q234567_*.exe)
$OsSwitch = "-m -z" ; REM ** Command line switches invoked during installation of O/S hotfix (non-Internet Explorer patch)
; Switch settings for O/S Hotfix installation (msxx-*.exe -switches):
; -m = Quiet mode (no messages or prompts)
; -z = No Reboot
$OsExeFile = "*$OS*.exe" ; REM ** Hotfix file names for O/S patches (i.e. MS01-001_winnt_q123456_*.exe / MS01-002_win2k_q234567_*.exe)
$MyRegKey = "HKEY_LOCAL_MACHINE\Software\MyCompany\InfoSvcs" ; REM ** Company-specific top-level reg key for recording various processes
$RegKey = "$MyRegKey\Applied MS HotFixes" ; REM ** Key recording script application of security patches - required as $RegTmp gets parsed
$RegTmp = $RegKey ; REM ** Temp key to parse when adding the $RegKey if non-existent
$ReqSpace = 200 ; REM ** Defined required free disk space on system partition to install current SP
$ShutPath = "$OSDir\$OSSys" ; REM ** Where is shutdown found on client system?
$ShutSwitch = "/C /L /R /T:10 /Y" ; REM ** Command-line switches for Shutdown execution: /C=close apps, /L=local w/s, /R=reboot, /T:10=10sec timer, /Y=answer yes to dialog boxes
$SrpBatFil = "%temp%\Srp_install.cmd" ; REM ** Batch file to apply Post WinNT SP6a Security Rollup Package (SRP)
$SrpExeFil = "" ; REM ** Security patch executable file to apply (name syntax: ms01-001_win2k_ie550sp2_q123456.exe)
$SrpExePth = "$HfxFixPath\SP6a_Security_Rollup" ; REM ** Post-SP6a Security Rollup Package installation path
$SvcBatFil = "%temp%\Svcpack_install.cmd" ; REM ** Batch file to apply current Service Pack to systems 1 SP-level back
$SvcExeFil = "update.exe" ; REM ** Service Pack executable file
$SvcExePth = "$AppPath\Microsoft\Service_Packs\$OS" ; REM ** Service Pack installation path
$SvcSkipCnt = 0 ; REM ** Counter to track if user manually skips install
$SvcSkipMax = 3 ; REM ** Maximum number of passes before auto install of service pack performed
$SvcSwitch = "-f -q -u" ; REM ** Command line switches invoked during installation of Service Pack
; Switch settings for Service Pack installation (update.exe -switches):
; -c = Create uninstall directory (Win2K Only!)
; -f = Force other apps to close at shutdown
; -n = Do not create uninstall directory (do not backup files for uninstall)
; -o = Overwrite OEM files without prompting
; -q = Quiet mode - do not show user interface (i.e. silent install)
; -u = Unattended
; -z = Do not reboot when installation is complete
; -s:<path to image> = Slipstream installation method (Win2K Only! - used to include into a CD-ROM-based O/S image on a Remote Installation Service (RIS))
$TmpTime = @TIME ; REM ** All Hotfix installations show same time value in registry for each installation routine
DIM $AddKey[5] ; REM ** Array to hold registry key values to create new registry entries from single defined entry
DIM $ArrayFixArt[50] ; REM ** Array to hold values for 'Q*' MS TechNet articles explaining each Hotfix to be applied
DIM $ArrayFixDat[50] ; REM ** Array to hold values for patch file date that is installed
DIM $ArrayFixFil[50] ; REM ** Array to hold values for executable file to run (important for version-specific IE patches)
DIM $ArrayFixNum[50] ; REM ** Array to hold values for 'MS-*' hotfixes to apply
DIM $ArrayFixPth[50] ; REM ** Array to hold values for path patch is installed from to add to registry for tracking
DIM $ArrayFixSiz[50] ; REM ** Array to hold values for patch file size that is installed
DIM $ArrayFixSvc[50] ; REM ** Array to hold values for service pack values for writing to MS-specific component of registry
DIM $ArrayFixSwt[50] ; REM ** Array to hold values for command-line switch settings specific to patch being installed
; //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
;
; Pull some variables/processes from other scripts for KiX BB posting of this script
;
; //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
$YY = SUBSTR (@DATE, 1, 4) ; REM ** 4-digit Year
$MM = SUBSTR (@DATE, 6, 2) ; REM ** 2-digit Month
$DD = SUBSTR (@DATE, 9, 2) ; REM ** 2-digit Day
SELECT
CASE (@DOS >= 5.1) $OS = "WinXP"
CASE (@DOS >= 5.0) $OS = "Win2K"
CASE (@DOS >= 4.0) AND (@INWIN = 1) $OS = "WinNT"
ENDSELECT
$Date = $YY + $MM + $DD
$OSDrv = "%Systemdrive%"
$FreeSpace = GETDISKSPACE ("$OSDrv") /1024 ; REM ** Return value is bytes, convert to megabytes
$QchFil = "$LogDir\Hotfix\QChain_File\@WKSTA_$Date.txt" ; REM ** Location of the QChain batch file copy stored on network server
$QchLog = "$LogDir\Hotfix\QChain_Log\$WorkSta_$Date.txt" ; REM ** Location of the QChain log files after sequence runs
; REM ** Determine Service Pack level
$RC = READVALUE ("$HKLMSMWNTCV\Hotfix\Q246009", "Installed") ; REM ** Check if running WinNT SP6a or earlier versions (SP6, SP5...)
