Command Line Options for Microsoft Patches-White Paper[1]

Undocumented: Command Line Options for Microsoft Patches and Service Packs Rev 2 – June 1, 2006 Lieberman Software Corporation www.liebsoft.com Introduction In the last few weeks we have been patching our own internal systems using Task Scheduler Pro (a mass management tool we built). Task Scheduler Pro allows us to push Microsoft's own patches (it does a lot more, but that is a different discussion) to a large number of machines in just a few minutes, without needing to build installation packages. But we ran into a problem with the Microsoft hot fixes. No matter how much we searched on-line, we were unable to find the correct combination of command line switches for an unattended patch installation (which is required for a mass deployment). Some command line switches are documented in patch Help output (command line option "/?") but we found that some patches had unique and undocumented command line options. So we began researching the different types of Microsoft patches and hot fixes and their command line switches. The following material covers the complete set of command line switches, documented and undocumented. By the way, you can download and try out Task Scheduler Pro on up to 10 systems for 30 days at no cost. If you need help getting started with the program, just contact sales@liebsoft.com or contact us by phone. Background Most of the operating system and browser patches that Microsoft releases call for an interactive install, which means that the installation process requires feedback from the user in order to proceed. This feedback can include agreeing to software licenses and specifying whether files should be backed up, among other things. Remote installation of these patches requires a silent, or unattended, installation so that the process can be completed automatically, without any user feedback. Microsoft provides command line options for most patches that allow for silent installation, but documentation for these settings is not readily available. Proper configuration is vital to a successful silent installation. If a patch is run on a remote system without the correct configuration, the system will likely pop up a dialog and then hang, waiting for user feedback (or a re-boot). This Application Note documents the command line options necessary for successful deployment of critical Microsoft patches. Page 1 of 3 Copyright 2003-2006 Lieberman Software Corporation – All Rights Reserved Patch Delivery Microsoft delivers patches in two formats: Update.exe and QFE. Both formats include support for silent installations, but they use different command line options. --------------------Update.exe is the newer patch delivery format. The patch for the MSBLASTER worm was delivered in this format, and supports the following command line options: - /? Show the list of installation switches. - /u Use Unattended mode. - /f Force other programs to quit when the computer shuts down. - /n Do not back up files for removal. - /o Overwrite OEM files without prompting. - /z Do not restart when installation is complete. - /q Use Quiet mode (no user interaction). - /l List installed hotfixes. - /x Extract the files without running Setup. Run an Update.exe patch with the command line option /? to see these options. Lieberman Software normally uses the options: "/u /o /q" for a silent installation. --------------------QFE is used to deliver patches for Internet Explorer and other products. Patch Q822925.exe was released in this format. QFE is more difficult to use because the /? option does not document all the arguments necessary for performing a silent installation. QFE patches support the following options: - /q: Use Quiet mode or suppress messages when the files are being extracted. - /q:u: Use User-Quiet mode, which presents some dialog boxes to the user. - /q:a Use Administrator-Quiet mode, which does not present any dialog boxes to the user. - /t: Specify the location of the temporary folder that is used by Setup or the target folder for extracting files (when using /c). - /c Extract the files without installing them. If /t: is not specified, you are prompted for a target folder. - /c: Specify the path and the name of the Setup .inf file or the .exe file. - /r:n Never restart the computer after installation. - /r:i Prompt the user to restart the computer if a restart is required, except when this switch is used with the /q:a switch. - /r:a Always restart the computer after installation. - /r:s Restart the computer after installation without prompting the user. - /n:v Do not check version. Use this switch with caution to install the update on any version of Internet Explorer. Lieberman Software normally uses the options: "/r:as /q:a" for a silent installation. ______________________________________________________________________________________ Page 2 of 3 Copyright 2006 Lieberman Software Corporation – All Rights Reserved Epilogue So, after you push your patches, how do you know if they took? Well, we guessed that a return code of zero (0) meant success (which it does), but some of our patch jobs returned different error codes. An on-line search for the return codes produced no results, but after some direct Microsoft support by our rep, he located the link to the return codes. So, to help you with the last part of the patch process, here is the link to the return codes returned from hot fixes and service packs. Update One of our readers, Scott Williamson of Horry Telephone Cooperative, had a great suggestion: provide a link to the Microsoft Knowledgebase article on what switches are required for silent installs of different Microsoft products. Here is that link. Thanks Scott! Our support staff is available to answer your technical questions whether you are a customer or not. Voice: 800.829.6263 (USA/Canada) Voice: (01) 310.550.8575 (Worldwide) Fax: (01) 310.550.1152 (Worldwide) Web: www.liebsoft.com Email: support@liebsoft.com ______________________________________________________________________________________ Page 3 of 3 Copyright 2006 Lieberman Software Corporation – All Rights Reserved