In some circumstances you may want to use the Windows Scheduler to automatically apply security patches to a given machine -- for instance, if you want to roll out patches across your organization via scheduler on a specific day. If a patch breaks functionality with a particular program, for instance, and you want to give people a certain amount of notice before making the change globally, this is a good way to do that.
- To apply security patches through the Scheduler, you first have to convert them into a .MSI or Windows Installer package. The tool for creating .MSI packages from .EXE files is called Veritas Discover, and is included in the Windows 2000 installation CD-ROM in the directory VALUEADD3rd PartyMGMTWINSTLE. Look for an .MSI file named SWIADMLE.MSI and execute it. Once you do so, a new Programs menu entry will appear: Veritas Software | Veritas Discover.
- Run the program and then specify a location to build the .MSI file (which can be the desktop, for easy access, or another folder of your choosing). You'll also need to specify a location to store Windows Installer's temp files during this process, and an arbitrary name for this .MSI package.
- First, the Veritas Discover program creates an image of the computer's current state. This may take a while, and it will usually consume the entire machine's CPU, so don't plan on doing any work with that machine for a bit.
- Once it's built the image, point
- the Veritas Discover program at the .EXE with the patch. The patch will run. If it prompts you to reboot your computer, do not do this. Select "Reboot Later" or whatever the relevant option is.
- Run Veritas Discover again and select the option "Perform the 'After' snapshot now." Another system image will be built, and the difference between those two images will be used to create the .MSI file.
- Add a new scheduled task that runs the .MSI file at the appropriate time. Note that you will need to run the package as another user -- either the system administrator or the local-machine administrator, depending on whether or not you're running this on one or many machines.
Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter.
This was first published in October 2002