SELECT
CASE ($OS = "WinNT") AND ($RC = "1") $OSSvc = "Service Pack 6a" ; REM ** See http://www.microsoft.com/ntserver/support/faqs/sp6faq.asp (2001.12.26)
CASE ($OS = "WinXP") $OSSvc = LTRIM (RTRIM (READVALUE ("$HKLMSMWNTCV", "BuildLab")))
CASE (1) $OSSvc = LTRIM (RTRIM (READVALUE ("$HKLMSMWNTCV", "CSDVersion")))
ENDSELECT
; REM ** Confirm Internet Explorer installed on system (See MS TechNet article Q164539)
; REM ** Format of IE Version numbers: x.xx.xxxx.xxxx (Major.Minor.Build.SubBuild)
$RC1 = READVALUE ("$HKLMSM\Internet Explorer", "Build") ; REM ** IE3 onward (s/b build only, or xxxxx.xxxx)
$RC2 = READVALUE ("$HKLMSM\Internet Explorer", "Version") ; REM ** IE4 or later only (s/b x.xx.xxxx.xxxx)
$RC3 = READVALUE ("$HKLMSM\Internet Explorer", "IVer") ; REM ** IE3 only (s/b xxx)
$TmpLen1 = LEN ($RC1)
$TmpLen2 = LEN ($RC2)
$TmpLen3 = LEN ($RC3)
SELECT
CASE ($TmpLen1 = 5) AND (SUBSTR ($RC2, 4, 1) = ".") ; REM ** IE6 (WinXP) - MS error w/IE 6 where minor id is single charcter
$IEMajor = SUBSTR ($RC2, 1, 1)
$IEMinor = SUBSTR ($RC2, 3, 1) + "0"
$IEBuild = SUBSTR ($RC2, 5, 4)
$IESubBd = SUBSTR ($RC2, 10, $TmpLen2-9)
$IEFullVer = $IEMajor + "." + $IEMinor + "." + $IEBuild + "." + $IESubBd
CASE ($TmpLen1 = 10) AND (SUBSTR ($RC2, 4, 1) = ".") ; REM ** IE6 (Win2K) - MS error w/IE 6 where minor id is single charcter
$IEMajor = SUBSTR ($RC2, 1, 1)
$IEMinor = SUBSTR ($RC2, 3, 1) + "0"
$IEBuild = SUBSTR ($RC2, 5, 4)
$IESubBd = SUBSTR ($RC2, 10, $TmpLen2-9)
$IEFullVer = $IEMajor + "." + $IEMinor + "." + $IEBuild + "." + $IESubBd
CASE ($TmpLen1 = 14) OR ($TmpLen2 >= 11) ; REM ** IE5/IE4 - 14 is MS error w/IE 5.01 SP1 for Win2K, >=11 for various IE4, 5 versions not 14-character
$IEFullVer = $RC2
$IEMajor = SUBSTR ($RC2, 1, 1)
$IEMinor = SUBSTR ($RC2, 3, 2)
$IEBuild = SUBSTR ($RC2, 6, 4)
$IESubBd = SUBSTR ($RC2, 11, $TmpLen2-9)
CASE ($TmpLen1 >= 3) AND ($RC3 = "103") ; REM ** IE3 - the build number only
$IEMajor = "4"
$IEMinor = "70"
$IEBuild = "$RC1"
$IESubBd = ""
$IEFullVer = $IEMajor + "." + $IEMinor + "." + $IEBuild
CASE (1)
$Status = $Skip
$wri = WRITELINE (1, "Verified IE not installed." + $CR)
RETURN
ENDSELECT
; REM ** Determine exact version installed on system, set shorthand value to group 'like' versions (See MS TechNet article Q164539)
; REM ** Format of IE Version numbers: x.xx.xxxx.xxxx (Major, Minor, Build, SubBuild)
SELECT
CASE ($IEFullVer >= "6.00.2600.0000") $IEVer = "6.00" $IEHotFix = "ie600" ; REM ** Internet Explorer 6
CASE ($IEFullVer >= "6.00.2479.0006") $IEVer = "6.00" $IEHotFix = "ie600" ; REM ** Internet Explorer 6 Public Preview (Beta) Refresh
CASE ($IEFullVer >= "6.00.2462.0000") $IEVer = "6.00" $IEHotFix = "ie600" ; REM ** Internet Explorer 6 Public Preview (Beta)
CASE ($IEFullVer >= "5.50.4807.2300") $IEVer = "5.50 SP2" $IEHotFix = "ie550sp2" ; REM ** Internet Explorer 5.5 Service Pack 2
CASE ($IEFullVer >= "5.50.4522.1800") $IEVer = "5.50 SP1" $IEHotFix = "ie550sp1" ; REM ** Internet Explorer 5.5 Service Pack 1
CASE ($IEFullVer >= "5.50.4308.2900") $IEVer = "5.50" $IEHotFix = "ie550" ; REM ** Internet Explorer 5.5 Advanced Security Privacy Beta
CASE ($IEFullVer >= "5.50.4134.0600") $IEVer = "5.50" $IEHotFix = "ie550" ; REM ** Internet Explorer 5.5
CASE ($IEFullVer >= "5.50.4134.0100") $IEVer = "5.50" $IEHotFix = "ie550" ; REM ** Internet Explorer 5.5 (Windows Me - 4.90.3000)
CASE ($IEFullVer >= "5.50.4030.2400") $IEVer = "5.50" $IEHotFix = "ie550" ; REM ** Internet Explorer 5.5 & Internet Tools Beta
CASE ($IEFullVer >= "5.50.3825.1300") $IEVer = "5.50" $IEHotFix = "ie550" ; REM ** Internet Explorer 5.5 Developer Preview (Beta)
CASE ($IEFullVer >= "5.00.3315.1000") $IEVer = "5.01 SP2" $IEHotFix = "ie501sp2" ; REM ** Internet Explorer 5.01 SP2 (Windows 2000)
CASE ($IEFullVer >= "5.00.3314.2101") $IEVer = "5.01 SP2" $IEHotFix = "ie501sp2" ; REM ** Internet Explorer 5.01 SP2 (Windows 95/98 and Windows NT 4.0)
CASE ($IEFullVer >= "5.00.3105.0106") $IEVer = "5.01 SP1" $IEHotFix = "ie501sp1" ; REM ** Internet Explorer 5.01 SP1 (Windows 95/98 and Windows NT 4.0)
CASE ($IEFullVer >= "5.00.3103.1000") $IEVer = "5.01 SP1" $IEHotFix = "ie501sp1" ; REM ** Internet Explorer 5.01 SP1 (Windows 2000)
CASE ($IEFullVer >= "5.00.2920.0000") $IEVer = "5.01" $IEHotFix = "ie501" ; REM ** Internet Explorer 5.01 (Windows 2000, build 5.00.2195)
CASE ($IEFullVer >= "5.00.2919.6307") $IEVer = "5.01" $IEHotFix = "ie501" ; REM ** Internet Explorer 5.01 (Also included with Office 2000 SR-1)
CASE ($IEFullVer >= "5.00.2919.3800") $IEVer = "5.01" $IEHotFix = "ie501" ; REM ** Internet Explorer 5.01 (Windows 2000 RC2, build 5.00.2128)
CASE ($IEFullVer >= "5.00.2919.800") $IEVer = "5.01" $IEHotFix = "ie501" ; REM ** Internet Explorer 5.01 (Windows 2000 RC1, build 5.00.2072)
CASE ($IEFullVer >= "5.00.2516.1900") $IEVer = "5.01" $IEHotFix = "ie500" ; REM ** Internet Explorer 5.01 (Windows 2000 Beta 3, build 5.00.2031)
CASE ($IEFullVer >= "5.00.2614.3500") $IEVer = "5.00" $IEHotFix = "ie500" ; REM ** Internet Explorer 5 (Windows 98 Second Edition)
CASE ($IEFullVer >= "5.00.2314.1003") $IEVer = "5.00" $IEHotFix = "ie500" ; REM ** Internet Explorer 5 (Office 2000)
CASE ($IEFullVer >= "5.00.2014.0216") $IEVer = "5.00" $IEHotFix = "ie500" ; REM ** Internet Explorer 5
CASE ($IEFullVer >= "5.00.0910.1309") $IEVer = "5.00" $IEHotFix = "ie500" ; REM ** Internet Explorer 5 Beta (Beta 2)
CASE ($IEFullVer >= "5.00.0518.10") $IEVer = "5.00" $IEHotFix = "ie500" ; REM ** Internet Explorer 5 Developer Preview (Beta 1)
CASE ($IEFullVer >= "4.72.3612.1713") $IEVer = "4.01 SP2" $IEHotFix = "ie401sp2" ; REM ** Internet Explorer 4.01 Service Pack 2 (SP2)
CASE ($IEFullVer >= "4.72.3110.8") $IEVer = "4.01 SP1" $IEHotFix = "ie401sp1" ; REM ** Internet Explorer 4.01 Service Pack 1 (SP1)
CASE ($IEFullVer >= "4.72.2106.8") $IEVer = "4.01" $IEHotFix = "ie401" ; REM ** Internet Explorer 4.01
CASE ($IEFullVer >= "4.71.1712.6") $IEVer = "4.00" $IEHotFix = "ie400" ; REM ** Internet Explorer 4.0
CASE ($IEFullVer >= "4.71.1008.3") $IEVer = "4.00" $IEHotFix = "ie400" ; REM ** Internet Explorer 4.0 Platform Preview 2.0 (PP2)
CASE ($IEFullVer >= "4.71.544") $IEVer = "4.00" $IEHotFix = "ie400" ; REM ** Internet Explorer 4.0 Platform Preview 1.0 (PP1)
CASE ($IEFullVer >= "4.70.1300") $IEVer = "3.02" $IEHotFix = "ie302" ; REM ** Internet Explorer 3.02 and 3.02a
CASE ($IEFullVer >= "4.70.1215") $IEVer = "3.01" $IEHotFix = "ie300" ; REM ** Internet Explorer 3.01
CASE ($IEFullVer >= "4.70.1158") $IEVer = "3.00" $IEHotFix = "ie300" ; REM ** Internet Explorer 3.0 (OSR2)
CASE ($IEFullVer >= "4.70.1155") $IEVer = "3.00" $IEHotFix = "ie300" ; REM ** Internet Explorer 3.0
CASE ($IEFullVer >= "4.40.520") $IEVer = "2.00" $IEHotFix = "ie200" ; REM ** Internet Explorer 2.0
CASE ($IEFullVer >= "4.40.308") $IEVer = "1.00" $IEHotFix = "ie100" ; REM ** Internet Explorer 1.0 (Plus!)
