To install software via group policy you must convert the .exe to a .msi but there is a way to get a script to install the .exe.
Copy the below script a .bat file and add the path. You will also need to download the update and store within the share you create. The script will also check WSUS for any missing updates by forcing a download of updates first.
As always, I would recommend you test.
@echo off
color 0A
ECHO. **************************************************************************************
ECHO.
ECHO. www.cloudbuild.co.uk/
ECHO. **************************************************************************************
echo Enabling BITs …
sc config bits start= auto
echo Starting BITs …
net start “Background Intelligent Transfer Service”
echo Enabling Automatic Updates …
sc config Wuauserv start= auto
echo Starting Automatic Updates …
net start “Windows Automatic Update Service”
echo Checking MS WSUS for any missing updates …
wuauclt.exe /detectnow
echo Enabling Windows Security Center Service (wscsvc) …
sc config wscsvc start= auto
echo Starting Windows Security Center …
net start wscsvc
echo Enabling Windows Error Reporting Service (ERSvc) …
sc config ERSvc start= auto
echo Starting Windows Error Reporting …
net start ERSvc
echo Patching MS08-067 …
“PATH HERE” /quiet /norestart
goto exit
Or if you wish to roll out to different operating systems, use the below script:
@echo off
color 0A
ECHO. ****************************************************************************************
ECHO. www.sana-tech.net/blog
ECHO.
ECHO. ****************************************************************************************
ver | find “2003” > nul
if %ERRORLEVEL% == 0 goto ver_2003
ver | find “XP” > nul
if %ERRORLEVEL% == 0 goto ver_xp
ver | find “2000” > nul
if %ERRORLEVEL% == 0 goto ver_2000
ver | find “Version 6.0.6000” > nul
if %ERRORLEVEL% == 0 goto ver_vista-sp0
ver | find “Version 6.0.6001” > nul
if %ERRORLEVEL% == 0 goto ver_vista-sp1
goto exit
:ver_xp
echo Enabling BITs …
sc config bits start= auto
echo Starting BITs …
net start “Background Intelligent Transfer Service”
echo Enabling Automatic Updates …
sc config Wuauserv start= auto
echo Starting Automatic Updates …
net start “Windows Automatic Update Service”
echo Checking MS WSUS for any missing updates …
wuauclt.exe /detectnow
echo Enabling Windows Security Center Service (wscsvc) …
sc config wscsvc start= auto
echo Starting Windows Security Center …
net start wscsvc
echo Enabling Windows Error Reporting Service (ERSvc) …
sc config ERSvc start= auto
echo Starting Windows Error Reporting …
net start ERSvc
echo Patching …
“path where update is stored” /quiet /norestart
goto exit
:ver_2000
echo Enabling BITs …
sc config bits start= auto
echo Starting BITs …
net start “Background Intelligent Transfer Service”
echo Enabling Automatic Updates …
sc config Wuauserv start= auto
echo Starting Automatic Updates …
net start “Windows Automatic Update Service”
echo Checking MS WSUS for any missing updates …
wuauclt.exe /detectnow
echo Patching MS08-067 …
“path to where update is stored” /quiet /norestart
goto exit
:ver_vista-sp0
echo Enabling BITs …
sc config bits start= auto
echo Starting BITs …
net start “Background Intelligent Transfer Service”
echo Enabling Automatic Updates …
sc config Wuauserv start= auto
echo Starting Automatic Updates …
net start “wuauserv”
echo Checking MS WSUS for any missing updates …
wuauclt.exe /detectnow
echo Enabling Windows Security Center Service (wscsvc) …
sc config wscsvc start= auto
echo Starting Windows Security Center …
net start wscsvc
echo Enabling Windows Defender Service (WinDefend) …
sc config WinDefend start= auto
echo Starting Windows Defender …
net start WinDefend
echo Enabling Windows Error Reporting Service (WerSvc) …
sc config WerSvc start= auto
echo Starting Windows Error Reporting …
net start WerSvc
echo Patching …
“path to where update is stored” /quiet /norestart
goto exit
:ver_vista-sp1
echo Enabling BITs …
sc config bits start= auto
echo Starting BITs …
net start “Background Intelligent Transfer Service”
echo Enabling Automatic Updates …
sc config Wuauserv start= auto
echo Starting Automatic Updates …
net start “Windows Automatic Update Service”
echo Checking MS WSUS for any missing updates …
wuauclt.exe /detectnow
echo Enabling Windows Security Center Service (wscsvc) …
sc config wscsvc start= auto
echo Starting Windows Security Center …
net start wscsvc
echo Enabling Windows Defender Service (WinDefend) …
sc config WinDefend start= auto
echo Starting Windows Defender …
net start WinDefend
echo Enabling Windows Error Reporting Service (WerSvc) …
sc config WerSvc start= auto
echo Starting Windows Error Reporting …
net start WerSvc
“path to where update is stored” /quiet /norestart
goto exit
:exit