WSUS and Internet Explorer

  • Thread starter Thread starter Keith Wilcox
  • Start date Start date
K

Keith Wilcox

Hi,

Is there any way of using Windows Server Update Services (WSUS) to ensure
that client PCs have a minimum install of Internet Explorer, such as
5.50.4134.0600? Several PCs on my network have an older version of IE than
this, and it's starting to cause problems...

Alternatively, is there any way of downloading an IE setup file onto my
server, so that I can update IE on these PCs over the network, and without
having to connect these PCs to the internet? (This will also cause
problems...)

Whilst investigating this problem, I have also discovered that some PCs on
the network aren't listed in WSUS - and presumably aren't getting Windows
Updates. Does anyone know how to tell WSUS about these PCs?

Many thanks,
Keith
 
Keith,
That's a lot of slightly different questions rolled into one. I will try to
respond to each of them.
WSUS can enforce a patch level for a given version of IE, but not a version.
I don't have WSUS in front of me so I don't know whether it stil goes back
to patches for 5.5 but you can easily check.
You can easily tell the version of IE from a script to look at the version
number of iexplore.exe, for example with wsh:
strReqFile="c:\program files\internet explorer\iexpore.exe"
set oFso=wscript.CreateObject("Scripting.FileSystemObject")
if (oFso.FileExists(strReqFile)) then 'iexplore.exe exists
strCurrentVersion=oFso.GetFileVersion(strReqFile)
Or you can use an inventory product to tell you, and extract a list. There
is an Open Source inventory product like OCS.
You can download IE and put it on a file server to update from. You can use
the IEAK to customise it. Its a little harder to use a script to update IE,
as it has some runonce actions that have to happen in the admin context
after a reboot. There is an enterprise deployment msi that enables you to
run the installation through AD Group Policy. You would be best to look for
specific instructions when you select what version to install.
You don't tell WSUS about the PC's, you tell the PC's about WSUS. You can
set a PC to take updates from WSUS by exporting the relevant parts of the
registry:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate.
Hope that helps,
Anthony,
http://www.airdesk.com






"Keith Wilcox" <Keith_A_Wilcox@hotmail.com.(donotspam)> wrote in message
news:C3648F67-AB06-41CB-B874-6FEE7BC6E594@microsoft.com...
> Hi,
>
> Is there any way of using Windows Server Update Services (WSUS) to ensure
> that client PCs have a minimum install of Internet Explorer, such as
> 5.50.4134.0600? Several PCs on my network have an older version of IE than
> this, and it's starting to cause problems...
>
> Alternatively, is there any way of downloading an IE setup file onto my
> server, so that I can update IE on these PCs over the network, and without
> having to connect these PCs to the internet? (This will also cause
> problems...)
>
> Whilst investigating this problem, I have also discovered that some PCs on
> the network aren't listed in WSUS - and presumably aren't getting Windows
> Updates. Does anyone know how to tell WSUS about these PCs?
>
> Many thanks,
> Keith
>
 
Back
Top