Steven
Thu May 25 10:57:52 CDT 2006
I don't believe that is yet possible. Currently my understanding is the
script must check for the updates you are looking for referencing a text
file that contains the list. The link below is another one I found on how it
works that may be of interest and below that is a sample .vbs file from
Microsoft for checking for updates. --- Steve
http://www.microsoft.com/technet/community/columns/cableguy/cg0203.mspx
'
*****************************************************************************
' SAMPLE SCRIPT - CheckHotFixes.vbs
'
*****************************************************************************
' Description - This Script finds if any critical OS updates (Hot Fixes)
' are missing on the Client machine or not.
' Administrator is required to provide a list of Hot Fixes
mandated
' to be installed on the Client Machine in order to remove it
from
' Quarantine. <refer the file: HotFixIdList.txt>
' Format for specifying the Hot Fixes in the Text file:
' <HotFix Id 1>
' <HotFix Id 2>
' ...
' * This list of required Hotfixes can either be packaged with
the
' * CM profile (along with other script files) OR it can be
made
' * downloadable from a server share at execution time.
' * Admin must make provisions to update this list of required
' * Hotfixes regularly.
'
' Supported Operating Systems -
' Windows 2000
' Windows 2000 Advanced Server
' Windows 2000 Professional Edition
' Windows 2000 Server
' Windows Server 2003
' Windows XP
' Windows XP Service Pack 2
'
' Usage - CheckHotFixes.vbs <filename>
' where filename is the file listing the Hot-Fix-ID
of all
' the Hot Fixes mandated
'
' Returns - 0 - If all requisite Hot Fixes are installed
' 1 - If one or more requisite Hot Fixes are missing
' 2 - Filename Not specified
' 3 - File Not Found
'
' Copyright © Microsoft Corporation. All rights reserved
'
***************************************************************************
Option Explicit
Dim sInstalledQFE(40), sReqdQFE(40)
Dim sintMaxInstalled, sintMaxReqd
Dim strFile
'
****************************************************************************
' Function - FindInstalledQFE
' Description - Reads the Registry and stores the list of installed
' QFEs/ Hotfixes in an array
' Returns - 1 : If unable to determine the installed QFEs/ Hot Fixes on
the
' Client machine
'
****************************************************************************
Sub FindInstalledQFE()
On Error Resume Next
Dim oReg
Dim strComputer
Dim subkey
Dim arrSubKeys
Dim strKeyPath
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &
strComputer & "\root\default:StdRegProv")
If (Not IsObject(oReg)) Then
WScript.Echo("Unable to retrieve Reg Prov object")
WScript.Quit (1)
End If
strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix"
oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys
sintMaxInstalled =0
For Each subkey In arrSubKeys
sInstalledQFE(sintMaxInstalled) = subkey
sintMaxInstalled = sintMaxInstalled + 1
Next
Set oReg = Nothing
End Sub
'
****************************************************************************
' Function - ReadRequiredQFE
' Description - Reads the file specified as a command line argument
enumerating
' the list of required QFEs/ HotFixes
' Returns - 1 : If unable to determine the installed QFEs/ Hot Fixes on
the
' Client machine
' 3 : If the specified file does not exist.
'
****************************************************************************
Sub ReadRequiredQFE()
On Error Resume Next
Dim objFSO
Dim objTextFile
Dim strNextLine
sintMaxReqd = 0
Const ForReading = 1
Set objFSO = CreateObject("Scripting.FileSystemObject")
If (Not IsObject(objFSO)) Then
WScript.Echo("Unable to Create FileSystem Object")
WScript.Quit (1)
End If
If (Not (objFSO.FileExists(strFile))) Then
WScript.Echo("Specified File Does not exists")
WScript.Quit (3)
End If
Set objTextFile = objFSO.OpenTextFile(strFile, ForReading)
Do Until objTextFile.AtEndOfStream
strNextLine = objTextFile.Readline
sReqdQFE(sintMaxReqd) = strNextLine
sintMaxReqd = sintMaxReqd + 1
Loop
Set objFSO = Nothing
Set objTextFile = Nothing
End Sub
'
****************************************************************************
' Function - IsMissing
' Description - Compares the list of installed QFEs/ Hotfixes against those
' required and finds if any QFE/Hotfix is missing
' Returns - TRUE : If one or more required QFEs/ Hotfixes are not
installed
' on the Client machine.
