MS Hotfix Deployment
Reading up about various ways to manage MS hotfix deployment. So far, it looks like it always assumes intranet deployment, which doesn’t do me any good. Maybe there’s some client-server app out there than can help deploy MS hotfixes and SP’s securely across an untrusted network.
Managed System Links:
Shavlik - Offers some interesting tools, including HFNetChk, a command line scanning tool licensed by MS for MBSA. Has a kind-of-wack license agreement prohibiting it from use as a ‘child process’ of a batch file??? wtf?
MbsaFU -Anyway, here’s an interesting open source automated patching solution that relys on mssecure.xml and MBSA output. Seems like this process is still kind of immature though, as there are some possible bugs in mssecure.xml the author mentions.
More manual approach:
Microsoft Software Update Services - Looks free, will automatically grab hotfixes and service packs… and manages client/server through modifications to client GPO’s. However, i’m thinking that SUS could fulfill the patch download and organizational part of the process, with an integrated solution to deploy these across untrusted networks. Potentially a decent way to go.
QCHAIN.EXE, which MS made to allow multiple hotfixes to be chained together with a single reboot. Unfortunately, not usable for INF-based IE Updates.
From the horse’s mouth - Windows 2000 hotfix deployment.
Creating 3rd Party MSI Packages
Discussions:
Interesting article on ServerWatch, mentions several vendors.