ENDSELECT
; //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
;
; End pull of variables/processes from other scripts for KiX BB posting of this script
;
; //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
; REM ** Step 1 - Set some installed/MS-current release SP numeric variables
; REM ** Set variable for what is defined current Service Pack level depending upon O/S
SELECT
CASE ($OS = "WinXP") $CurSvcPack = "" ; REM ** 'None' is current Service Pack level as of 2001.12.27
CASE ($OS = "Win2K") $CurSvcPack = "ServicePack2" ; REM ** 'SP2' is current Service Pack level as of 2001.12.27
CASE ($OS = "WinNT") $CurSvcPack = "ServicePack6a" ; REM ** 'SP6a' is current Service Pack level as of 2001.12.27
ENDSELECT
$ChkValSP = 1 ; REM ** Acceptable level of SP's to be behind for auto-install to be performed
; REM ** Numeric value for current script-defined SP for checking if SP more than 1 behind
IF ($CurSvcPack <> "")
$ChkCurSP = VAL (SUBSTR ($CurSvcPack, 14, 1))
ENDIF
; REM ** Numeric value for current-installed SP for checking if more than 1 SP behind, defining Reg key for MS-section of defined installed Hotfixes. If no SP installed, level is zero
IF ($OSSvc <> "")
$ChkInsSP = VAL (SUBSTR ($OSSvc, 14, 1))
ELSE
$ChkInsSP = 0
ENDIF
$TmpSp = $ChkInsSP + 1 ; REM ** Increment value one above current installed SP
$TmpSp = "SP" + $TmpSp
; REM ** Step 2 - Confirm registry keys exist to store record of application of hotfix to check if patch previously applied.
; REM ** MS does not always write registry values for applied fixes, so this is seperate record if fix ever applied by this script.
; REM ** Use an array to hold all key values that make up logging key to then check and add keys as necessary
$RC = EXISTKEY ("$RegKey")
IF ($RC = 0)
; $wri = WRITELINE (1, "Verified existence of Hotfix application registry key: $RegKey" + $CR)
ELSE
$AddKeyIdx = 0
WHILE (INSTR ("$RegTmp", "\") <> 0)
$AddKey[$AddKeyIdx] = $FullKey + SUBSTR ($RegTmp, 1, INSTR ($RegTmp, "\")-1) ; REM ** Remove trailing '\' character so ADDKEY performs properly
$FullKey = $FullKey + SUBSTR ($RegTmp, 1, INSTR ($RegTmp, "\"))
$RegTmp = SUBSTR ($RegTmp, INSTR ($RegTmp, "\")+1, LEN ($RegTmp))
$RegLen = LEN ($RegTmp)
$AddKeyIdx = $AddKeyIdx+1
LOOP
IF ($RegLen <> 0) ; REM ** Catch trailing registry key value to add (item after final '\' character)
$AddKey[$AddKeyIdx] = $RegKey
$AddKeyIdx = $AddKeyIdx+1
ENDIF
$ChkKeyIdx=0
DO
IF (EXISTKEY ($AddKey[$ChkKeyIdx]) <> 0)
$TmpKey = $AddKey[$ChkKeyIdx]
$con = ADDKEY ("$TmpKey")
IF (@ERROR <> 0)
$Err=$Err+1
$wri = WRITELINE (1, "$ErrMsg adding registry key: $TmpKey (@SERROR)" + $CR)
ENDIF
ENDIF
$ChkKeyIdx=$ChkKeyIdx+1
UNTIL $ChkKeyIdx=$AddKeyIdx
IF (EXISTKEY ("$RegKey") = 0)
$wri = WRITELINE (1, "Verified addition of Hotfix application registry key" + $CR)
ELSE
$Err = $Err+1
$Msg = "Error verifying addition of Hotfix application registry key: $RegKey (@SERROR)"
GOTO "EndScript"
ENDIF
ENDIF
; REM ** Step 3 - Prior to checking Hotfix, verify system at latest Service Pack and install if not
IF ($OS <> "WinXP") ; REM ** No SP level yet for WinXP (2002.01.01)
IF ($OSSvc = $CurSvcPack)
; $wri = WRITELINE (1, "Verified system at current Service Pack" + $CR)
ELSE
IF ($FreeSpace < $ReqSpace) ; REM ** Verify available free space for SP installation
$Err = $Err+1
$Msg = "Error - check free space on system partition prior to installing $CurSvcPack ($OSDrv $FreeSpace)"
GOTO "EndScript"
ENDIF
GOTO "Install_SvcPack"
ENDIF
ENDIF
; REM ** Step 4 - Run 'hfnetchk' executable, email results to Administrator for additional review
SHELL "%comspec% /c $HfxFilPath\hfnetchk.exe -h " + @WKSTA + " -o tab -x $HfxFilPath\mssecure.xml > $HfxLog 2>nul"
IF (@ERROR = 0)
RUN "$CallDrv\Login\Postiev6.exe -host:$EmailSvr -to:$Emailid1 -from:$EmailUsr -s:HotFixLog_for_$WorkSta -nomsg -q -a:$HfxLog -log:$PstLog"
SLEEP 5
ELSE
$Err = $Err+1
$Msg = "$ErrMsg running hfnetchk (@SERROR)"
GOTO "EndScript"
ENDIF
; REM ** Step 5 - If Windows NT system, load variables one-time with post-SP6a SRP patch numbers
; REM ** Post-Service Pack 6a SRP patch numbers from MS TechNet article Q299444
IF ($OS = "WinNT")
$TmpFixNum = "SP6a Security Rollup Package"
$RC = READVALUE ("$RegKey\$TmpFixNum", "Applied Date")
IF (@ERROR = 0) AND ($RC <> "")
$wri = WRITELINE (1, "Verified patch $TmpFixNum previously applied ($RC)" + $CR)
ELSE
$TmpChk1 = ("MS98-001, MS98-004, MS99-003, MS99-013, MS99-019, MS99-022, MS99-025, MS99-029, MS99-031, MS99-036, MS99-039")
$TmpChk2 = ("MS99-041, MS99-045, MS99-046, MS99-047, MS99-053, MS99-055, MS99-056, MS99-057, MS99-058, MS99-061")
$TmpChk3 = ("MS00-003, MS00-004, MS00-005, MS00-006, MS00-007, MS00-008, MS00-011, MS00-018, MS00-019")
$TmpChk4 = ("MS00-021, MS00-023, MS00-024, MS00-025, MS00-027, MS00-028, MS00-029, MS00-030, MS00-031, MS00-036")
$TmpChk5 = ("MS00-040, MS00-044, MS00-047, MS00-052, MS00-057, MS00-059, MS00-060, MS00-063, MS00-070, MS00-078")
$TmpChk6 = ("MS00-080, MS00-081, MS00-083, MS00-086, MS00-091, MS00-094, MS00-095, MS00-100")
$TmpChk7 = ("MS01-003, MS01-004, MS01-008, MS01-009, MS01-017, MS01-025, MS01-026, MS01-033, MS01-035")
ENDIF
ENDIF
; REM ** Step 6 - Open hfnetchk log file and search for patches not found installed. Populate array with 'MS*' values.
