/build/static/layout/Breadcrumb_cap_w.png

Deploy a Microsoft Hotfix using a managed install in the K1000

Problem: Microsoft releases a hotfix (.msu file) that needs to be applied to systems that are vulnerable.

Solution: Use wusa.exe to install the .msu file through a K1000 managed install. For this example, KB2460922 was used.

 

  1. Download the hotfix file from Microsoft: http://support.microsoft.com/kb/2460922
  2. In this case, run the .exe file to extract the hotfix .msu file.
  3. Install the hotfix on a test machine and force a check-in/inventory update to the K1000.
  4. Upload the .msu file to the software inventory item titled "Hotfix for Microsoft Windows (KB2460922)". It will be under View By>Type>Patch Software.



  5. Select any operating systems you wish to deploy to in the software item.
  6. Create a MI using the following parameters:
    • Select "Hotfix for Microsoft Windows (KB2460922)" in the software drop-down.
    • Select the radio button for "Configure Manually".
    • For the installation command, use: wusa.exe /quiet /norestart Windows6.1-KB2460922-v2-x64.msu
      NOTE:
      To see how to get the options, see the section below the MI.
    • Check the box for "Don't Prepend msiexec.exe".
    • Set the managed action to "Execute Anytime".
    • Assign machines that need to have the hotfix applied.
    • Set any other parameters that are needed.
    • Save.

Once the targeted systems run the MI, the patch will show up in computer inventory under Software>Installed Patches via Inventory.

 

 

wusa.exe installer options:

From a command prompt, type wusa.exe and one of the following will give you the installer options:  /?, /h or /help


Comments

  • Hmmmm, I followed this to the tee on the KB2964358 and can't get it to deploy from the kbox. - clarkml 9 years ago
    • It's possible that the patch needed prerequisites that are not present or needed elevated permissions. This method would not cover that. You would have to deploy that from a Kscript and use the run as feature. - jknox 9 years ago
  • what happen if we have same patch for different architecture ? - rock_star 8 years ago
    • You would follow the same basic process. It would probably change a bit with the inventory detection as a custom inventory rule might be needed. Once you could determine if the patch is installed on each type of infrastructure, you would likely need to do separate MIs for each. - jknox 8 years ago
      • We can follow above process for one type (64 bit ) and only select 64 bit OS in software category. for 32 bit machines get the software created with some custom field. Other method that i thought is to call batch/vb script , then let them find out the architecture of machine and install the relevant hot fix , this will only need one MI. - rock_star 8 years ago
  • Such a helpful write-up Thank you for posting! Saved me hours of manual installs! - annleacock 7 years ago
  • This is a great article. Works exactly as it should. Using version 7.0. - ehansen 6 years ago
  • I get installer encountered an error : 0x8000ffff , catastrophic failure - rahimpal 5 years ago
This post is locked
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