Indeed.
However, one shouldn't overlook the value of logging, reporting, error handling, etc... It's a significant challenge. -sc From: James Rankin [mailto:kz2...@googlemail.com] Sent: Monday, August 31, 2009 11:32 AM To: NT System Admin Issues Subject: Re: [On-Topic] Patching with PSEXEC Ah yes. Read threads fully before responding, one must. GPO would be the way to go then - although I tend to use the Citrix Application Packager when the fit takes me, although obviously the fact that I run a Citrix farm kinda helps me out there. You can also do third-party kit through VMWare Update Manager (Shavlik for VirtualCenter essentially) and SCCM, but those have all the cost implications we all know about. Psexec comes in quite handy once you've packaged applications up to install quietly, if you can - or identified all the necessary switches. Adobe's customisation tool is quite good for building customised installers (one of the few things Adobe seems to do well) 2009/8/31 Steven M. Caesare <scaes...@caesare.com> I agree on the "it becomes a full time job part". However, he specifically mention non-MS apps... and WSUS won't do that. -sc From: James Rankin [mailto:kz2...@googlemail.com] Sent: Monday, August 31, 2009 9:49 AM To: NT System Admin Issues Subject: Re: [On-Topic] Patching with PSEXEC We used to use a batch script using psexec to patch 500 Windows NT Server systems because management wouldn't pay for anything. We had to do the OS, Internet Explorer (all versions), Adobe, Office, all the other stuff. We started off using a text file full of data being parsed for the relevant systems so that we'd know what to install on each system as they were discovered. Someone (me) ended up working on this data file and the script almost full time, spending hours after every patch release working out where the files were updated, how to test if it applied, which systems needed it, and how to work the logic into the batch script to make sure it didn't go where it didn't. And this is in the pre-64-bit and virtualisation days. I can't imagine how complex it would be now. Most sensible accounts at this time paid for UpdateExpert or HfNetChk. When MS released WSUS, we all breathed a collective sigh of relief and went back to other day-to-day admin tasks. We, as others probably do, only use psexec for one-off tasks now. Patching is far too complex a beast for it, unless you like having to spend all your time what MS will do for you for nothing. 2009/8/31 tony patton <tony.pat...@quinn-insurance.com> Hey all, Following on from IE8 doesn't work thread, management here wants start using PSEXEC to patch applications. I'm a bit hesitant to use it for patching 2800 desktops for Adobe reader, flash, firefox and UltraVNC, fine for running scripts and such, just not sure about patching. Logging is a whole other thing, personally, I don't want to be able to log which machines were successful, failed or not on as there would be no incentive to get a proper patching solution. I can wrap a batch file around it to re-direct output to a file, so the possibility of logging is there. What are the pitfalls that any of you that use this approach have come across? Also thanks to Sam Cayze for the PSEXEC command for Adobe, hadn't attempted to work out the command for Flash but this does it, saved me a bit of work :-) Slightly off-topic, don't know why anyone would want to leave this list, keeps me sane most days. Sorry if this is a bit all over the place, 11am and been here before 7 :-( All information greatly appreciated. Regards Tony Patton Desktop Operations Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com ==================================================================== http://www.quinn-insurance.com This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance, unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. ==================================================================== QUINN-Life Direct Limited is regulated by the Financial Regulator. QUINN-Insurance Limited is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. ==================================================================== QUINN-Life Direct Limited is registered in Ireland, registration number 292374 and is a private company limited by shares. QUINN-Insurance Limited is registered in Ireland, registration number 240768 and is a private company limited by shares. Both companies have their head office at Dublin Road, Cavan, Co. Cavan. -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." http://raythestray.blogspot.com -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." http://raythestray.blogspot.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~