Systems Update Server

[Selmak]

-Well, hardly, but a slightly more efficient approach than Windows Update for patching multiple computers.

expandcollapse popup

; ***********************************************************************

; The Poor Man's Systems Update Server. 

; A simple Windows security-patch deployment script for small networks. 
; Caters for multiple OS versions, each having its own source-folder. 
; Installs patches silently where possible to avoid user-hassle. 
;
; Usage: Compile with Autoit 3.1+ and place on a server share.
;
; Make one or more subfolders under the executable's location,
; whose names must match the (AutoIt) ID for the OS versions
; to be patched, e.g WIN_2000, WIN_XP
;
; Get patches using the adminstrator mode of Windows Update. 
; Place the required patches in each folder.
; Other non-Microsoft executables can also be included where suitable. 
;
; Call from the logon script, or launch with a startup shortcut.
;
; Status: Tested, needs a little polishing but deployable as-is.
; Presently only supports executable patches, might add .msi support later.

; ***********************************************************************

; Determine OS running, and appropriate patch-folder:

$PatchFolder=@ScriptDir & '\' & @OSVersion

; You might want to put the logs on a server share for easier checking,
; by default they're in the Windows/WINNT folder. 
$Patchini= @WindowsDir & '\' & 'Patchlog.ini'

$ok2patch=0
$nonstop=0
$silent=0

; Check for commandline switches: 
; doFailed=Repeat the failures (and do new) 
; doAll=Repeat whole sequence, missing none. 

$doFailed=0
$doAll=0
if $cmdLine[0]>0 then
 if StringInStr($cmdLine[1],"/f") then
   $doFailed=1
  endif
 if StringInStr($cmdLine[1],"/a") then
   $doAll=1
  endif
endif

; Enumerate patch folder:

$_pathtoscan = $PatchFolder & '\*.exe'
$_spSearch = FileFindFirstFile ( $_pathtoscan )

If $_spSearch = -1 Then
  ;  MsgTip(0, "PatchError", "No patches found for this OS")
   exit
EndIf

; Main Loop:

While 1

; Get a file in the patch folder
$file = FileFindNextFile($_spSearch)
If @error Then ExitLoop

; See if the patch has been installed already, and if the install was a success:
; (Patches get two tries at installing, after which they're flagged as bad)

$logentry = IniRead ($Patchini,'Installed',$file,-1)

if $doAll=0 then
 if $logentry = 'Success' then continueloop; Installed previously.
 if $logentry = 'Manual' then continueloop; Hopefuly installed manually.
 if $logentry = 'RebootSuccess' then continueloop; Installed, reboot needed. No need to repeat.
 if $doFailed=0 then
  if $logentry = 'Failed' then continueloop; Repeated failure, so stop trying.
 endif
endif

$PatchPath = $PatchFolder & '\' & $file

; Make a shortname for the Tray Tip: 
$shortname=$file
$kbpos=stringinstr($shortname,'-kb')+1
if $kbpos > 0 then
 $chars=stringinstr($shortname,'-x86')-$kbpos
 if $chars < 1 then $chars = stringlen($shortname)
 $shortname= stringmid($shortname,$kbpos,$chars)
endif

; We do recent Win2000 and Windows XP KBnnnn patches silently. 
; Earlier W2000 patches are too varied in switch syntax for any consistent method,
; so in this case we just let the user do the clicking. 
; Names of the 'silent-capable' patches start with the word 'Windows' and contain the strings '-kb' and '-x86'
; Here I'm just testing for 'Windows' which seems adequate.

if stringleft($file,7)='windows' then 
 $silent=1
else
 $silent=0
endif

TrayTip ('MyLogon Patch Installer:','Installing Security Update: ' & $shortname & ' ',5)

; Ask user if it's OK to patch computer just now: 
if $ok2patch=0 then
 $msg=msgbox(36,"Security Patch Delivery", "Security patches are available for your computer. Do you wish to install them now?",60)
 if $msg=6 then
  $ok2patch=1
 else
  exitloop
 endif
endif

sleep(3000)

if $silent = 1 then
 $retcode = RunWait($patchpath & ' /Q /Z /M')
else
 IniWrite ($Patchini,'Installed',$file,'Manual') 
 $retcode = RunWait($patchpath)
endif

; Make logfile-entry according to patch returncode: 
select
 case $retcode=0
  IniWrite ($Patchini,'Installed',$file,'Success')
 case $retcode=3010
  IniWrite ($Patchini,'Installed',$file,'RebootSuccess')
  if $nonstop=0 then
   $msg=msgbox(36,'Install more Patches?' , 'For best results, no more patches should be installed until after a restart of the computer. However, if you are a laptop-user who rarely has access to updates, you might prefer to install all of the available patches at once. Press Yes to install more patches now. Otherwise press No, or wait a few seconds.',60) 
   if $msg = 6 then
    $nonstop=1
   else
    TrayTip ('MyLogon Patch Installer:','Pausing here until next reboot',5)
    sleep(2000)
    exitloop; do only one if reboot needed. 
   endif
  endif 
 case else 
  if $logentry = 'Aborted' then 
   IniWrite ($Patchini,'Installed',$file,'Failed') 
  else
   if $doFailed=0 then IniWrite ($Patchini,'Installed',$file,'Aborted')
  endif
  sleep(10000); wait for process to end before repeating
endselect


Wend

; End main loop.

FileClose($_spSearch)

; Sign-off the log with date of last run, and number of times run:
$RunCount = IniRead ($Patchini,'Log','RunCount',0) +1
IniWrite ($Patchini,'Log','RunCount',$RunCount)
IniWrite ($Patchini,'Log','LastRun',@Year & '/' & @Mon & '/' & @Mday)

exit

[Pakku]

nice code

i'll try it later but it looks nice

[Selmak]

nice code

i'll try it later but it looks nice

I've posted a zip - save you cutting and pasting.