Next Topic

Previous Topic

Book Contents

Patch Deploy

Scripts > Patch Deploy

The Patch Deploy wizard is a tool that creates a script to distribute and apply Microsoft patches. The wizard walks you through a step by step process resulting in a script you can schedule to deploy a patch to any managed machine. See Methods of Updating Patches, Configuring Patch Management, Patch Processing, Update Classification and Patch Failure for a general description of patch management.

Microsoft releases many hot fixes as patches for very specific issues that are not included in the Microsoft Update Catalog or in the Office Detection Tool, the two patch data sources the Patch Management module uses to manage patch updates. Patch Deploy enables customers to create a patch installation script for these hot fixes, via this wizard, that can be used to schedule the installation on any desired machine.

Step 1: Enter 6-digit knowledge base article number.

Microsoft Publishes a vast assortment of information about its operating system in the Microsoft Knowledge Base. Each article in the Knowledge Base is identified with a 6-digit Q number (e.g. Q324096.) All Microsoft patches have an associated knowledge base article number.

Note: Entering the article number is optional. Leave it blank if you do not know it.

Step 2: Select the operating system type.

Sometimes patches are specific to a certain operating system. If the patch you are trying to deploy applies to a specific OS only, then select the appropriate operating system from the drop down control. When the wizard creates the patch deploy script, it restricts execution of the script to only those machines with the selected OS. This prevents inadvertent application of operating system patches to the wrong OS.

Step 3: Download the patch.

This step is just a reminder to fetch the patch from Microsoft. Typically there is a link to the patch on the knowledge base article describing the patch.

Step 4: How do you want to deploy the patch?

The Patch Deploy wizard asks you in step 4 if you want to Send the patch from the VSA server to the remote machine and execute it locally or Execute the patch from a file share on the same LAN as the remote machine. Pushing the patch down to each machine from the VSA may be bandwidth intensive. If you are patching multiple machines on a LAN no internet bandwidth is used to push out the patch. Each machine on the LAN can execute the patch file directly from a common file share.

Step 5: Select the patch file or Specify the UNC path to the patch stored on the same LAN as the remote machine.

If Send the patch from the VSA server to the remote machine and execute it locally was selected, then the patch must be on the VSA server. Select the file from the drop down list.

Note:If the patch file does not appear in the list then it is not on the VSA server. Click the Back button and upload the file to the VSA by clicking the first here link.

If Execute the patch from a file share on the same LAN as the remote machine was selected, then the patch must be on the remote file share prior to running the patch deploy script. The specified path to the file must be in UNC format such as \\computername\dir\.

Note: If the file is not already on the remote file share, you can put it there via FTP. Click the Back button and then the second here link which takes you to FTP.

Step 6: Specify the command line parameters needed to execute this patch silently.

To deploy a patch silently you need to add the appropriate command line switches used when executing the patch. Each knowledge base article lists the parameters for silent install. Typical switch settings are /q /m /z.

Note:Command line parameters are optional. Leave it blank if you do not know it.

Step 7: Name the script.

The new script appears under the Install Tab. Master administrators can specify a shared script or private script. Standard Administrators can only create private scripts.

Step 8: Reboot the machine after applying the patch.

Check this box to automatically reboot the managed machine after applying the patch. The default setting is to not reboot.