We wanted to make sure that every PC connected to our network would be up to date with the McAfee software. We looked at some network-wide software distribution products, stuff with buzzwords that left me wondering if I should laugh or if I should quit computing (I chose the first option), and that cost at lot of pesos. We didn't have that kind of budget. (Bob, do we have a budget?) Well, to me it was obvious that everyone connecting to our network had a login script running to map shares (we made sure of that). It would be quite easy to call a batch file from there that could take a part of the chore with it. At that stade, McAfee was at their first versions for Windows 95. To update it signature files, it was only a matter to copy the unzipped .dat files in the McAfee directory (somewhere in Program Files). That was fairly easy to implement:
net use x: \\servername\update
echo updating antivirus software, please wait...
xcopy x:*.* c:\Antivirus_Software_Path_\ /d /y >nul
net use x: /delete
This batch file is simple. It connects you to a previously created share on a server that holds the up to date .dat files. Then it proceeds to copy these files to the correct destination, assuming that all your stations are configured the same (they should if you really want to stand a chance). The /y switch is to overwrite files without prompting to eliminate interaction with users. The /d switch is what makes this little thing so useful, it will copy the files only if the source is newer than the destination. Since the version on the server will always be newer or equal to the version found on the stations, this makes sure that everyone gets updated while eliminating unnecessary downloads, thus reducing network traffic. Of course, common sense insists that the \\servername\share is set as read-only (and also your login scripts and your batch files).
After a bit more research, I figured that all the configuration settings were held in ASCII files (avconsol.ini, *.vs?), and assuring an homogeneous setup across my network was only a matter of forcing them on the stations the same way I did with the .dat files. Again, the /d switch was used to reduce unnecessary downloads to reduce traffic, albeit that these files were actually small, but one takes pride on optimizing such things. The problem here though, is that if someone changes the configuration on his PC (the configurations weren't password protected, and even if they were, it could be bypassed by editing the file with an ASCII editor or overwriting the file), then the destination file becomes newer than the target file, preventing copy. To circumvent this, I simply advanced the date on my machine one year forward before creating my standard configuration files. I could restore the real date afterwards. So now I am sure that the files on the server will always be newer than these on desktops and laptops for the year to come. By then, every time I make a change to these files, I use the same technique, which makes the deadline date progress along with real time. OK, this isn't 100% foolproof, but bring me a user who can get around this, and you will have a man who should reconsider his career choices.
At that time, McAfee anti-virus software didn't provide any auto-updating or auto-upgrading features, but some common sense helped us get away with some of it. We still had to install versions upgrade manually, because installation sometimes proved to be adventurous, but that wasn't so bad, these occurred only each 3-4 months. Once we had a stable version deployed, we were sure that the machines would be in optimal state for a few months. Take note that we didn't automatically install new versions as they came out, because some of them proved to be very flaky. Remember my advice about testing before deploying (this advice should be applied to any software).
2. The obvious
4. Then came Autoupdate
Table of contents