Techs: Win XP Pro and updates

How do you install the frequent Microsoft patches on many clients?

There are a few different approaches to this problem.

  1. Automatic Updates. If you have a fast Internet connection and all your workstations run Win2000 SP2 and WinXP SP1 or later then you can have them update themselves using the Automatic Updates service. This goes out to Microsoft’s Windows Update servers on the Internet and detects when new patches are available. You could configure all clients to Automatically download the updates, and install them on the schedule that I specify. This is easy but it eats up a lot of bandwidth and doesn’t give you the opportunity to test updates before you distribute them. This can have unfortunate results if one breaks a third-party application; all your users could start having problems at the same time for no apparent reason.

  2. Software Update Services. If you have a Windows 2000 or 2003 server you can download this free package from Microsoft. It synchronizes itself with Windows Update so that all the latest patches are stored on your server. You can then use Group Policy to configure Automatic Updates on all your 2000/XP workstations so that they update themselves from this local server instead of Microsoft’s. This method cuts way down on bandwidth usage since the updates are only downloaded from the Internet once. It also lets you authorize specific patches to distribute, so you can test new ones on a few machines before sending them out to everyone. I’ve been playing with this on a server at work and it seems to work well.

  3. Qchain batch file. If you don’t have a fast Internet connection you may have no choice but to put all the patches on a CD or network share. Most hotfixes have command line switches that suppress all prompts. You can make a batch file to run each of the desired patches and then qchain.exe. This can take a long time to run but it’s better than running each package individually.

And scheduled install will work when the user is a user, not just an administrator.
Thanks!