$con = OPEN (9, "$HfxLog", 2)
IF ($con <> 0)
$wri = WRITELINE (1, "$ErrMsg opening $HfxLog file (@SERROR)" + $CR)
ELSE
$HLogIdx=0
$Line = READLINE (9)
WHILE ($Line <> "")
IF (INSTR ($Line, "NOT Found") <> 0)
$FixArt = UCASE (SUBSTR ($Line, INSTR ($Line, "q"), 7)) ; REM ** MS TechNet Article ID (Q??????) - first 'Q' value found in line
$FixNum = SUBSTR ($Line, INSTR ($Line, "MS"), 8) ; REM ** MS Hotfix number (MS??-???)
; REM ** For Windows NT systems, see if missing patch(es) are part of post-Service Pack 6a SRP.
; REM ** If missing patches are part of SRP, install the SRP prior to installing other patches
IF ($OS = "WinNT")
SELECT
CASE (INSTR ($TmpChk1, $FixNum) <> 0) GOTO "Install_SRP"
CASE (INSTR ($TmpChk2, $FixNum) <> 0) GOTO "Install_SRP"
CASE (INSTR ($TmpChk3, $FixNum) <> 0) GOTO "Install_SRP"
CASE (INSTR ($TmpChk4, $FixNum) <> 0) GOTO "Install_SRP"
CASE (INSTR ($TmpChk5, $FixNum) <> 0) GOTO "Install_SRP"
CASE (INSTR ($TmpChk6, $FixNum) <> 0) GOTO "Install_SRP"
CASE (INSTR ($TmpChk7, $FixNum) <> 0) GOTO "Install_SRP"
ENDSELECT
ENDIF
$RC1 = READVALUE ("$RegKey\$FixNum", "AppliedDate")
IF (@ERROR = 0) AND ($RC1 <> "")
$wri = WRITELINE (1, "Verified Patch $FixNum previously applied ($RC1)" + $CR)
ELSE
; REM ** Check if version-specific IE patch being applied (patch naming scheme: MS01-001_winnt_ie550sp1_...)
IF (INSTR ($Line, "Internet Explorer") = 0)
$FixFil = DIR ("$HfxFixPath\$FixNum\$OsExeFile")
$Switch = $OsSwitch
ELSE
$FixFil = DIR ("$HfxFixPath\$FixNum\$IeExeFile")
$Switch = $IeSwitch
ENDIF
; REM ** Confirm directory and executable exist for this security patch
IF EXIST ("$HfxFixPath\$FixNum\$FixFil") = 0
$Err = $Err+1
$Msg = "Missing Hotfix $FixNum ($HfxFixPath\$FixNum\$FixFil)"
ELSE
$TmpFixDate = GETFILETIME ("$HfxFixPath\$FixNum\$FixFil")
$TmpFixSize = GETFILESIZE ("$HfxFixPath\$FixNum\$FixFil")
$con = ADDKEY ("$RegKey\$FixNum")
IF (@ERROR = 0)
$ArrayFixArt[$HLogIdx] = $FixArt
$ArrayFixDat[$HLogIdx] = $TmpFixDate
$ArrayFixFil[$HLogIdx] = $FixFil
$ArrayFixNum[$HLogIdx] = $FixNum
$ArrayFixPth[$HLogIdx] = "$HfxFixPath\$FixNum"
$ArrayFixSiz[$HLogIdx] = $TmpFixSize
$ArrayFixSwt[$HLogIdx] = $Switch
$ArrayFixSvc[$HLogIdx] = $TmpSp
$Msg = "Patch $FixNum to be applied (File: $FixFil / MS TechNet article $FixArt)"
$HLogIdx=$HLogIdx+1
ELSE
$Err = $Err+1
$Msg = "$ErrMsg adding Hotfix registry key $RegKey\$FixNum (@SERROR)"
ENDIF
ENDIF
$wri = WRITELINE (1, "$Msg" + $CR)
ENDIF
ENDIF
$Line = READLINE (9)
LOOP
$con = CLOSE (9)
ENDIF
; REM ** Step 7 - Check counter value to confirm there are patch(es) to apply
SELECT
CASE ($HLogIdx = 0) AND ($Err = 0)
$Msg = "Verified MS O/S Security Patches up to date"
GOTO "EndScript"
CASE ($HLogIdx = 0)
$Msg = "Reconfirm MS O/S Security Patches up to date"
GOTO "EndScript"
ENDSELECT
; REM ** Step 8 - Always copy QChain executable to client system to keep client current
IF EXIST ("$OSDir\Qchain.exe") = 1
DEL "$OSDir\Qchain.exe"
IF (@ERROR <> 0)
$Err = $Err+1
$Msg = "$ErrMsg deleting qchain.exe from client system (@SERROR)"
GOTO "EndScript"
ENDIF
ENDIF
COPY "$HfxFilPath\QChain.exe" "$OSDir\QChain.exe"
IF (@ERROR <> 0)
$Err = $Err+1
$Msg = "$ErrMsg copying qchain.exe to client system (@SERROR)"
GOTO "EndScript"
ENDIF
; REM ** Step 9 - Build QChain batch file (delete previous versions if exist)
IF EXIST ($HfxBatFil) = 1
DEL $HfxBatFil
IF (@ERROR <> 0)
$Err = $Err+1
$Msg = "$ErrMsg deleting $HfxBatFil (@SERROR)"
GOTO "EndScript"
ENDIF
ENDIF
$con = OPEN (9, "$HfxBatFil", 5)
IF ($con <> 0)
$Err=$Err+1
$Msg = "$ErrMsg opening $HfxBatFil file (@SERROR)"
GOTO "EndScript"
ELSE
$QRegIdx=0
DO
$RunExeFile = $ArrayFixFil[$QRegIdx]
$RunHotFix = $ArrayFixNum[$QRegIdx]
$RunSwitch = $ArrayFixSwt[$QRegIdx]
$wri = WRITELINE (9, "$HfxFixPath\$RunHotFix\$RunExeFile $RunSwitch" + $CR)
$QRegIdx=$QRegIdx+1
UNTIL $QRegIdx=$HLogIdx
$wri = WRITELINE (9, "$OSDir\qchain.exe $QchLog" + $CR) ; REM ** Have qchain log its processing to network location
IF EXIST ("$ShutPath\Shutdown.exe") = 1 ; REM ** Verify ResKit utility to shutdown on client
$Msg = "$ShutPath\Shutdown.exe $ShutSwitch"
ELSE
COPY "$HfxFilPath\Shutdown.exe" "$ShutPath\Shutdown.exe"
IF (@ERROR = 0) $Msg = "$ShutPath\Shutdown.exe $ShutSwitch"
ELSE $wri = WRITELINE (1, "$ErrMsg copying shutdown to client (@SERROR)" + $CR)
ENDIF
ENDIF
$wri = WRITELINE (9, "$Msg" + $CR)
$con = CLOSE (9)
$HfxInstall = "Yes"
ENDIF
; REM ** Copy qchain batch file to server for review/archiving
COPY "$HfxBatFil" "$QchFil"
IF (@ERROR <> 0)
$Err = $Err+1
$wri = WRITELINE (1, "$ErrMsg copying $HfxBatFil to $QchFile (@SERROR)" + $CR)
ENDIF
; REM ** Step 10 - Schedule running of batch file after desktop loaded
$wri = WRITEVALUE ("$HKCUSMWCV\RunOnce", "MyCompany_QChain_Hotfix", "$HfxBatFil", "REG_SZ") ; REM ** Key only visable to Administrator-level users
IF (@ERROR <> 0)
$Err=$Err+1
$wri = WRITELINE (1, "$ErrMsg scheduling HKCUSMWCV\RunOnce running of QChain batch file (@SERROR)" + $CR)
ENDIF
; REM ** Step 11 - if successfully reached this point w/out errors, write values into registry noting application of Hotfixes
IF ($Err <> 0)
$Msg = "Errors ($Err) in script processing, no registry updates performed"
ELSE
$QRegIdx=0
DO
$RunArticle = $ArrayFixArt[$QRegIdx]
$RunExeDate = $ArrayFixDat[$QRegIdx]
$RunExeFile = $ArrayFixFil[$QRegIdx]
$RunExePath = $ArrayFixPth[$QRegIdx]
$RunExeSize = $ArrayFixSiz[$QRegIdx]
$RunHotFix = $ArrayFixNum[$QRegIdx]
$RunSvcPack = $ArrayFixSvc[$QRegIdx]
$RunSwitch = $ArrayFixSwt[$QRegIdx]
; REM ** Write values to Company-specific section of the registry
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "AppliedDate", "$AppDate", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "AppliedTime", "$TmpTime", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "MyCompanyInstallScriptVer", "$LocalScriptVer", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "FileCmdLineSwitches", "$RunSwitch", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "FileDate", "$RunExeDate", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "FileName", "$RunExeFile", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "FilePath", "$RunExePath", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "FileSize", "$RunExeSize", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "InstalledBy", "@USERID", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "MSTechNetArticle", "$RunArticle", "REG_SZ")
; REM ** Write values to the 'standard' registry section MS looks to for info regarding installed Hotfixes
SELECT
CASE ($OS = "WinXP") $MSRegKey = "$HKLMSM\Updates\Windows XP\$RunSvcPack"
