Again, if the system you are patching is critical and highly sensitive, it is generally recommended that you patch it manually at the console by simply executing the hotfix file directly. However, for less critical systems (like developer desktops), you may want to deploy the hotfixes remotely. Luckily, hotfixes released in the past few years come with a nice installer that makes it much easier to perform remote installations.
For example, to quietly install a SQL Server 2000 hotfix locally, you could execute the following command at the command prompt:
sql2000-kb810185-8.00.0878-enu.exe /s /a /q
Using tools like psexec from the free
Psexec \\remotemachine -c -d sql2000-kb810185-8.00.0878-enu.exe /s /a /q
This will copy the entire hotfix to the remote machine and execute the silent installation on the remote machine without waiting for the process to complete. Using a script, you can deploy hundreds of hotfixes in a matter of minutes, assuming you have the bandwidth and the installations can occur on each machine in parallel.
The complete set of command-line options for the SQL Server hotfix installer are as follows:
Option Definition ------ ---------- /s Disable Self Extraction progress dialog /a Unattended mode /q Silent mode /allinstances Patches all instances of SQL Server INSTANCENAME Entered as INSTANCENAME=yourinstancename BLANKSAPWD BLANKSAPWD=1 if you have a blank sa password SAPWD SAPWD=yourpw for non-blank sa password
HOW TO PATCH SQL SERVER, PART 2
Step 1: Segregate your scan results
Step 2: Obtain service packs and prepare for deployment
Step 3: Deploy service packs
Step 4: Obtain hotfixes and prepare for deployment
Step 5: Deploy hotfixes
Step 6: Re-assess network
Step 7: Plan next assessment
Back: How to patch SQL Server, part 1
|ABOUT THE AUTHOR:|
| Chip Andrews, CISSP
Chip Andrews is the director of research and development for Special Ops Security Inc. and the founder of the SQLSecurity.com Web site, which focuses on Microsoft SQL Server security topics and issues. He is also the author of SQL Server Security.
Copyright 2005 TechTarget