Worklet: XP Patching

  • 26 July 2019
  • 0 replies
  • 113 views

Userlevel 7

This manual process for deploying an emergency patch will decrease the time it takes to ensure your legacy machines are operating at lower risk to exploit.


Note: Automox cannot fully update Windows XP versions due to the lack of support for XP updates by Windows Update. Automox can manage software installation and patching, as well as configuration and security settings.


There are 2 minimum requirements that can allow Automox to run on Windows XP:



  • Microsoft .NET Framework 3.5 or higher

  • Windows PowerShell 2.0 or higher


Windows XP Required Prerequisites


Install .NET Framework 3.5 (or higher)

https://www.microsoft.com/en-us/download/details.aspx?id=21


Install PowerShell 2.0 via Windows Management Framework (.NET required first)

https://www.microsoft.com/en-us/download/details.aspx?id=16818


Install Automox (with legacy Installer)

https://console.automox.com/Automox_Legacy_Installer-latest.msi


(Note: GetSystemDetail scan command WILL NOT work, so there are no hardware details and the compatibility check will always show “Not Compatible”.)


Download the appropriate Windows Edition patch from the MS Catalog.

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4500331


Worklet Instructions



  1. In the Automox console, from the System Management page, click Create Policy.

  2. From the Worklet section, click Windows.

  3. Name the Worklet.


Worklet_details



  1. Upload the KB file to the policy.




  1. Enter Evaluation and Remediation Scripts. Evaluation is optional if you’re going to execute manually. Here’s an example:


For Evaluation code block


### Evaluation
#Define KB Number and check for presence
$kbID = 'KB4500331'
$installed = Get-Hotfix -Id $kbID -ErrorAction SilentlyContinue

if ( $installed ) {
#Compliant, so Exit 0 as success
Exit 0
} else {
#Non-Compliant, so Exit 1 as failure
Exit 1
}

image


For Remediation code block


### Remediation
#Enter the name of the file you uploaded
$fileName = "windowsxp-kb4500331-x86.exe"

#Launch the installer file and capture exit code to determin success
$installer = Start-Process -FilePath $fileName -ArgumentList "/quiet /passive /norestart" -Wait -PassThru

#Evaluate Exit Code for Success 0,1641,3010 are all considered successful
if ( $installer.ExitCode -in @('0','1641', '3010')) {
Exit 0
} else { Exit 1 }




  1. Click Create Worklet.




  2. Assign worklet to a group or multiple groups and click Save Changes.






  1. Execute the worklet by clicking the Execute Policy Now button.


executeworklet


Within minutes, the patch is installed on your XP devices.



This topic has been closed for comments