Tip

Scripting resources to automate patching

When most people hear the word "script" they think of the document an actor or actress would use to learn lines for a movie or play. More than just a collection of lines to memorize, though, the script gives step-by-step instructions on how each scene of the performance should go.

In a similar – yet much less dramatic -- fashion, scripts written for your Windows operating system provide step-by-step instructions for the computer to execute. In its simplest form, a script is just a short text file listing out commands to be run. Any command that can be executed from a command line can also be automated by adding it to a script.

Scripts can be assigned on an individual level through the user account properties on a Windows network. However, it is more efficient to use Group Policy in a Windows domain network, where you can assign scripts to be executed automatically when the computer itself boots up or shuts down, or you can assign scripts to run when a user logs on or off the system.

Used in this manner, Windows scripts can automatically install patches and updates on computer systems. By placing security patches on a server, and creating login scripts to automatically execute patch installations each time computers are rebooted or accessed, administrators can ensure that everyone receives the latest updates.

The Script Repository on Microsoft's Script Center contains a variety of scripts that can be used to administer Windows desktop machines. The following scripts are aimed specifically at security:

Install an Update: To script the installation of a Microsoft patch

Modify the Update Schedule: To script the configuration of the Automatic Update settings on client machines

Deploying patches this way is obviously cheaper than purchasing and implementing a commercial patch management tool. However, it lacks many features of such tools, including the ability to track the successful patch deployments, automatically recall or undo patches that may cause problems on the network, or create reports about the current state or historical view of patching within the environment. There are scripts available to accomplish some of these tasks, but they are much more tedious and time consuming to use than a full patch management solution.

In any event, Windows scripts are valuable resources to have in your administrator toolbox. With all of the bells and whistles of the Windows GUI interface, it is easy to forget just how quick and simple it can be to execute commands from the command line. A good resource for additional Windows scripts is Microsoft's TechNet Script Center or Doc Rice's Security Patch Scripts for Microsoft Windows NT, 4.0, 2000 and XP.

About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security, providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions, visit Essential Computer Security.


More information from SearchWindowsSecurity.com

  • Tip: Manual vs. automated patch tracking
  • Tip: Patching tug-o-war: When to push or pull patches
  • Topics: Get resources for secure scripting in this topic section


  • This was first published in August 2005

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.