XP Patching Worklet

This manual process for deploying an emergency patch will decrease the time it takes to ensure your legacy machines are operating at lower risk to exploit.

Note: Automox cannot fully update Windows XP versions due to the lack of support for XP updates by Windows Update. Automox can manage software installation and patching, as well as configuration and security settings.

There are 2 minimum requirements that can allow Automox to run on Windows XP:

  • Microsoft .NET Framework 3.5 or later
  • Windows PowerShell 2.0 or later

Windows XP Required Prerequisites 

Install .NET Framework 3.5 (or later)

Install PowerShell 2.0 via Windows Management Framework (.NET required first)

Install Automox (with legacy Installer)

(Note: GetSystemDetail scan command WILL NOT work, so there are no hardware details and the compatibility check will always show “Not Compatible”.)

Download the appropriate Windows Edition patch from the MS Catalog.

Worklet Instructions

  1. In the Automox console, from the Manage > System Management page, click Create Policy.
  2. Click Worklet.
  3. Click Next.
  4. On the Create Worklet page, name the worklet.

  5. Enter the Evaluation and Remediation scripts. Evaluation is optional if you’re going to execute manually. Here’s an example:

    For the Evaluation code block

    ### Evaluation
    #Define KB Number and check for presence
    $kbID = 'KB4500331'
    $installed = Get-Hotfix -Id $kbID -ErrorAction SilentlyContinue
    if ( $installed ) {
        #Compliant, so Exit 0 as success
        Exit 0
    } else {
        #Non-Compliant, so Exit 1 as failure
         Exit 1

    For Remediation code block

    ### Remediation
    #Enter the name of the file you uploaded
    $fileName = "windowsxp-kb4500331-x86.exe"
    #Launch the installer file and capture exit code to determin success
    $installer = Start-Process -FilePath $fileName -ArgumentList "/quiet /passive /norestart" -Wait -PassThru
    #Evaluate Exit Code for Success 0,1641,3010 are all considered successful
    if ( $installer.ExitCode -in @('0','1641', '3010')) {
          Exit 0
    } else { Exit 1 }

  6. Upload the KB file to the policy.

  7. Click Create Policy
  8. Associate the worklet to a group or multiple groups and click Associate.

  9. Click Save Policy.
  10. From the Polices page, execute the worklet by clicking the Actions > Run Policy.

    Within minutes, the patch is installed on your XP devices.