Jump to content

Systems Update Server

Recommended Posts

-Well, hardly, but a slightly more efficient approach than Windows Update for patching multiple computers.

; ***********************************************************************

; The Poor Man's Systems Update Server. 

; A simple Windows security-patch deployment script for small networks. 
; Caters for multiple OS versions, each having its own source-folder. 
; Installs patches silently where possible to avoid user-hassle. 
; Usage: Compile with Autoit 3.1+ and place on a server share.
; Make one or more subfolders under the executable's location,
; whose names must match the (AutoIt) ID for the OS versions
; to be patched, e.g WIN_2000, WIN_XP
; Get patches using the adminstrator mode of Windows Update. 
; Place the required patches in each folder.
; Other non-Microsoft executables can also be included where suitable. 
; Call from the logon script, or launch with a startup shortcut.
; Status: Tested, needs a little polishing but deployable as-is.
; Presently only supports executable patches, might add .msi support later.

; ***********************************************************************

; Determine OS running, and appropriate patch-folder:

$PatchFolder=@ScriptDir & '\' & @OSVersion

; You might want to put the logs on a server share for easier checking,
; by default they're in the Windows/WINNT folder. 
$Patchini= @WindowsDir & '\' & 'Patchlog.ini'


; Check for commandline switches: 
; doFailed=Repeat the failures (and do new) 
; doAll=Repeat whole sequence, missing none. 

if $cmdLine[0]>0 then
 if StringInStr($cmdLine[1],"/f") then
 if StringInStr($cmdLine[1],"/a") then

; Enumerate patch folder:

$_pathtoscan = $PatchFolder & '\*.exe'
$_spSearch = FileFindFirstFile ( $_pathtoscan )

If $_spSearch = -1 Then
  ;  MsgTip(0, "PatchError", "No patches found for this OS")

; Main Loop:

While 1

; Get a file in the patch folder
$file = FileFindNextFile($_spSearch)
If @error Then ExitLoop

; See if the patch has been installed already, and if the install was a success:
; (Patches get two tries at installing, after which they're flagged as bad)

$logentry = IniRead ($Patchini,'Installed',$file,-1)

if $doAll=0 then
 if $logentry = 'Success' then continueloop; Installed previously.
 if $logentry = 'Manual' then continueloop; Hopefuly installed manually.
 if $logentry = 'RebootSuccess' then continueloop; Installed, reboot needed. No need to repeat.
 if $doFailed=0 then
  if $logentry = 'Failed' then continueloop; Repeated failure, so stop trying.

$PatchPath = $PatchFolder & '\' & $file

; Make a shortname for the Tray Tip: 
if $kbpos > 0 then
 if $chars < 1 then $chars = stringlen($shortname)
 $shortname= stringmid($shortname,$kbpos,$chars)

; We do recent Win2000 and Windows XP KBnnnn patches silently. 
; Earlier W2000 patches are too varied in switch syntax for any consistent method,
; so in this case we just let the user do the clicking. 
; Names of the 'silent-capable' patches start with the word 'Windows' and contain the strings '-kb' and '-x86'
; Here I'm just testing for 'Windows' which seems adequate.

if stringleft($file,7)='windows' then 

TrayTip ('MyLogon Patch Installer:','Installing Security Update: ' & $shortname & ' ',5)

; Ask user if it's OK to patch computer just now: 
if $ok2patch=0 then
 $msg=msgbox(36,"Security Patch Delivery", "Security patches are available for your computer. Do you wish to install them now?",60)
 if $msg=6 then


if $silent = 1 then
 $retcode = RunWait($patchpath & ' /Q /Z /M')
 IniWrite ($Patchini,'Installed',$file,'Manual') 
 $retcode = RunWait($patchpath)

; Make logfile-entry according to patch returncode: 
 case $retcode=0
  IniWrite ($Patchini,'Installed',$file,'Success')
 case $retcode=3010
  IniWrite ($Patchini,'Installed',$file,'RebootSuccess')
  if $nonstop=0 then
   $msg=msgbox(36,'Install more Patches?' , 'For best results, no more patches should be installed until after a restart of the computer. However, if you are a laptop-user who rarely has access to updates, you might prefer to install all of the available patches at once. Press Yes to install more patches now. Otherwise press No, or wait a few seconds.',60) 
   if $msg = 6 then
    TrayTip ('MyLogon Patch Installer:','Pausing here until next reboot',5)
    exitloop; do only one if reboot needed. 
 case else 
  if $logentry = 'Aborted' then 
   IniWrite ($Patchini,'Installed',$file,'Failed') 
   if $doFailed=0 then IniWrite ($Patchini,'Installed',$file,'Aborted')
  sleep(10000); wait for process to end before repeating


; End main loop.


; Sign-off the log with date of last run, and number of times run:
$RunCount = IniRead ($Patchini,'Log','RunCount',0) +1
IniWrite ($Patchini,'Log','RunCount',$RunCount)
IniWrite ($Patchini,'Log','LastRun',@Year & '/' & @Mon & '/' & @Mday)

Link to post
Share on other sites

nice code

i'll try it later but it looks nice

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...