[unisog] Forcing Automatic Updates via Login Script

Jonathan Glass jonathan.glass at oit.gatech.edu
Mon Nov 28 14:31:52 GMT 2005

Stasiniewicz, Adam wrote:
> Based on popular demand, here is a quick guide to setup a login script
> to configure automatic updates.
> BTW: I apologize for taking so long to get back to some of you; I was
> busy stuffing my face with turkey...
> There are a few ways to do this, but this is the easiest way I found.
> Note, this process is best for organizations running Novell, NT 4, or
> Samaba, since if you have computers logging into an Active Directory,
> you can do the same by domain based GPOs.
> 1. On any Windows XP Pro computer, load the local GPO. (Start | Run |
> gpedit.msc)
> 2. Navigate to Computer Configuration | Administrative Templates |
> Windows Components | Windows Update.
> 3. You will see a bunch of setting, configure them to your liking and
> close
> 4. Open regedit (start | run | regedit) and navigate to
> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate and
> export the entire WindowsUpdate folder.
> 5. Put the .reg file somewhere accessible to the login script.
> 6. In your login script specify the following command regedit -s
> PATHTOREGFILE/REGFILE.reg.  So if the .reg file is located at
> //server1/share1/update.reg the command would be:
> regedit -s //server1/share1/update.reg
> Note, the -s option is there so your users don't get prompted "are you
> sure you want to install these registry entries" every time they login.
> Regards,
> Adam Stasiniewicz 
> Computer and Communication Services Department 
> Milwaukee School of Engineering
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

Also, check out Wally Beck's site on doing this, and much much more, 
with AD and logon scripts.


Jonathan Glass
GT/OIT Information Security

More information about the unisog mailing list