Ask the Expert

How to deploy Microsoft patches without Active Directory or SMS

What is the simplest way to deploy Microsoft patches to 100+ desktops if you do not have Active Directory or SMS?

    Requires Free Membership to View

There are several patch management tools for Windows, including products from Configuresoft, PatchLink, St. Bernard Software, Ecora, BigFix and Shavlik Technologies. Shavlick developed the HFNetChk scanning engine that is used by Microsoft's Baseline Security Analyzer. They also have a basic edition of their HFNetChkPro, which targets smaller organizations that don't need advanced patch management functions, such as scheduled scans and e-mail support.

If you are looking for a free Windows Hotfix utility, look into the Windows Hotfix Checker (WHC) by Michael Dunn. WHC is a front-end for HFNetChk. WHC runs HFNetChk, captures its output, and creates a report on the hotfixes that need to be installed. WHC can scan a local computer, remote computer or an entire NT Domain. On Windows 2000 and later, it can also scan an IP address, or a range of IP addresses. Once you've scanned for necessary hotfixes, WHC can also download them from Microsoft. WHC's detailed hotfix report includes hyperlinks to the Microsoft security bulletin and Knowledge Base article for each hotfix, so finding the correct page for hotfixes that are not directly downloadable is easy. Finally, once you have downloaded the necessary hotfix installers, WHC can run them for you.

Hotfixes are often chainable, meaning you can install several at once without having to reboot after each. WHC supports this by using Microsoft's QChain utility. It's important, however, to verify that the hotfixes you add to the install list are chainable, because it doesn't work with product updates that do not use update.exe as the installation program, such as Internet Explorer updates for Windows 2000 and Windows XP. Once you have installed your updates, you can verify that your computers have all the fixes you wanted to install by using the Qfecheck.exe tool.

This was first published in November 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: