Get the Network Administrators tool pack

Subscribe to our newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them.

Click Here to get your free tools

Recent Posts



Force install of security patches – Across your network

Post image for Force install of security patches – Across your network

by Steve Wiseman on January 26, 2012 · 11 comments

in Network Administrator,Scripts,Tips


I got a question from Mike this week:

“Hi steve. Hope all is well. I am the IT manager at a small bank in Texas. We have lots of patch management tools…so I am not looking for that. Before an audit I would like to quickly force all of my machines to download and install the latest security patches from MS. Is there any way to force Windows to do this from the command line? And I mean like right now! 🙂 Not next Tuesday. Thanks!”

I came across a script right on Microsoft’s website that can do something close to what you want:

It has a few issues. First, it tries to install all patches. Like the latest version of Internet Explorer, major service packs, and that ridiculous Windows Search 4.0. These require user intervention, and might even break things.

Another issue with the script is that it does not let you know when it failed because the network is down.

We took that script changed it to only include security updates. That way it gets to the core of the issue – getting the latest security patches, without any extra stuff.

With our new version of the script we created a plugin for Network Administrator. This will allow you to remotely install the latest security patches across your network:

Force Automatic Update Across your Network

If the computer already is up to date, it will say: “This computer is up to date”

You can tell it to just download, or download and install. There is even an option to reboot when the install is complete:

The free version allows you to work with three computers at a time. You can get it from our download page:

What about that script? If you want to do it yourself without Network Administrator, here is the updated version:

Just rename it to ForceAU.vbs, and call it like this from the command line:

cscript.exe ForceAU.vbs

Once it starts, it will zoom through and install the latest security patches:

The script, and the plugin work with Windows XP, 2003, Windows Vista, Windows 7, and Windows 2008.

It does require administrator access, so if your users have a limited account you will need to either use the task scheduler, group policy, or Network Administrator.

One other thing to note, is that it does not install service packs – So keep that in mind when using the plugin, or the script.

One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools

Related Articles:

{ 11 comments… read them below or add one }

1 Dave W January 26, 2012 at 1:28 am


How in the *hell* did you find those methods in VB Script?

I have the god awful script that launches IE, and has code to check for each different version of IE so it can do the proper clicks and stuff.

I am going to try your script first thing in the morning when I get to the office

2 Steve Wiseman January 26, 2012 at 1:30 am

Hi there Dave. I spent a lot longer on this script that I originally thought, and I had some help too 🙂 Indeed it was not easy to find the Category option that allows the script to skip the service packs, IE upgrades, and that Windows Search 4.0…especially since this solution works with other language versions of Windows

3 Jimmy January 26, 2012 at 6:10 pm


What a great tool. Thanks for this

4 Mr Hot Dog January 27, 2012 at 12:35 pm

Hi Steve,

I purchased Network Administrator a while back. How do I install this latest plugin?

5 Steve Wiseman January 27, 2012 at 12:43 pm


If you already have a previous version…simply make sure it is not running, and install the latest from here:

It will automatically install the new plugins.

This is true for the free, and paid versions.

6 robin September 26, 2012 at 12:01 pm

Downloaded the free trial and tried to patch an xp machine with sp3. If manually checked on pc, there are 118 patches available, when I try with NetAdmin is says the pc is up to date. Was looking to push down the latest critical MS patch as at 21/09/2012.

7 Steve Wiseman September 26, 2012 at 2:20 pm

Hello Robin,

Is it possible you picked the option “Download Only”?

If so it could show that the PC is up to date because all of the patches are downloaded (But not installed)



8 Steve Wiseman October 2, 2012 at 11:29 am

Looks like we found the issue with updates not showing. We were not clear in the plugin that it was only downloading critical updates.

We have updated the plugin to allow non-critical updates…and it also now has the ability to just show what updates are needed, and take no action.

Get the latest version from here:

9 Jim January 10, 2013 at 1:26 pm

This is exactly what I was looking for. Thanks! Using just the script, is there a way to add an automatic reboot command (if required) right in the script itself?

10 Vincent January 30, 2013 at 2:00 pm

Although i can run ForceAU.vbs from the use of RemoteExecute i get error stating to check internet connection.What is wrong ? note: i use proxy because of domain. Pls advice

11 Steve Wiseman February 1, 2013 at 1:33 pm

It could be because you have a Windows Update Server setup and the machine cannot contact it. Is that a possibility?

Leave a Comment

Category Links - Windows Forum - Exchange Forum