Is there a utility that will allow me to bundle Microsoft patches, transfer them to the end user and execute a...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
patch installation without a reboot?
There is good news and bad news. The bad news is you can't avoid a reboot once the patch is installed. This is because if a patch installs over a file that is in use, or the package explicitly asks the installer to reboot, the system will need to reboot before the new file can be used. However, if you batch install the patches you can get by with just one reboot after all updates are installed. There are a variety of ways you can control Microsoft patch installations for your end users. Let's take a look at some of them.
In my opinion, the easiest software to use is HFNetChkPro™ from Shavlik Technologies. (Shavlik developed the HFNetChk™ scanning engine that's used by Microsoft's Baseline Security Analyzer.) There is also a Basic Edition, which is aimed at smaller organizations that do not need advanced patch management functions. To learn more about these tools visit http://www.shavlik.com/.
You can also use Microsoft's Windows Server Update Services. This tool allows you to manage the distribution and schedule the installation of updates that are released through Microsoft Update to computers in your network. To learn more about this tool, visit https://www.microsoft.com/technet/security/tools/default.mspx.
If you prefer to use command-line tools you might want to consider using Microsoft's QChain.exe. QChain.exe can chain updates together so that multiple updates can be installed without restarting a computer between each installation. The following sample batch file demonstrates how to use Qchain.exe:
set PATHTOFIXES=some path
%PATHTOFIXES%Q123456_w2k_sp2_x86.exe -z -m
%PATHTOFIXES%Q123321_w2k_sp2_x86.exe -z -m
%PATHTOFIXES%Q123789_w2k_sp2_x86.exe -z -m
The update installer runs with the -z switch to instruct the installer not to restart after the installation, while the -m switch prevents prompts or messages appearing during the installation.
Unfortunately, there are various issues with both devices. For example, the aforementioned batch file doesn't work with programs that don't use the update.exe installation program. These updates use an INF-based installation instead of Update.exe. For more information on how to use these command-line tools, read this article.
To verify, if your computer is completely updated, you should use the Qfecheck.exe tool. To learn more about this device visit http://support.microsoft.com/kb/282784/EN-US/.
Dig Deeper on Security patch management and Windows Patch Tuesday news
Related Q&A from Michael Cobb
C&C servers have been replaced with Twitter accounts, which spread the Android Trojan Twitoor to user devices. Expert Michael Cobb explains how to ...continue reading
Two-factor authentication systems require more than using codes sent through SMS and smart cards. Expert Michael Cobb explains how to properly and ...continue reading
A Linux vulnerability that affects 80% of Android devices allows for attacks on TCP communications and remote code execution. Expert Michael Cobb ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.