Apply security patches automatically

In some circumstances you may want to use the Windows Scheduler to automatically apply security patches to a given machine -- for instance, if you want to roll out patches across your organization via scheduler on a specific day. If a patch breaks functionality with a particular program, for instance, and you want to give people a certain amount of notice before making the change globally, this is a good way to do that.

  1. To apply security patches through the Scheduler, you first have to convert them into a .MSI or Windows Installer package. The tool for creating .MSI packages from .EXE files is called Veritas Discover, and is included in the Windows 2000 installation CD-ROM in the directory VALUEADD3rd PartyMGMTWINSTLE. Look for an .MSI file named SWIADMLE.MSI and execute it. Once you do so, a new Programs menu entry will appear: Veritas Software | Veritas Discover.

  2. Run the program and then specify a location to build the .MSI file (which can be the desktop, for easy access, or another folder of your choosing). You'll also need to specify a location to store Windows Installer's temp files during this process, and an arbitrary name for this .MSI package.

  3. First, the Veritas Discover program creates an image of the computer's current state. This may take a while, and it will usually consume the entire machine's CPU, so don't plan on doing any work

Requires Free Membership to View

  1. with that machine for a bit.

  2. Once it's built the image, point the Veritas Discover program at the .EXE with the patch. The patch will run. If it prompts you to reboot your computer, do not do this. Select "Reboot Later" or whatever the relevant option is.

  3. Run Veritas Discover again and select the option "Perform the 'After' snapshot now." Another system image will be built, and the difference between those two images will be used to create the .MSI file.

  4. Add a new scheduled task that runs the .MSI file at the appropriate time. Note that you will need to run the package as another user -- either the system administrator or the local-machine administrator, depending on whether or not you're running this on one or many machines.

Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter.

This was first published in October 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.