' FALSE : If all the required QFEs/ HotFixes are installed on
the
' Client machine
'
****************************************************************************
Function IsMissing()
On Error Resume Next
Dim m,n
IsMissing = FALSE
For m=0 To sintMaxReqd
IsMissing = TRUE
For n=0 To sintMaxInstalled
If (sReqdQFE(m) = sInstalledQFE(n)) Then
IsMissing = FALSE
Exit For
End If
Next
If (IsMissing = TRUE) Then
Exit For
End If
Next
End Function
'
****************************************************************************
' Function - Main
' Description - Invokes routines to determine the list of installed HotFixes
' on the Client machine and validate them against the Admin
' provided list of required HotFixes
' Returns - 0 - If all requisite Hot Fixes are installed
' 1 - If one or more requisite Hot Fixes are missing
' 2 - Filename Not specified
'
****************************************************************************
Sub Main()
On Error Resume Next
If (WScript.Arguments.length < 1) Then
WScript.Echo("Usage: CheckHotFixes.vbs <filename>")
WScript.Echo(" where 'filename' is a file containing the list of
Required HotFixes")
WScript.Quit (2)
End If
strFile = WScript.Arguments.item(0)
FindInstalledQFE()
ReadRequiredQFE()
If (IsMissing = TRUE) Then
WScript.Echo("All Hot Fixes NOT installed")
WScript.Quit (1)
Else
WScript.Echo("All Hot Fixes already installed")
WScript.Quit (0)
End If
End Sub
Main()
"Patrick Dickey" <pd1ckey43@remove.msn.com> wrote in message
news:88AF3B2F-5F37-4897-BCA2-75A9F485B918@microsoft.com...
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> news:%23MtiRxpeGHA.968@TK2MSFTNGP04.phx.gbl...
>>I have not used it myself but the link below should get you started on
>>what it takes. From what I understand writing the scripts needed can be
>>the challenging part to check for all the various antivirus programs. The
>>article does have some sample scripts to get you started and if you Google
>>you may be able to find more. --- Steve
>>
>> Implementing Quarantine Services with Microsoft Virtual Private Network
>> Planning Guide
>>
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/quarantineservices/default.mspx
>>
http://www.microsoft.com/downloads/details.aspx?FamilyID=a290f2ee-0b55-491e-bc4c-8161671b2462&displaylang=en
>> --- sample scripts
>>
>> "Jose" <Jose@discussions.microsoft.com> wrote in message
>> news:617A9155-4ADA-4657-9DFC-B3A728824C9B@microsoft.com...
>>>I was at a Microsoft seminar a year or two ago that covered laptop or
>>>remote
>>> user access security and how Windows Server and other Micorosoft
>>> technologies
>>> could be used to control remote user access to business LAN.
>>>
>>> They talked about being able to set up VPN access to LAN and being able
>>> to
>>> scan remote user laptop/desktop to verify whether it's patches and
>>> updates
>>> were up to date and if they were the remote user was allowed into LAN if
>>> if
>>> they were not up to date then the remote user was "quarantined" and not
>>> allowed access to the LAN until it was updated and then allowed into
>>> LAN.
>>>
>>> What is required to do this and is there any documentation on how to set
>>> this up?
>>>
>>> Thanks,
>>> Jose
>>
>>
>
>
> Could you write a script that quarantines the laptop until MBSA scans it?
> If it's a company laptop, you could implement a policy that they have to
> install (or keep) the necessary files for MBSA to scan the laptop. If
> it's a personal laptop, IMVHO, it has no business even being on the
> company network, so that makes the job even easier.
>
> After MBSA runs, and verifies whether or not the updates are installed,
> you can either un-quarantine or keep it in quarantine based on the
> results.
>
>
> --
> Patrick Dickey
> Smile... Someone out there cares deeply for you.
>
http://www.pats-computer-solutions.com
>
http://www.microsoft.com/protect
>
http://update.microsoft.com