I think you are approaching this from the wrong angle. I would sse MBSA to scan all workstation from a single machine for missing patches.
http://technet.microsoft.com/en-us/security/cc184923.aspxI already commented on your other post regarding similar concepts. If you insist on using a script, use a Startup (not Logon) script configured through GPOs to detect the missing patch. If you need to write the results to a central location somewhere on the Network, log your results to a temporary directory on each PC. Then configure a separate Logon script to pickup the results and output them to a Network Share. The Startup script will run under the SYSTEM account when the machine starts up. The Logon script will run under a User's account (during logon) and will have access to network shares.
You can also use some VBScript to send keys to the RunAs command. There are plenty of google hits for this. An example of such code is below:
Set WshShell=WScript.CreateObject("WScript.Shell")
strCmd="C:\windows\system32\mspaint.exe"
strUser="Domain\User"
strPass="Password"
set WshShell=CreateObject("WScript.Shell")
WshShell.Run "runas.exe" & " /u:" & strUser & " " & strCmd
WScript.Sleep 1000
WshShell.Sendkeys strPass & "~"
It's not good idea to use the code above since it stores your password.
You can also use the Sysinternals tools PSEXEC which will accept a password as a parameter. Again, it's not a good idea passing a password like this to a script.
http://live.sysinternals.com/There are a number of tools out there that serve as RunAs replacements. Some will allow for encryption.
All of the above is much more work than using a free tool like MBSA.
General Certification : CPT Practical Submission
