Keeping Windows 2000 desktop machines up to date can be an exhausting and tedious job, especially given the breadth and variety of updates that have to be checked and applied. Worse, Microsoft keeps many of its updates in disparate locations—Windows Update, the MDAC site, the security bulletin site, and on and on.
Rather than picking up all of the pieces by hand, there are some software solutions to the problem that make managing patch installation across desktops far easier. One of them comes from Microsoft itself and is named HFNetChk 3.82 (short for Hotfix Network Check). This program allows an administrator to audit one or many machines to determine what their Service Pack level and post-SP hotfix condition is, and uses an XML database downloaded straight from Microsoft as a manifest of patches against which to check each machine. (The Microsoft Baseline Security Analyzer or MBSA, version 1.1.1 or greater, includes a copy of HFNetChk as a core component.)
There are also third-party products for performing patch and security audits. Service Pack Manager 2000 from Gravity Storm Software does detection and reporting on security problems and missing patches for all NT-based operating systems, including Windows XP and 2003. It also checks for problems on other Microsoft products, not just Windows itself — IIS, Exchange, SQL, ISA, IE, Outlook, and Windows Media Player. The management and reporting tools alone are probably worth the price of the product. Another product worth looking into is BigFix Patch Manager. BigFix monitors machine across the network continuously for needed upgrades and deploys them automatically as needed — which includes re-deploying patches that have been overwritten or otherwise broken. For environments that are much harder to keep in compliance with the latest changes, this may be the needed fix.
Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter. Check out his Windows 2000 blog for his latest advice and musings on the world of Windows network administrators – please share your thoughts as well!
This was first published in August 2003