How to deploy the latest Internet Explorer with updates

Updating to the latest Internet Explorer as soon as it is released isn’t always feasible for every organization. In this article, I’ll cover how to update your PC’s to the latest version or IE with the latest patches when you are ready to upgrade.

If your organization is like mine, you probably aren’t running out to install the latest version of Internet Explorer on all your computers as soon as it is available for download. Chances are, you have internal web-based applications that are either developed in-house or by a 3rd party vendor that, at the very least, will need testing and possibly updates so that they will be fully compatible.

So, fast forward a few months and your applications are ready to support the latest IE! There’s only one problem, Microsoft has now released several updates and you need to make sure that all your computers have the latest and greatest updates when you deploy IE.

Update manually ^

Yeah right, huh? For a handful of computers, this is probably feasible (especially for your testing group). But, if you support more than a couple of dozen, you’ll probably want a more automated process.

Method 1 for updating manually is to run Windows Update to install the update. Just remember, if you’ve hidden IE updates, you’ll need to go into ‘Restore hidden updates’ to make them appear again.

Hidden updatesWindows Update

Windows Update

After running the update, you’re done!

Check Internet Explorer version

Check Internet Explorer version

Method 2 involves downloading IE manually and running the executable. In the event that Windows Update is disabled in your environment or otherwise not a viable way to install an IE update manually, IE 9 can be downloaded here and IE 10 can be downloaded here. Future versions will be listed on the main IE download page.

Install Internet Explorer manually

Install Internet Explorer manually

In both of these scenarios, the installer accesses Microsoft update servers, downloads the latest updates, and includes them as part of the install process.

Deploy with a system management tool ^

If you’re using a systems management product like System Center Configuration Manager, LANDesk, Altiris, or PDQ Deploy, to deploy software, you can use also it to push out an install Internet Explorer.

First, we’ll need to download the installer from Microsoft (see the Update Manually section). Running the installer with the /? switch will show you all of the options that are available for installing IE.

Internet Explorer setup command line switches

Internet Explorer setup command line switches

The key switches you’ll want are:

  • /passive – Runs the installer visible to the end user, but without the ability to give input.
  • /quiet – Run the installer without showing the end user an interface.
  • /norestart – Doesn’t require a restart even if one is required to complete install.
  • /forcerestart – Forces a restart after install if one is necessary.

In my typical deployment, I use /quiet and /forcerestart and schedule the install for an off-service time of the day. So, the installer with switches would look something like this:

This would update Internet Explorer to version 10 on Windows 7 x64 with no UI visible to the user and force a restart if one is necessary. The key with this method of install is that the client system has to have an Internet connection. During the install process, the installer reaches out to Microsoft update servers and pulls down the latest IE cumulative update.

Install without internet connectivity ^

In the event you have clients that can’t access the Internet or are firewalled/proxied in some way that prevents them from accessing Microsoft update servers, you’ll need to include the latest Internet Explorer Cumulative Security Update as part of your update.

To find the latest IE Cumulative Security Update, fire up your favorite search engine and search for “Internet Explorer Cumulative Security Update.” Based on the search results, it should be easy to tell which the latest is.

When installing IE, you’ll need to ensure that the installer is set to not update and not reboot. For example:

Once the update completes, you’ll need to deploy the .msu file that contains the IE cumulative security update. MSU files can be scripted by using wsua.exe; running that executable with a /? gives us the command line switches that are available.

Windows Update Standalone Installer

Windows Update Standalone Installer

To install the update, run the wusa.exe command followed by the path to the update, a switch to set the display level, and a switch the make the system reboot if necessary.

Once the system reboots, it will have IE with the latest cumulative update.

Want to write for 4sysops? We are looking for new authors.

Read 4sysops without ads and for free by becoming a member!

0
Share
3 Comments
  1. Lynda Hodgekiss 7 years ago

    Thanks for very useful info regarding IE security updates and how to deploy them. I've succesfully deployed IE with cumulative updates (runned as a post-installation task) on few PCs in our network using EMCO Remote Installer Free.

    To keep your IE copies updated by the latest patches, you can subscribe for security bulletin notifications on this MS page: http://technet.microsoft.com/en-us/security/bulletin/

    0

  2. Tim 7 years ago

    Is there a way to do this with our existing WSUS? We are only recently able to deploy IE9 precisely because of the reasons you mentioned in your intro. WSUS will push out IE9, reboot, then push out the cumulative security update and reboot again. Is there any way to get WSUS to deploy both in just one push and save ourselves an extra reboot? I suspect there isn't, but hey, can't hurt to ask.

    0

  3. I'm not aware of a way to install new IE versions with WSUS and avoid the reboot. The bigger concern is usually having the GA release of the browser un-patched on the system... not the extra reboot. One trick you can use is to set a deadline on the latest IE cumulative update that has already passed. Approve IE, it installs at the scheduled time, reboot, then Windows sees the update and immediately installs/reboots.

    0

Leave a reply to Kyle Beckman (Rank: Level 2)
Click here to cancel the reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account