Question : Problem: Efficient deployment of Microsoft updates

Trying to provide a solution for laptop computers that are off the network too frequently for SMS to install patches in a reliable manner. A script for them to run when they connect through VPN. Easy problem to tackle, but there are a couple conditions I want to try and get through: Efficiency and Corporate policies.

Is there any way, VBscript, Batch, Voodoo magic code that could be of use to me here?
-I need to install all necessary XP/Office update exe's in a specific folder (prefer quiet mode)
-Try to do it efficiently without reinstalling patches already on the computer
-Do it without the use of 3rd party programs like Autopatcher. (microsoft specific, vbscript, batch, or whatever code possible is OK)

I've been tinkering with various ways of installing windows/office updates via a batch file script. So far its rudimentary, but it worked nonetheless. Now I'm trying to find a more efficient way of doing it...

I would desire the script to install all the updates in a specific folder on a network directory:
\\ServerName1\ShareFolder\Dir

Right now, I can list every executable in the directory, and have it install with /z /q switches to keep from rebooting and make it a quiet install.  It works, but if the computer already has one or more of the updates all it does is reinstall the patch. I feel like I'm wasting a huge chunk of user's time, and my networks resources, doing that. I also have to manually type in every update that comes about into the script. Also some updates have prerequisites that need to be installed with a reboot needed to recognize it. So Qchain was needed in there.

Now I've tested using Autopatcher...it works great for my situation but I don't want it on my servers/computers here. Not corporate sanctioned software so it has to go bye bye.
I've also played with WSUS but that interferes with SMS if i'm not mistaken. And my laptops are still off the network alot so nothing solved.

What can I do here?

Answer : Problem: Efficient deployment of Microsoft updates

WSUS is easy to manage and would ensure that your laptop users get patched the moment they arrive on your network.

Secondly, if these users are off the network that often do they really need to be in your AD structure? If not then I would begin setting them up off the network with a VPN solution so the users would still have access to the domain if and when needed via user authentication.

Third enable, if you have not already done so, automatic updates on those client machines so when off the network it will go out and connect to get all critical patches.

If none of these seem to be viable for you, another method as mentioned above and its more work than its worth is to copy all said patches to dvd, CD, or make a website that the users can get to via VPN and will be able to see all the patches released for said month and click a link to get them. My site uses this sort of web interface for off site users along with not having them on the domain and enabling the automatic updates clients.

Hope those help.

-Cheers-
Random Solutions  
 
programming4us programming4us