|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Windows 2000 Patch Order
From: David Vincent (david.vincent
mightyoaks.com)
Date: Thu Jun 12 2003 - 11:45:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
go and grab the command line hfnetchk from http://www.shavlik.com as well as
qchain.exe and qfecheck.exe from microsoft- making sure you get the windows
2000 versions.
setup a batch file with all the hotfixes using the /z /m switches to avoid
prompts and do "silent" installs.
at the end of your batch file execute qchain. it will go through the list
of files in queue waiting to be copied into the filesystem upon reboot, and
leave only the latest version of each dll. then the installed order doesn't
matter.
for example, say you install a hotfix with a dll version of 2, then another
hotfix with a dll version of 1.7. v1.7 will be later in the queue and will
overwrite v2 when you reboot. qchain will remove the v1.7 and leave only
the v2 for install.
then, after a reboot, run qfecheck, and then hfnetchk /v /z /s 2 . qfecheck
should come back and tell you each hotfix installed, and if it is installed
properly. hfnetchk should do the same.
this is the best method, sanctioned my microsoft. I still run across some
hotfixes which hfnetchk reports as having greater file versions and invalid
checksums, etc. using qfecheck in concert with hfnetchk gives me some
mental relief.
also, if you're doing this just after a hotfix has been released, make sure
to check the date on the XML file, it often doesn't get updated until later
that day or a day or two later.
email me off-list if you want more help.
-d
> -----Original Message-----
> From: Kallio, Steve J. [mailto:Steve.Kalliorfets.gov]
> Sent: Thursday, June 12, 2003 7:37 AM
> To: focus-mssecurityfocus.com
> Subject: Windows 2000 Patch Order
>
>
> This may be an old topic, but I'm new to the list:
>
> Does anyone know of a reference that provides the proper
> order to install Post SP3 patches onto a Windows 2000 server?
>
> If you just install the patches in order of their release
> date you will end up with files from the more recent patch
> overwriting files from the older patch that have a newer file
> date. Example:
>
> MS02-071 installs basesrv.dll with a file date of 11/1/2002
> and a version of 5.0.2195.5265.
> MS03-013 installs basesrv.dll with a file date of 8/15/2002
> and version of 5.0.2195.5265.
>
> Same versions, different file dates, different checksums.
> Obviously microsoft has poor version control and doesn't
> check the file dates on install. But maybe newer doesn't
> mean better either.
>
> I'm sure someone in the user community has gone through this
> before, its too bad MS leaves it up to us. Thanks in advance
> for your responses.
>
>
>
>
> --------------------------------------------------------------
> ---------------
> --------------------------------------------------------------
> ----------------
>
-----------------------------------------------------------------------------
------------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]