This script will check the OS version, check the registry for a particular hotfix (in this case, KB824146) - if it's not there, the script will prompt with a 'policy window,' and an 'OK' button to then execute the MS hotfix from a predefined server path (there's no way to say 'cancel'). Our network is laid out with every remote site using the exact same network path for public patches, so the server was the only real variable (you can modify the path vars in the script itself). So, in our login scripts, I had set up a quick check to see if the host OS was windows NT based (see script for actual syntax). If it was, then I told it to run the VBS script ('ptchrpc.vbs servername') - The script has a server variable set inside of it, so if no arguments are given, it will default to whatever is set there. This is good for those who run it manually. It was also written so that you could easily modify it and replace the hotfix variable with any new 'critical updates' that MS releases. Be sure to check and recheck your registry keys for each OS, though! If you have many remote users, you may want to write some logic into this script to find throughput, or if the network interface is a modem, etc. Comments are welcome!
'~~Author~~. Rob Dunn
'
'~~Email_Address~~. qc_metal@hotmail.com
'
'~~Script_Type~~. vbscript
'
'~~Sub_Type~~. System Administration
'
'~~Keywords~~. login script, batch file, rpc fix, patch, windows 2000, xp
'
'~~Comment~~.
'
' Install RPC Hotfix VBS script (ptchrpc.vbs)
' For use in a login.bat file or by itself to install a hotfix for a user
'
' usage: [ptchrpc.vbs servername]
' Runs on NT/2K/XP systems - XP home does not process login scripts, so you
' would have to run either the vbs or patch manually on them.
'
' I used the following statements in our login.bat file:
'
'------------------
' if %OS%!==Windows_NT! Goto RPCPatch
' Goto Begin
'
' :RPCPatch
' "//domaincontroller/netlogon/ptchrpc.vbs" server
'
' :Begin
' Rest of script goes here
'------------------
'
' Windows NT systems _must_ have WMI 1.5 loaded in order for the script to
' process correctly (particularly the 'If objArgs.Count = 1' statement).
' I've noticed that you don't have to reboot after WMI is installed for
' the script to operate properly on NT.
'
' You can get WMI 1.5 for NT from:
' http://www.microsoft.com/downloads/details.aspx?FamilyID=c174cfb1-ef67-471d-9277-4c2b1014a31e&DisplayLang=en
'
' If servername is not specified, you can set sServerName to a particular value
' below the 'ElseIf objArgs.Count = 0 Then' statement.
'
' This script was written with the intent of being able to use it for any
' Hotfix released by Microsoft. Be sure to double-check the registry keys
' If you do re-use the code for a new hotfix.
'
' Technical notes on Hotfix KB824146 from (command switches, registry keys, etc.):
' http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-039.asp
Dim WSHShell
Dim sComputerName, sServer, sPatchPath, sSwitches, sSwitchesNT
Dim sServerName, sHotfix
Dim Command, objArgs
'If any glitches, script will resume by telling you that there was a problem
On Error Resume Next
Set objArgs = WScript.Arguments
If objArgs.Count = 1 Then
'take the name after the command as the server name argument to pull the
'patch from
sServerName = objArgs(0)
ElseIf objArgs.Count = 0 Then
'if no arguments are given at the command line, then set the server name
'here as a default
sServerName = "server"
End If
Set WSHShell = WScript.CreateObject("WScript.Shell")
'change MS Q number below to check for different hotfix installs
sHotfix = "KB824146"
'Get local computer name to figure OS version below
sComputerName = WSHShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
'share and path after servername in which the patch resides
sPatchPath = "/patches/rpcpatch"
'Patch command exe after path - we renamed ours to something a bit shorter
sWin2k = "/rpcw2k0910.exe"
sWinXp = "/rpcwxp0910.exe"
sWinNTWrk = "/rpcwntwrk0910.exe"
sWinNTsrv = "/rpcwntsrv0910.exe"
'command line switches for the patch
sSwitches = " /f /u"
'switches for NT
sSwitchesNT = " -f -m"
Set objWMIService = GetObject("winmgmts://" & sComputerName & "/root/cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each objItem In colItems
'wscript.echo objItem.Caption
OSVer = objitem.caption
Next
If InStr(1, OSVer, "2000") > 0 Then 'search for win2k reg key
bKey = WSHShell.RegRead("HKLM/SOFTWARE/Microsoft/Updates/Windows 2000/SP5/"_
& sHotfix & "/Description")
'Set the command line - format: "//server/share/path/hotfix.exe" /switches
sCmd = Chr(34) & "//" & sServerName & sPatchPath & sWin2k & Chr(34) & sSwitches
ElseIf Instr(1, OSVer, "XP") >0 Then 'search for winXP reg key
'if the OS is XP with SP1 installed, then run following
bKey = WSHShell.RegRead("HKLM/SOFTWARE/Microsoft/Updates/Windows XP/SP2/"_
& sHotfix & "/Description")
If bKey = "" Then 'if XP system does NOT have SP1 installed yet
bKey = WSHShell.RegRead("HKLM/SOFTWARE/Microsoft/Updates/Windows XP/"_
& "SP1/" & sHotfix & "/Description")
End If
'Set the command line
sCmd = chr(34) & "//" & sServerName & sPatchPath & sWinXP & Chr(34) & sSwitches
ElseIf Instr(1, OSVer, "NT") >0 Then 'search for NT40 reg key
bKey = WSHShell.RegRead("HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/"_
& "Hotfix/" & sHotfix & "/Hotfix Description")
If Instr(1, OSVer, "Workstation") >0 Then 'set command line NT4 workstation
'set the command
sCmd = chr(34) & " //" & sServerName & sPatchPath & sWinNTwrk & ""_
& Chr(34) & sSwitchesNT
'Only other option would be if OS is NT _Server_, then set command for server
Else
'set the command line
sCmd = chr(34) & "//" & sServerName & sPatchPath & sWinNTsrv & ""_
& Chr(34) & sSwitchesNT
End If
End If
'if registry key does not exist (i.e. if it is not installed), then prompt
' user with 'OK' only dialog to begin installation of patch.
' NOTE - if file doesn't exist in the path specified by this dialog, the
' user will not see an error. The dialog will go away, and re-appear
' upon next logon. Code could be written to check for existence of file...
'
'Change below to suit your needs - window reports pathname at the
' bottom.
If bKey = "" Then
MyVar = MsgBox ("Per X's IS policies, this PC requires critical security "_
& "update " & sHotfix & " to " & "protect your data. The installation "_
& "should take less than one minute, and your computer will reboot upon "_
& "completion. Once the patch has successfully installed, you will not "_
& "receive this message again." & VBCRLF & VBCRLF & "Please do not disturb"_
& " the installation process." & VBCRLF & VBCRLF & "Press OK to install."_
& VBCRLF & VBCRLF & "If you experience errors, contact Support at "_
& " 815-555-1212." & VBCRLF & VBCRLF & "The update will be installed from "_
& sCmd & ".", 48, "Critical " & OSVer & " Security Update - September "_
& " 10th, 2003")
Runpatch
Else
'If key does exist, then do not run patch - remark out the following
' three lines if you don't want to be prompted after the patch
' is installed during successive logins.
MsgBox "This system has the Microsoft security update " & sHotfix & ""_
& " installed ", 64, "Critical " & OSVer & " Security Update - "_
& "September 10th, 2003"
End If
Public Function RunPatch
'set path of executable to command variable
Command = sCmd
'run the command
WSHShell.Run Command,1,False
End Function