CASE ($OS = "Win2K") $MSRegKey = "$HKLMSM\Updates\Windows 2000\$RunSvcPack"
CASE ($OS = "WinNT") $MSRegKey = "$HKLMSMWNTCV\Hotfix"
ENDSELECT
$TmpText = "Windows Hotfix [see $RunArticle for more information]"
; REM ** Confirm MS Key exists, create if necessary. If already encoutered problems creating, do not keep trying
IF (EXISTKEY ("$MSRegKey\$RunArticle") <> 0)
$con = ADDKEY ("$MSRegKey\$RunArticle")
IF (@ERROR <> 0)
$Err = $Err+1
$wri = WRITELINE (1, "$ErrMsg adding Hotfix application reg key: $MSRegKey\$RunArticle (@SERROR)" + $CR)
GOTO "BypassMS"
ENDIF
ENDIF
; REM ** MyCompany-created values. Following are values defined within each specific O/S.
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "MyCompanyInstallScriptVer", "$LocalScriptVer", "REG_SZ")
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "FileCmdLineSwitches", "$RunSwitch", "REG_SZ")
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "FileDate", "$RunExeDate", "REG_SZ")
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "FileName", "$RunExeFile", "REG_SZ")
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "FilePath", "$RunExePath", "REG_SZ")
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "FileSize", "$RunExeSize", "REG_SZ")
IF ($OS = "WinNT")
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "Backup Dir", "", "REG_SZ") ; REM ** MS value
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "Comments", "$TmpText", "REG_SZ") ; REM ** MS value
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "Fix Description", "$TmpText", "REG_SZ") ; REM ** MS value
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "Installed", "1", "REG_DWORD") ; REM ** MS value
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "Installed By", "@USERID", "REG_SZ") ; REM ** MS value
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "Installed On", "$AppDate", "REG_SZ") ; REM ** MS value
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "Service Pack", "$ChkInsSP", "REG_DWORD") ; REM ** MS value
ELSE
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "InstalledBy", "@USERID", "REG_SZ") ; REM ** MS value
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "InstalledDate", "$AppDate", "REG_SZ") ; REM ** MS value
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "Description", "$TmpText", "REG_SZ") ; REM ** MS value
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "Type", "Update", "REG_SZ") ; REM ** MS value
$wri = WRITEVALUE ("$MSRegKey\$RunArticle", "UninstallCommand", "", "REG_SZ") ; REM ** MS value
ENDIF
IF (@ERROR <> 0)
$Err=$Err+1
$wri = WRITELINE (1, "$ErrMsg updating Hotfix application registry record (@SERROR)" + $CR)
ENDIF
:BypassMS
$QRegIdx=$QRegIdx+1
UNTIL $QRegIdx=$HLogIdx
ENDIF
GOTO "EndScript"
:Install_SRP
; REM ** For Windows NT systems that are missing specific security patches that are part of the post-SP6a SRP
IF EXIST ($SrpBatFil) = 1 ; REM ** Batch file should not exist if SRP being applied via this script
$Err = $Err+1
$TmpDate = GETFILEDATE ($SrpBatFil)
$TmpTime = GETFILETIME ($SrpBatFil)
$Msg = "Error, SRP batch file already exists on client system (Date: $TmpDate / Time: $TmpTime)"
GOTO "EndScript"
ENDIF
$RunHotFix = "SP6a Security Rollup Package"
$SrpExeFil = DIR ("$SrpExePth\*.exe")
IF (@ERROR <> 0)
$Msg = "$ErrMsg finding SRP executable: $SrpExePth\*.exe (@SERROR)"
GOTO "EndScript"
ENDIF
CLOSE (9) ; REM ** Opened in Step 6 prior to GOTO commands
$con = OPEN (9, "$SrpBatFil", 5)
$wri = WRITELINE (9, "$SrpExePth\$SrpExeFil $OsSwitch" + $CR)
$con = CLOSE (9)
$wri = WRITEVALUE ("$HKCUSMWCV\RunOnce", "MyCompanyInstallSRP", "$SrpBatFil", "REG_SZ") ; REM ** Key only visable to Administrator-level users
IF (@ERROR = 0)
$con = MESSAGEBOX ("!! WARNING !! Your system requires an updated Microsoft Service Pack. It will be installed when this login script process is complete. Your system will be automatically rebooted when installation completed in 10-30 minutes", "NOTICE", 64)
$Msg = "Success scheduling installation of post-SP6a Security Rollup Package"
$RunArticle = UCASE (SUBSTR ($RunExeFile, INSTR ($RunExeFile, "q"), 7)) ; REM ** Microsoft TechNet Article ID parsed from file name
$SrpInstall = "Yes" ; REM ** Bucket for additional warning message
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "AppliedDate", "$AppDate", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "AppliedTime", "$TmpTime", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "MyCompanyInstallScriptVer", "$LocalScriptVer", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "FileCmdLineSwitches", "$OsSwitch", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "FileDate", "", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "FileName", "$SrpExeFil", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "FilePath", "$SrpExePth", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "FileSize", "", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "InstalledBy", "$UserID", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "MSTechNetArticle", "$RunArticle", "REG_SZ")
ELSE
$Err=$Err+1
$Msg = "$ErrMsg scheduling installation of post-SP6a Security Rollup Package (@SERROR)"
ENDIF
GOTO "EndScript"
:Install_SvcPack
; #################################################################################
; ### A reminder - Service Packs are CUMULATIVE !! This means that the bugs ###
; ### fixed in a service pack are also fixed in subsequent service packs. ###
; #################################################################################
; REM ** Install SP based upon O/S and current SP level. Check if installed SP very old (none for Win2K, under SP5 for WinNT)
$RC = ($ChkCurSP - 1)
SELECT
CASE ($RC = $ChkValSP) ; REM ** Installed SP one level below current, okay to auto install
CASE ($RC > $ChkValSP) ; REM ** Installed SP more than 1 level below current, no auto install
$Err=$Err+1
$Msg = "Error - $OS installed service pack is seriously out-of-date (Installed: $OSSvc / Current: $CurSvcPack)"
GOTO "EndScript"
CASE ($RC < $ChkValSP) ; REM ** Installed SP greater than defined current, have admin investigate further
$Err=$Err+1
$Msg = "Error - $OS installed service pack is GREATER than defined current SP level (Installed: $OSSvc / Current: $CurSvcPack)"
GOTO "EndScript"
ENDSELECT
$wri = WRITELINE (1, "Verified okay to install latest service pack (Installed: $OSSvc / Current: $CurSvcPack)" + $CR)
; REM ** Confirm end-user can see SP files to install
$SvcExePth = "$SvcExePth\$CurSvcPack\Update"
IF EXIST ("$SvcExePth\$SvcExeFil") <> 1
$Err = $Err+1
$Msg = "Error - $SvcExePth\$SvcExeFil not found!"
