Browse Prior Art Database

"PSCAN" a Microsoft Security Patching Tool Disclosure Number: IPCOM000130397D
Original Publication Date: 2005-Oct-22
Included in the Prior Art Database: 2005-Oct-22
Document File: 2 page(s) / 56K

Publishing Venue



A set of windows 2000/2003 scripts is disclosed, PSCAN, to identify and apply missing "customer approved" MS security patches on windows 2000/2003 servers.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 58% of the total text.

Page 1 of 2

"PSCAN" a Microsoft Security Patching Tool

1. What does PSCAN do?

Commercial patching tools basically do three things:

a) Scan a server for missing patches

b) Tell you if the missing patches are on a centrally managed
"approved" list

c) Give you the option to apply any missing approved patches and
automatically copy the needed patches to the server from a
centrally managed repository.

The Microsoft MBSA tool by itself gives you step a)functionality.
PSCAN takes the output from MBSA and adds the b)and

In addition, the PSCAN code is written in plain windows 2000
scripting language. Which means,it can easily be customized
to perform the following:

d) Stop an application(s) service(s) before applying patches.

- This is important in application servers.

Some applications crash if the server is
rebooted without properly stopping the
application first.

e) Apply or Skip a patch on a server based on:

- server ip address

- server name (including wild cards, i.e. FL*, MIA*)

- applications running on server

- etc...

- This is important in complex environments where
sometimes the customers asks that a certain patch
not be applied to some servers. Etc.

f) Change a registry setting.

- Some registry changes require a server reboot.

A good time to do them is during server patch time.

2. How to set it up?

Basically you copy all the pscan files to a repository server.
You edit one time: pscan.cmd .. about the first 15 lines or so


Page 2 of 2

with the particulars of your en...