Guest bcc-bits Posted July 22, 2004 Share Posted July 22, 2004 Hi, I'd like to automate the automatic windows update in the tray icon with AutoIt 2 or 3. I know about the settings in the registry to schedule the installation for a given time, but that's not what I need. During an unattended XP installation I'd like to complete the installation by activating the "updates are waiting to install" icon automatically during the login-once connection. Is that possible with AutoIt? Regards B. Link to comment Share on other sites More sharing options...
Beastmaster Posted July 22, 2004 Share Posted July 22, 2004 Well, we've realized that right after the setup of XP from an image, with it's first connection to the internet (to download the patches), the box has been infected.login-once connectionIf that will need some time you have a good chance to get that "warm feeling" too. Therefore ask a friend/neighbour/William Gates III. for a CD with all available patches (if Bill is ignoring you constantly check your favourite PC-Magazine). Done this, you'll be prepared/save to download that tiny-BillyBoyToy-103MB-last-minute-patch.Good luck !Yep. Of course you can accomplish that task using AutoIt2/AutoHotkey/AutoIt3, but more on a daily basis to get the latest, unlike the basic update (see above). Link to comment Share on other sites More sharing options...
Guest bcc-bits Posted July 22, 2004 Share Posted July 22, 2004 @Beastmaster, thanks for the reply. The patches are already on that machine (that's what the try icon indicates). The unattended installation (not image!) is already finished, as the desktop/explorer installation is the last stuff to be done before the final reboot and the user can start using the machine. SUS is configured to update the system on a daily base from our site's SUS server. BUT: .... the initiali patch deployment is a bunch of installation and taking about 20 to 30 minutes. At the moment the sysadmin has to login after the unattended install finished and click on the tray icon (a windows pops up and the admin has to click "install") to start the deployment. After that 20-30 minutes the machine is ready for the user to be delivered to his desk. I want to eliminate that admin login. Admin has to start the unattended installation and simply come back when it's completly finished (a mail generated by the machine telling us ... "installation PC0815 done!"), but not arrive to login/click install and leave again ... It's just: *click on the tray icon (that's the only problem I have to solve) *wait for the informational window to appear and click "install" -> no probleme for AUTOIT *Wait for the "finished" window -> that's easy with autoit as well -> then reboot the station. Regards ... B. Link to comment Share on other sites More sharing options...
Beastmaster Posted July 22, 2004 Share Posted July 22, 2004 I guess, we would end up in an image (tray icon) recognition issue as its position often changes. Unfortunately the tray's control doesn't deliver anything usefull. IMHO the command line is the safest way to trigger a task. Maybe this one is usefull ...Security Patch Scripts for Microsoft Windows NT 4.0 / 2000 / XP... Command line rocks. Things can happen faster that way. And it's easier to automate at a basic level ...[ WinPatch - FAQ ] -------What:Security / hotfix patch scripts for Windows NT 4.0 / 2000 / XP (does not apply to Win9x systems due to lack of lack of account-based security context and RPC mechanisms). Why: To increase operating system security, reliability, and overall effectiveness as productivity tools (and to reduce OS vulnerabilities for Windows systems as much as possible). As a system administrator responsible for a number of Windows machines and considering the large number of corporations still apparently not proactively securing their networks, I have decided to make available the patching methodology I use to keep my systems up to date against insecure coding practices from Microsoft. Each day I hear about another security issue and how Company X was exploited by a vulnerability for which there existed a patch a month or more prior (Blaster, Slammer, etc.). I am not a believer of Microsoft's secure-coding practices nor their laughable, out-of-the-box security configuration, and since most corporations will continue to use Microsoft's operating systems as their business platforms with default security settings, the only way to maintain user productivity is to proactively defend against new potential exploits by securing the core operating system as well as implementing best practices to all users. How: Basic batch scripts that can be ran via domain logon scripts, Group Policies, drive shares, CD media, etc., to be distributed to machines running within a domain environment to automate patching without the need for third-party utilities like UpdateEXPERT or administrative methods such as SMS, SUS, Automatic Updates, and most importantly, WindowsUpdate as using a web browser itself can be a security issue (it's been said that WindowsUpdate doesn't always install patches reliably anyway). As of this update, these patch scripts are not "perfect." I don't consider myself an expert script writer but these scripts should be a starting point to enable any Windows sysadmin to automated the patching process for their end user systems. This is a work-in-progress and this website will be updated as my time allows and as Microsoft releases new security bulletins. For each of these scripts, you will need to: Determine the hotfixes that you require for your environment - consider such factors such as desktop or server-based applications which may be impacted by these patches. Microsoft tends to release bad patches from time to time, so be sure to test new patches before deploying them! Determine the current patch levels for your systems. I use a command line tool such as Hfnetchk 3.86 or the Microsoft Baseline Security Analyzer 1.1.1 (for all you GUI fans). Download the individual patch files from Microsoft (use the URL syntax http://support.microsoft.com/?kbid=(hotfix number) - for example: http://support.microsoft.com/?kbid=824146). I don't provide them here since you should never trust executable files from someone you don't know (after all, how can you be sure that I didn't trojan the executables?). Keep your documentation up-to-date as to which machines have which patches applied. Download the Resource Kit utilities reg.exe, sleep.exe, and qfecheck.exe. Modify the scripts as needed to work for your specific environment. Season to taste. Each of the following scripts assumes that the base Service Pack is installed on the operating system (SP-6a for Windows NT 4.0, SP-3 for Windows 2000, SP-1 or SP-1a for Windows XP. SP-4 for Windows 2000 is relatively new at the moment and most companies won't have this tested and deployed yet). Also, the default version of IE is assumed to be installed as well (IE 5.01 for Windows 2000, IE 6 for XP, etc.). You will also need to create the proper directory structure to hold these patches. Download a zipped copy of the directory structure here. In a directory, I created subdirectories to house each of the categories. For example: \IE_5.01\IIS\MDAC\OS\Qchain\REG\SLEEPIf you would like to contribute any efforts to grow this script to encompass other areas or to make it more efficient, please feel free to e-mail me. I am providing these scripts for "Open Source" distribution. Keep in mind that I would like to keep this as a batch file as much as possible and use native commands and free utilities (to reduce the need for VB or WMI scripting since WSH isn't installed by default on NT 4.0 systems). [ WinPatch - Home ] Link to comment Share on other sites More sharing options...
Guest bcc-bits Posted July 23, 2004 Share Posted July 23, 2004 I'm aware of such solutions, but they have to be maintained manually (downloaded), while SUS is already handling everything fine. Unfortunately M$ doesn't offer a "update now" functionality (although there are scripts available to trigger that, maybe I can use that ...) B. Link to comment Share on other sites More sharing options...
Beastmaster Posted July 23, 2004 Share Posted July 23, 2004 Hmmm. What about to create a batch/script which is based on a downloaded webpage (e.g. from MacroSoft). Parse its content to extract the basic info. Write&run the resulting script. All that could be done with AutoHotkey/AutoIt 3.The magic key phrase: command line Or. Get a unique pixel on the Windows-Update-Tray-Icon to search for its position within the tray area. Then you can use MouseClick (AU2/AHK/AU3) or ControlClick, ToolBarWindow321, ahk_class Shell_TrayWnd,, R, 1, X877 Y13 ;(AHK)[AHK more...][AU3 more...] Link to comment Share on other sites More sharing options...
Recommended Posts