M100582: Behavior explanation: Security patches since MS04-004 may not install on Windows 2003 Server


New command line options for Windows 2003 server security patches have been released since MS04-004. This article describes what changes to make so that the patches may be deployed.

  • You try to install a security patch using ManageSoft Security Patch Management
  • The target operating system of the managed device is Windows 2003 server
  • The security bulletin is MS04-004 or later and can not be installed on Windows 2003 server
  • A message box appears on the managed device while installing a security patch that states that the command-line switch used is invalid.

Security bulletins published since MS04-004 use new command line switches for the Windows 2003 server component of the bulletin.

ManageSoft may package these patches using the command line install options /q:a /r:n

The new command line options for Windows 2003 server security patches include the following:

  1. Quiet mode (no user interaction or display) - /q or q:n has been replaced with /quiet
  2. Do not restart when installation is complete - /z or /r:n has been replaced with /norestart

The command line options of the security patch may be changed by performing the following:

  1. Download the security bulletin and associated patches as per normal.
  2. Generate patch packages through the MMC console for the downloaded security patches
  3. Browse the software library to find the Windows 2003 server version of the recently packaged security patch.
  4. Open up the package in the packaging node. Right click on the external installer node and select properties.
  5. For the general tab specify the following command to execute to install the package:
    WindwosServer2003-KB832894-x86-ENU.EXE /quiet /norestart

However, if a patch package is generated for this patch in the future then ManageSoft will use the old command line options.

Additional Information

At this stage the use of new command line options is inconsistent. The deployment options that are specified as part of any security patch should be reviewed on the Microsoft knowledge base article for the security patch. These options should be compared to the default ones that ManageSoft adds to the command line install of each security patch that it packages, and if necessary changed.

The following are pertinent references:


Powered by Zendesk