GOTO "EndScript"
ENDIF
; REM ** Delete installation batch file if exists.
IF EXIST ($SvcBatFil) = 1
DEL $SvcBatFil
IF (@ERROR <> 0)
$Err = $Err+1
$Msg = "$ErrMsg deleting file $SvcBatFil (@ERROR)"
GOTO "EndScript"
ENDIF
ENDIF
; REM ** Alert user to install attempt, provide x-times opt-out capability before forcing update via this script
$RunHotFix = "$CurSvcPack"
$RC = EXISTKEY ("$RegKey\$RunHotFix")
IF ($RC <> 0)
$con = ADDKEY ("$RegKey\$RunHotFix")
IF (@ERROR <> 0)
$Err = $Err+1
$Msg = "$ErrMsg adding key $RegKey\$RunHotFix (@SERROR)"
GOTO "EndScript"
ENDIF
ENDIF
$SkipDte = READVALUE ("$RegKey\$RunHotFix", "SkippedInstallDate")
$SkipTim = READVALUE ("$RegKey\$RunHotFix", "SkippedInstallTime")
$SkipUsr = READVALUE ("$RegKey\$RunHotFix", "SkippedInstallUser")
$SkipCnt = VAL (READVALUE ("$RegKey\$RunHotFix", "SkippedInstallCount"))
IF ($SkipCt <= $SvcSkipMax)
$RC = MESSAGEBOX ("!! WARNING !! Your system does not have the most current Service Pack installed. Would you like to install it now? This may take 10-30min to complete. Select YES to continue installation. Select NO to delay installation until next login.", "NOTICE", 4116)
IF ($RC = 7) ; REM ** NO button selected
$SvcSkipCnt = $SkipCnt + 1
$RemainCnt = ($SvcSkipMax - $SvcSkipCnt)
IF ($SkipCnt < 1)
$con = MESSAGEBOX ("You have elected to skip installation of the Service Pack. You have $RemainCnt login attempts before this process will be performed automatically.", "NOTICE", 4112)
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "SkippedInstallCount", "$SvcSkipCnt", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "SkippedInstallDate", "$AppDate", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "SkippedInstallTime", "$TmpTime", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "SkippedInstallUser", "$UserID", "REG_SZ")
$wri = WRITELINE (1, "Skipped Service Pack update to $CurSvcPack by end-user selection (Remaining passes: $RemainCnt)" + $CR)
ELSE
$con = MESSAGEBOX ("You have elected to skip installation of the Service Pack. You last skipped this process on $SkipDte. You have $RemainCnt login attempts before this process will be performed automatically.", "NOTICE", 4112)
$SvcSkipDte = $SkipDte + " , " + $AppDate ; REM ** Store values as: last pass / previous pass / first pass - for historical reference
$SvcSkipTim = $SkipTim + " , " + $TmpTime
$SvcSkipUsr = $SkipUsr + " , " + "$UserID"
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "SkippedInstallCount", "$SvcSkipCnt", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "SkippedInstallDate", "$SvcSkipDte", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "SkippedInstallTime", "$SvcSkipTim", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "SkippedInstallUser", "$SvcSkipUsr", "REG_SZ")
$wri = WRITELINE (1, "Skipped Service Pack update to $CurSvcPack by end-user selection (Remaining passes: $RemainCnt)" + $CR)
ENDIF
GOTO "EndScript"
ENDIF
ENDIF
; REM ** Begin process for installing most current SP
$con = OPEN (9, "$SvcBatFil", 5)
$wri = WRITELINE (9, "$SvcExePth\$SvcExeFil $SvcSwitch" + $CR)
$con = CLOSE (9)
$wri = WRITEVALUE ("$HKCUSMWCV\RunOnce", "MyCompanyInstallServicePack", "$SvcBatFil", "REG_SZ") ; REM ** Key only visable to Administrator-level users, runs after login script processor
IF (@ERROR = 0)
$con = MESSAGEBOX ("!! WARNING !! Your system requires an updated Microsoft Service Pack. It will be installed when this login script process is complete. Your system will be automatically rebooted when installation completed in 10-30 minutes", "NOTICE", 64)
$Msg = "Success scheduling installation of $CurSvcPack"
$SvcInstall = "Yes" ; REM ** Bucket for additional warning message
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "AppliedDate", "$AppDate", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "AppliedTime", "$TmpTime", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "MyCompanyInstallScriptVer", "$LocalScriptVer", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "FileCmdLineSwitches", "$SvcSwitch", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "FileDate", "", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "FileName", "$SvcExeFil", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "FilePath", "$SvcExePth", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "FileSize", "", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "InstalledBy", "$UserID", "REG_SZ")
$wri = WRITEVALUE ("$RegKey\$RunHotFix", "MSTechNetArticle", "n/a", "REG_SZ")
ELSE
$Err=$Err+1
$Msg = "$ErrMsg scheduling installation of $CurSvcPack (@SERROR)"
ENDIF
:EndScript
IF ($Err = 0)
$Msg = "Success running entire Hotfix / Service Pack process"
$Status = $Updat
ENDIF
RETURN
[ 09 July 2002, 21:27: Message edited by: bleonard ]
|
|
Top
|
|
|
|
|
#67931 - 2002-07-09 09:08 PM
Re: Updates vis Kix ??
|
futte
Fresh Scripter
Registered: 2002-07-02
Posts: 49
Loc: Denmark
|
Hello
It's a nice script you have made there
Thanks I have now made a little script that rools out the servicepack 2 for windows 2000 pro, and it works, but i have 1 more questions.
How do i regonize in witch language the exixting version are installed ? Ex. Windows 2000 pro.
Thanks
|
|
Top
|
|
|
|
|
#67934 - 2002-07-09 09:32 PM
Re: Updates vis Kix ??
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11631
Loc: CA
|
Here futte... mines not as extensive as Bills ![[Razz]](images/icons/tongue.gif)
But should do the trick as well for just SP levels.
code:
; *** File Name: SPUPDATE.KIX *** v1.0
; *** Date Created: 2001-11-28 by Ron Lewis (NTDOC)
; *** Last Date Modified: 2001-11-29 7:30 pm PST - By Ron Lewis (NTDOC)
; *** Comments: Checks NT/2000 systems to see if they are on a current Service Pack level
; *** and if it can be installed or not via this logon script based upon prerequisite checks.
; *** This file is called by LOGON.KIX and resides on the master
; *** domain in the \NETLOGON folder of all domain controllers and
; *** in the export directory for the domain PDC
; *** Logging servers for reports and source files are: xxx, xxx, xxx, xxx
; *** NOTE: Code designed for KiXtart v3.63
; *** The folder SP should be shared from each source server. Then under SP there are 2 folders
; *** NT4 and WIN2K each of those are the expanded Service Packs for each OS under I386 for a common path.
