My bet is on that would be no. In cases like what you described SP2 was a prerequisite for the 43 additional patches and one or more of them were prerequisites for that additional ones.
Jon On Tue, Aug 18, 2009 at 11:21 AM, Richard Stovall < [email protected]> wrote: > Can you push the SP and the post-SP updates at the same time with WSUS? > At first I only see the SP as 'needed' in WSUS. It isn't until after > it's installed and 'wuauclt /detectnow' is run that I see the 43 > additional ones that are necessary for Server 2003. (Then there 3 or 4 > more that are required after the 43 are installed...) All in all it was > 3 reboots for a couple of 2003 SP1 servers that I updated to current > last weekend. If there is a way in WSUS to just blast out everything at > once that might be useful in some instances. > > Thanks, > RS > > -----Original Message----- > From: David Lum [mailto:[email protected]] > Sent: Tuesday, August 18, 2009 11:11 AM > To: NT System Admin Issues > Subject: RE: Patching question > > Sorry this doesn't answer your question, but WSUS is your friend, you > can push SP's as well as the updates required afterward (I pushed SP3 > for XP to 350 systems, for example, and my total involved time was > oh....one minute, including opening the MMC). Patching with WSUS takes > about 1/10th the time patching with SMS does. We use WSUS for MS > patching and SMS for 3rd party updates. Like SMS, WSUS can use BITS > throttling. WSUS is free and can run on desktop hardware. > > I found SMS to be the really really hard way to patch MS systems, > although I realize there may be reasons you aren't using WSUS. > > David Lum // SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 // (Cell) 503.267.9764 > > -----Original Message----- > From: Ziots, Edward [mailto:[email protected]] > Sent: Tuesday, August 18, 2009 7:29 AM > To: NT System Admin Issues > Subject: RE: Patching question > > I don't use SMS here Chris, > > But I have the same issue and I setup a batch script that updates to > SP2, and then runs the post SP2 hotfixes accordingly, along with the TCP > Chimmney disabling and DST fixes again and then reboots the machine (I > do use Qchain.exe at the end to make sure everything applies as I want > it) then re-scan with shavlik and server is patched up to the required > levels. I have done about 100 Servers this way without an issue. > > You could probably push a quick scheduled task to run the batch file on > a central server against your target servers, and then have it reboot > afterwards. > > The service pack + patches should take about 1 hr depending on the speed > of the system and available resources. This has been the average for me, > and my maintenance windows are probably a lot like yours. > > Z > > Edward Ziots > Network Engineer > Lifespan Organization > MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + > [email protected] > Phone:401-639-3505 > > -----Original Message----- > From: Christopher Bodnar [mailto:[email protected]] > Sent: Tuesday, August 18, 2009 10:18 AM > To: NT System Admin Issues > Subject: Patching question > > This is not really an SMS question, more of a generic patching question. > > We have SMS 2003, and use it to patch systems. I recently found out we > have a large number of systems still at W2K3 PS1. Easy enough to push > out SP2 to them. The problem then, is how to automate the application of > any post SP2 patches. I can think of a few ways, but none of them great. > For example, I can create one monster post SP2 package in SMS and have > the SP2 package be a pre-requisite. The problems with that are the size > of the package itself and how to get a list of post SP2 updates to > include in the post sp2 package. I've also thought of doing this as a > manual process and having us run Windows update after the SP2 package is > applied. The problem with this is our change window is small, and the > amount of staff to cover doing this. I'm sure some of you must have run > into this issue before. > > Any ideas? > > Thanks, > > Chris > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
