none
How to download and install KB931125 programmatically

    Question

  • Hello,

    Does anyone know how we can download and install KB931125 ( Update for Root Certificates) PROGRAMMATICALLY for specific platform?

    Please advise.

    Thanks in advance.

    Saturday, October 20, 2012 3:39 AM

Answers

  • read this: http://support.microsoft.com/kb/931125
    WindowsXP has an Operating System component/feature which handles this updating (not WUagent)

    reference information for background:
    http://social.technet.microsoft.com/Forums/en/winserverwsus/thread/31186f99-85b6-4b81-bd66-482740c1eab5

    Lawrence's information shows that a WindowsXP client *can* update the root certs via WUagent/WSUS, and, fallback to the OS component.


    http://social.technet.microsoft.com/Forums/en/winserverwsus/thread/7720ba20-fdb4-4680-a4b7-76dbeeb613c0

    http://social.technet.microsoft.com/Forums/en/winserverwsus/thread/3c0d8e05-036e-4900-a06f-dac332a71539

    KB931125 update packages, are classifed as "Updates":
    http://catalog.update.microsoft.com/v7/site/Search.aspx?q=931125

    There is much more reading you can do, particularly for newer platforms.
    e.g. Vista/Win7 will automatically/dynamically attempt online real-time retrieval of root certs and CRL's when a secured resource calls for a root cert that is not currently in the machine's local store.

    Note that if you open this thread (not expand it but open this thread by clicking on the topic/thread title), you should see some very useful "Related Topics" on the right-hand side. These are often contextually very helpful, I find :)


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)


    • Edited by DonPick Saturday, October 20, 2012 6:24 AM
    • Marked as answer by cplusplusdev Saturday, October 20, 2012 5:52 PM
    Saturday, October 20, 2012 6:22 AM
  • I am not sure that you will be able to do this programmatically, given that there are many possible client configurations to deal with, unknown WSUS vs WU/MU, unknown WSUS configurations/products/classifications/approvals, unknown proxy/firewall configurations, unknown company security standards, and also that the KB931125 download at MS DLC appears to require genuine validation.

    It gets even more complicated if you need to deal with newer platforms, or server platforms, since they both take a different approach to this self/auto-updating.

    programmatically invoking actions that modify the trusted root store, seems to me a very privileged operation, and challenging to implement.
    particularly on such an old platform like XP.
    perhaps if the client environment has an alternate software distribution system in place, that system could deploy rootsupd.exe, either prior to, or in parallel with a deployment of your software?
    (since I doubt MS will permit you to bundle/ship it with your software, although you could check the redistributable rights for that)


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    • Marked as answer by cplusplusdev Monday, October 22, 2012 7:46 AM
    Sunday, October 21, 2012 12:36 AM

All replies

  • Hi,

    are you using WSUS?

    Which platforms are you targeting for this requirement?

    What have you tried?

    As per KB931125, some platforms already have automatic updating for the Root Certs program members - is this not working for you?

    (a better forum for this question might be the server/security forums?)


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Saturday, October 20, 2012 5:32 AM
  • Yes. I  am using WSUS, Windows Update Agent to search the KB931125, but not see it in the list. I would like to get update for XP actually. But i have no idea it could be available for Vista+ by programmatically.

    Actually, we can do manually download the update, but the requirement is to download and install programmatically.

    Saturday, October 20, 2012 5:36 AM
  • read this: http://support.microsoft.com/kb/931125
    WindowsXP has an Operating System component/feature which handles this updating (not WUagent)

    reference information for background:
    http://social.technet.microsoft.com/Forums/en/winserverwsus/thread/31186f99-85b6-4b81-bd66-482740c1eab5

    Lawrence's information shows that a WindowsXP client *can* update the root certs via WUagent/WSUS, and, fallback to the OS component.


    http://social.technet.microsoft.com/Forums/en/winserverwsus/thread/7720ba20-fdb4-4680-a4b7-76dbeeb613c0

    http://social.technet.microsoft.com/Forums/en/winserverwsus/thread/3c0d8e05-036e-4900-a06f-dac332a71539

    KB931125 update packages, are classifed as "Updates":
    http://catalog.update.microsoft.com/v7/site/Search.aspx?q=931125

    There is much more reading you can do, particularly for newer platforms.
    e.g. Vista/Win7 will automatically/dynamically attempt online real-time retrieval of root certs and CRL's when a secured resource calls for a root cert that is not currently in the machine's local store.

    Note that if you open this thread (not expand it but open this thread by clicking on the topic/thread title), you should see some very useful "Related Topics" on the right-hand side. These are often contextually very helpful, I find :)


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)


    • Edited by DonPick Saturday, October 20, 2012 6:24 AM
    • Marked as answer by cplusplusdev Saturday, October 20, 2012 5:52 PM
    Saturday, October 20, 2012 6:22 AM
  • Thanks for your answer. However, I tried to search the KB931125 by WUAPI ( Windows Update API), but I never see the KB931125 in the list. I have no idea about this. I have a requirement that need to download KB931125 and install automatically when installing our software. Could you please advise me how I can get it? 
    Saturday, October 20, 2012 11:36 AM
  • I am not sure that you will be able to do this programmatically, given that there are many possible client configurations to deal with, unknown WSUS vs WU/MU, unknown WSUS configurations/products/classifications/approvals, unknown proxy/firewall configurations, unknown company security standards, and also that the KB931125 download at MS DLC appears to require genuine validation.

    It gets even more complicated if you need to deal with newer platforms, or server platforms, since they both take a different approach to this self/auto-updating.

    programmatically invoking actions that modify the trusted root store, seems to me a very privileged operation, and challenging to implement.
    particularly on such an old platform like XP.
    perhaps if the client environment has an alternate software distribution system in place, that system could deploy rootsupd.exe, either prior to, or in parallel with a deployment of your software?
    (since I doubt MS will permit you to bundle/ship it with your software, although you could check the redistributable rights for that)


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    • Marked as answer by cplusplusdev Monday, October 22, 2012 7:46 AM
    Sunday, October 21, 2012 12:36 AM
  • Thanks for your answer, I can make it for XP programmatically and it works perfect. I read documentation and I understand that Vista and above have new mechanism to self-update and automatically. So, it is as expectation.

    Thanks.

    Monday, October 22, 2012 7:46 AM