; *** Assumes most users are local administrators of the system. Logs systems where user is not admin for manual updates by
; *** someone who is a local admin.
BREAK ON
$logsrv = "xx02"
$DiskSpace = GetDiskSpace("C:\") /1024
$SRVR = ReadValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions", "ProductType")
$OkToClear = "no" ; Setting to allow deletion of the log files for tracking purposes.
IF (@inwin = 1)
$NT_mode="yes"
ELSE
$NT_mode="no"
GOTO END ;System is a Win9x which does not require a Service Pack update.
ENDIF
IF INGROUP("\\@WKSTA\Administrators") <>0 ; user is a local admin
$RegUse = "HKEY_LOCAL_MACHINE"
$IsAdmin = "yes"
ELSE
$RegUse = "HKEY_CURRENT_USER" ; user is not a local admin
$IsAdmin = "no"
ENDIF
; Check and create the SPCHECK key if not found.
IF (ExistKey("$RegUse\SOFTWARE\mycompany\SPCHECK")) ; If key is found this routine is jumped
$nul = AddKey ("$RegUse\SOFTWARE\mycompany\SPCHECK")
$nul = WRITEVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","counter", "0", "REG_DWORD")
$nul = WRITEVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","install", "2", "REG_DWORD")
ENDIF
SELECT
CASE (SUBSTR(@IPADDRESS0,1,11)) = "170. 16.115"
$logsrv = "xx40"
$spserver = "xx40"
CASE (SUBSTR(@IPADDRESS0,1,7)) = "125.105"
$logsrv = "xx02"
$spserver = "xx02"
CASE (SUBSTR(@IPADDRESS0,1,7)) = "155. 2"
$logsrv = "xx50"
$spserver = "xx50"
CASE 1
$logsrv = "xx02"
$spserver = "unknown"
ENDSELECT
GOSUB "OSCHECK"
IF $IsAdmin = "no"
GOSUB "COUNTER"
GOTO LOGFILE ; User is not an Admin so we can't update the Service Pack
GOTO END
ENDIF
IF $DiskSpace < 200
GOSUB "COUNTER"
GOTO LOGFILE ; System does not have enough free diskspace to update the Service Pack
GOTO END
ENDIF
IF $spserver = "unknown" ; Log and quit the update since they may be coming across the WAN instead of the LAN and update will take too long.
GOSUB "LOGFILE"
GOTO END
ENDIF
GOSUB "SPCHECK"
GOTO END
:SPCHECK
IF ($os_type="W2KTS" OR $os_type="W2K")
$os_val = SP\WIN2K\i386 ;Set path variable for using the correct OS Service Pack update.
ELSE
$os_val = SP\NT4\i386
ENDIF
;Set the switches for the SP update.
; -u=Unattended, -f=Force other apps to close at shutdown, -n=Do not bckup files for uninstall, -o=Overwrite OEM files without prompting
; -z=Do not reboot when installation is complete, -q=Quiet mode - no user interaction (i.e. silent install), -s:<dir>=Integrate Service Pack files into <dir>
$UpDate = '%comspec% /c "\\$spserver\$os_val\update\update.exe -u -f"'
SELECT
CASE ($os_type="W2KTS" OR $os_type="W2K") AND $splevel < 2
GOSUB "LOGFILE"
IF $SRVR<>"WinNT"
$MsgAlert = MESSAGEBOX("NOTICE: This system is running Windows 2000 Server (SP$splevel) which does not appear to be the latest Service Pack. Please install the latest service pack for this system.", "Service Pack Check", 4112)
ELSE
IF READVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","install")<>"0" ; If setting is 0 then we assume our update has already happened, quit this routine.
IF $SRVR="WinNT"
IF READVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","install")="1" ;If setting is 1 then start the update
$nul = WRITEVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","install", "0", "REG_DWORD")
SHELL $UpDate
ELSE
$MsgAlert = MESSAGEBOX("NOTICE: This system is running Windows 2000 (SP$splevel) which does not appear to be the latest Service Pack. Would you like to run the update now? (This may take up to 30 minutes or more to complete depending on network speed) If you choose CANCEL, the update will run automatically the next time you logon without asking you. This script will attempt to install the Service Pack update for your system now if you choose OK. Once completed your system will be automatically restarted. Please contact the Helpdesk if you experience any problems. Helpdesk xxx-xxx-xxxx", "Service Pack Check", 4401)
IF $MsgAlert = 2 ; User chose CANCEL
$nul = WRITEVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","install", "2", "REG_DWORD") ;Set value to 2 here, the counter will then set it to 1 for next logon.
ELSE
$nul = WRITEVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","install", "0", "REG_DWORD") ;User chose OK, so start the update and change the Registry value.
SHELL $UpDate ;Run SP2 update
ENDIF
ENDIF
ENDIF
ENDIF
ENDIF
CASE ($os_type="NT4") AND $splevel < 6
GOSUB "LOGFILE"
IF $SRVR<>"WinNT"
$MsgAlert = MESSAGEBOX("NOTICE: This system is running Windows NT 4.0 Server (SP$splevel) which does not appear to be the latest Service Pack. Please install the latest service pack for this system.", "Service Pack Check", 4112)
ELSE
IF READVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","install")<>"0" ; If setting is 0 then we assume our update has already happened, quit this routine.
IF $SRVR="WinNT"
IF READVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","install")="1" ;If setting is 1 then start the update
$nul = WRITEVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","install", "0", "REG_DWORD")
? "Code is set to 1 SP6a should now start installing"
SHELL $UpDate
;Run update code
ELSE
$MsgAlert = MESSAGEBOX("NOTICE: This system is running Windows NT 4.0 (SP$splevel) which does not appear to be the latest Service Pack. Would you like to run the update now? (This may take up to 30 minutes or more to complete depending on network speed) If you choose CANCEL, the update will run automatically the next time you logon without asking you. This script will attempt to install the Service Pack update for your system now if you choose OK. Once completed your system will be automatically restarted. Please contact the Helpdesk if you experience any problems. Helpdesk xxx-xxx-xxxx", "Service Pack Check", 4401)
IF $MsgAlert = 2 ; User chose CANCEL
$nul = WRITEVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","install", "2", "REG_DWORD") ;Set value to 2 here, the counter will then set it to 1 for next logon.
ELSE
$nul = WRITEVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","install", "0", "REG_DWORD") ;User chose OK, so start the update and change the Registry value.
SHELL $UpDate ;Run SP6a update
ENDIF
ENDIF
ENDIF
ENDIF
ENDIF
CASE 1 ;Unknown problem
RETURN
ENDSELECT
IF $OkToClear = "yes" ;Used to delete log files once a system has been updated, otherwise the old log files won't get cleaned up.
GOSUB "CLEARLOG"
ENDIF
GOSUB "COUNTER"
RETURN
GOTO END
:COUNTER
IF $RegUse = "HKEY_CURRENT_USER" ; Don't update install value no software can be installed. We will use counter to see how many times user logs on and log it.
$TempCounter = val(READVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","counter"))+1 ; Increments the counter value as a means to see how many times the user logs in.
$nul = WRITEVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","counter", "$TempCounter", "REG_DWORD")
ENDIF
IF $RegUse = "HKEY_LOCAL_MACHINE" ; Don't update counter value we are going to update install key for the Service Pack update
IF READVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","install")<>0 ;Once key is at 0 we don't want to try subtracting by -1 as it may corrupt the value
$TempInstall = val(READVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","install"))-1
$nul = WRITEVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","install", "$TempInstall", "REG_DWORD")
ENDIF
$TempCounter = val(READVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","counter"))+1 ; Increments the counter value as a means to see how many times the user logs in.
