With perl you could just parse the c:\windows\WindowsUpdate.log and after you check and see no patches found then you could just delete the startup script. I am sure it would be really easy to determine that even if its a hack like checking for the existence of a file or something.
Thanks, ------------------------------------------ Ali Mesdaq (CISSP, GIAC-GREM) Security Researcher II Websense Security Labs http://www.WebsenseSecurityLabs.com ------------------------------------------ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of j maccraw Sent: Thursday, February 21, 2008 11:50 AM To: [email protected] Subject: Re: [H] Offline Windows Updater Totally doable if you use a INF instead of a REG to do the patching so you have a control over setting or reverting the settings by simply changing the parameters of the call to the INF. Initiate the setup call the INF install with GUIRunOnce in WINNT.SIF. As to how to automatically detect when all updates are installed I'm stumped but removing is as simple as calling the same command with a different section. "To invoke the INF Add a line to $OEM$\Cmdlines.txt to invoke the INF you created from the sysdff difference file. The command is of the same form as you would use to invoke any Windows 95-style INF. The format is as follows: "RUNDLL32 syssetup,SetupInfObjectInstallAction section 128 inf" where: Section specifies the name of the section in the INF file. Inf specifies the name of the INF file. This should be specified as a relative path to avoid invoking Setup's default INF rules, which look for an unqualified filename in the system inf directory instead of the current directory. For example, specify ..\newtools.inf, not just newtools.inf. The command is always enclosed in double quotation marks. " Mesdaq, Ali wrote: > Greg your the Man! Thanks for the reg key info and the "wuaclt > /detectnow" info. I remember there was a command line way to force it to > check but too lazy to look for it. So you answered my laziness for me. > > I think a combination of nLite customized xp install to include > something's in the install like perl or whatever scripting language can > really automate this whole process so the computer keeps checking for > updates on start up until there are none left and deletes itself and > changes reg keys back to normal. > > Thanks, > ------------------------------------------ > Ali Mesdaq (CISSP, GIAC-GREM) > Security Researcher II > Websense Security Labs > http://www.WebsenseSecurityLabs.com > ------------------------------------------ > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Greg Sevart > Sent: Wednesday, February 20, 2008 11:23 AM > To: [email protected] > Subject: Re: [H] Offline Windows Updater > > Some other useful notes: > > "net stop wuauserv" stops the Automatic Updates (AU) service so it will > pick up the new config. Change to start, obviously, to restart it. > > "wuauclt /detectnow" forces AU to detect if updates are needed > immediately. > > c:\windows\WindowsUpdate.log provides a verbose log file of AU activity. > > Greg > >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:hardware- >> [EMAIL PROTECTED] On Behalf Of Thane Sherrington >> Sent: Wednesday, February 20, 2008 1:13 PM >> To: [email protected] >> Subject: Re: [H] Offline Windows Updater >> >> At 03:04 PM 20/02/2008, Greg Sevart wrote: >>> Oh, absolutely. You also don't need a domain and group policy--you >> just use >>> a .reg file to add the WSUS server info, then delete the key when >> you're >>> fully patched. We use it internally to bring new machines up to date >>> -before- joining the corporate domain. >> Awesome. This is going to be a huge time saver for me. I owe you. >> >> T > > > > > > Protected by Websense Messaging Security -- www.websense.com > > ________________________________________________________________________ ____________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