$nul = WRITEVALUE("$RegUse\SOFTWARE\mycompany\SPCHECK","counter", "$TempCounter", "REG_DWORD")
ENDIF
RETURN
:OSCHECK ; Checks the operating system version. NOTICE: Windows 2000 SP3 beta is not supported at this time. System reads it as SP1
$os=""
$os_dos=@dos
$os_product=ReadValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions","ProductType")
$os_productSuite=ReadValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions","ProductSuite")
$os_service_pack=""
$os_subversion=ReadValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion","SubVersionNumber")
SELECT
CASE ($NT_mode = "yes") AND ($os_product <> "WinNT") AND ($os_dos = "5.0") AND ($os_productSuite = "Enterprise|Terminal Server|") ; - Windows 2K Terminal Server
$os="W2KTS_Terminal_Server"
CASE ($NT_mode = "yes") AND ($os_product <> "WinNT") AND ($os_dos = "5.1") ; - Windows XP Server
$os="WXP_Server"
CASE ($NT_mode = "yes") AND ($os_product = "WinNT") AND ($os_dos = "5.1") ; - Windows XP Professional
$os="WXP_Professional"
CASE ($NT_mode = "yes") AND ($os_product <> "WinNT") AND ($os_dos = "5.0") ; - Windows 2000 Server
$os="W2K_Server"
CASE ($NT_mode = "yes") AND ($os_product = "WinNT") AND ($os_dos = "5.0") ; Windows 2000 Professional
$os="W2K_Professional"
CASE ($NT_mode = "yes") AND ($os_product = "LANMANNT") ; - Windows NT -
$os="NT4_Domain_Controller"
CASE ($NT_mode = "yes") AND ($os_product = "ServerNT")
$os="NT4_Member_Server"
CASE ($NT_mode = "yes") AND ($os_product = "WinNT")
$os="NT4"
CASE ($NT_mode <> "yes") AND (@dos = "4.90")
$os="ME"
CASE ($NT_mode <> "yes") AND ($os_dos = "4.10") AND (INSTR(LCASE($os_subversion),"c") <> 0) ; - Windows 98 -
$os="W98c"
CASE ($NT_mode <> "yes") AND ($os_dos = "4.10") AND (INSTR(LCASE($os_subversion),"b") <> 0)
$os="W98b"
CASE ($NT_mode <> "yes") AND ($os_dos = "4.10") AND (INSTR(LCASE($os_subversion),"a") <> 0)
$os="W98a"
CASE ($NT_mode <> "yes") AND ($os_dos = "4.10")
$os="W98"
CASE ($NT_mode <> "yes") AND ($os_dos = "4.0") AND (INSTR(LCASE($os_subversion),"c") <> 0) ; - Windows 95 -
$os="W95c"
CASE ($NT_mode <> "yes") AND ($os_dos = "4.0") AND (INSTR(LCASE($os_subversion),"b") <> 0)
$os="W95b"
CASE ($NT_mode <> "yes") AND ($os_dos = "4.0") AND (INSTR(LCASE($os_subversion),"a") <> 0)
$os="W95a"
CASE ($NT_mode <> "yes") AND ($os_dos = "4.0")
$os="W95"
CASE 1
$os="???" ; - undetermined -
ENDSELECT
$os_service_pack=""
IF ($NT_mode = "yes")
$os_service_pack=ReadValue("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion","CSDVersion")
IF (len($os_service_pack) <> 0)
$os=$os+" SP"+substr($os_service_pack,len($os_service_pack),1)
$splevel = substr($os_service_pack,len($os_service_pack),1)
ENDIF
ENDIF
$os_type=""
$os_dos=@dos
SELECT
CASE ($NT_mode = "yes") AND ($os_dos = "5.0") AND ($os_productSuite = "Enterprise|Terminal Server|") ; - Windows 2000 Terminal Server -
$os_type="W2KTS"
CASE ($NT_mode = "yes") AND ($os_dos = "5.1") ; - Windows XP -
$os_type="WXP "
CASE ($NT_mode = "yes") AND ($os_dos = "5.0") ; - Windows 2000 -
$os_type="W2K "
CASE ($NT_mode = "yes") ; - Windows NT -
$os_type="NT4 "
CASE ($NT_mode <> "yes") AND ($os_dos = "4.90") ; - Windows ME -
$os_type="ME"
CASE ($NT_mode <> "yes") AND ($os_dos = "4.10") ; - Windows 98 -
$os_type="W98"
CASE ($NT_mode <> "yes") AND ($os_dos = "4.0") ; - Windows 95 -
$os_type="W95"
CASE 1
$os_type="???" ; - undetermined -
ENDSELECT
$os_type=LTRIM(RTRIM(substr($os_type+" ",1,5)))
RETURN
:LOGFILE ; Log system information for tracking purposes. Systems where the user is not a local Admin will require someone with Admin rights to visit the system and update it.
$CounterValue = ReadValue("$RegUse\SOFTWARE\mycompany\SPCHECK","counter")
IF EXIST ("\\"+$logsrv+"\LOGS\SPCHECK\"+@WKSTA+"."+@ADDRESS+".LOG")
DEL ("\\"+$logsrv+"\LOGS\SPCHECK\"+@WKSTA+"."+@ADDRESS+".LOG")
ENDIF
IF OPEN(1,"\\"+$logsrv+"\LOGS\SPCHECK\"+@WKSTA+"."+@ADDRESS+".LOG", 5)= 0
$out = WriteLine(1, @DATE+"*"+@TIME+"*"+@USERID+"*"+@COMMENT+"*"+$commentNT+"*"+@FULLNAME+"*"+@lserver+"*"+@HOMEDIR+"*"+@HOSTNAME+"*"+@IPADDRESS0+"*"+@ADDRESS+"*"+@WKSTA+"*"+$os+"*"+$DiskSpace+"*"+$IsAdmin+"*"+$CounterValue+"*"+$spserver+"*"+$CRLF)
$nul = CLOSE(1)
ENDIF
RETURN
:CLEARLOG ; Delete log files for systems that are now running the correct Service Pack level.
SELECT
CASE ($os_type="W2KTS" OR $os_type="W2K") AND $splevel = 2
IF EXIST ("\\"+$logsrv+"\LOGS\SPCHECK\"+@WKSTA+"."+@ADDRESS+".LOG")
DEL ("\\"+$logsrv+"\LOGS\SPCHECK\"+@WKSTA+"."+@ADDRESS+".LOG")
ENDIF
CASE ($os_type="NT4") AND $splevel = 6
IF EXIST ("\\"+$logsrv+"\LOGS\SPCHECK\"+@WKSTA+"."+@ADDRESS+".LOG")
DEL ("\\"+$logsrv+"\LOGS\SPCHECK\"+@WKSTA+"."+@ADDRESS+".LOG")
ENDIF
CASE 1 ;Do nothing
ENDSELECT
RETURN
:END
RETURN
|
|
Top
|
|
|
|
#67935 - 2002-07-10 01:52 PM
Re: Updates vis Kix ??
|
futte
Fresh Scripter
Registered: 2002-07-02
Posts: 49
Loc: Denmark
|
Hey again
I have a question for NTDOC. !!
Why are you using the "$nul" variable when you use "AddKey, WriteValue" ??
And why are you using the "$button" variable when you are using the "Messagebox" ??
Thanks
|
|
Top
|
|
|
|
|
#67937 - 2002-07-10 02:00 PM
Re: Updates vis Kix ??
|
futte
Fresh Scripter
Registered: 2002-07-02
Posts: 49
Loc: Denmark
|
Thanks it makes sens
|
|
Top
|
|
|
|
Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart
|
0 registered
and 483 anonymous users online.
|
|
|
