Creating a Recurring Scheduled Task in BatchPatch

Today I’m going to talk about the Task Scheduler, recurrence, and the alternative options available to BatchPatch users needing to create tasks that execute more than just one time.

Let’s start with the standard recurrence options available in the Task Scheduler options.

Scheduled Tasks with Standard Recurrence (Daily, Weekly, Monthly)

  1. To create a standard recurring scheduled task, highlight the desired rows/hosts in the BatchPatch grid, and then select ‘Actions > Task scheduler > Create/modify scheduled task.’
  2. In the window that appears you must select the desired task to be executed from the Task drop-down list. Then set the reference time. NOTE: When you modify the reference time, the run time automatically changes accordingly. For all scheduled tasks that have no recurrence option set, the run time will be the same as the reference time. Also when any standard recurrence option is set (daily, weekly, monthly), the run time will be the same as the reference time. However, when you create a recurring task with one of the recurrence options that says “+ X days” you’ll see that the reference time and the run time will differ by the X value, in days. We’ll get into more detail with that option later on in this posting.
  3. Finally, choose your recurrence option – daily, weekly, or monthly. Then click OK to apply the scheduled task to the highlighted rows. Make sure the scheduler is running/enabled, by clicking the clock icon in the upper right corner of the BatchPatch window. When it’s green the scheduler is running/enabled.

Scheduled Tasks with Advanced Recurrence (+ X days)

When it comes to Windows Updates, as patching administrators we all know that Microsoft generally releases updates on the 2nd Tuesday of each month. This day has become known as “Patch Tuesday.” Wouldn’t it be convenient if you could just set a schedule to automatically download and install updates at some time/day that is always X days after Patch Tuesday?

While we do not recommend installing Windows Updates *immediately* after Patch Tuesday, we *do* recommend installing the updates within a couple of weeks of Patch Tuesday. The idea here is all about mitigating risk. There is a real risk involved in installing updates, particularly on production servers, *immediately* after they are released. This is because Windows updates can and sometimes do actually break things. On the flip side, if you wait months to install updates, you leave your machines exposed to vulnerabilities that would be fixed by applying the updates in question. We tend to think the sweet spot for installing updates is usually some time between 4 days and 2 weeks after the updates have been released by Microsoft. This gives ample time for those updates to be tested in your lab instead of in your production environment, and it also gives time for other people around the world to report any issues that they encounter, while still getting the updates applied somewhat soon after they are initially released, thereby protecting your machines from being exposed for any longer than necessary.

So, let’s say your scheduled maintenance window occurs on the first Saturday after Patch Tuesday. While Patch Tuesday is always the 2nd Tuesday of the month, the Saturday that comes after is not necessarily the 2nd Saturday of the month. For example, in the current month (March 2018) the Saturday that comes after the 2nd Tuesday of the month is actually the 3rd Saturday of the month. So if we want to reliably have a scheduled task that always recurs on the Saturday that comes after the 2nd Tuesday, we need to be able to schedule it for “Monthly (2nd Tuesday) + 4 days.” If we instead scheduled it for every 2nd Saturday, we’d encounter many months where we’d end up running the task on the Saturday *before* instead of the Saturday *after* Patch Tuesday. This would obviously be unacceptable. Hence why the BatchPatch recurrence options include functionality for ‘Monthly recurrence + X days’. When you select this option from the ‘Recurrence’ drop-down menu in the BatchPatch Task Scheduler, you’ll notice that the run time is no longer the same as the reference time. The reference time gets set to the actual 2nd Tuesday of the month, while the run time is set to the following Saturday. In each month no matter which day the 2nd Tuesday lands on, with this setting your scheduled task will always end up recurring on the 1st Saturday following the 2nd Tuesday. Pretty cool, right?

Scheduled Tasks with Multiple Tasks Scheduler

If for any reason the recurrence options do not suit your needs or desires, you may always just use the ‘Multiple Tasks Scheduler.’ This feature enables you to set a specific task to run at specific days/times for a given host. For this you would just click the button ‘Create Multiple Scheduled Tasks‘ and then set your desired tasks accordingly. In the screenshot below you can see that I have 3 different run dates and times set for a task. I could populate as many different run dates and times as I want, effectively allowing full customization of the schedule.

Scheduled Tasks with Multiple Rows Per Host in the Grid

The other option that’s always available instead of using the built-in recurrence options and instead of using the built-in ‘Multiple Tasks Scheduler’ is to simply populate the grid with multiple rows for each host. So if you want to set 3 different scheduled tasks for a given host, you can add that host to the grid 3 times. Then in each row you could create a different scheduled tasks, as illustrated in the screenshot below.

Posted in Blog, General, Tutorials | Tagged , , , , , | Comments closed

Deploying Windows Feature Upgrades Remotely to Multiple Computers

The ‘feature upgrades’ to Windows 10 (1607, 1703, 1709, 1803 etc) cannot be installed with the normal Windows Update actions in BatchPatch. Instead we have to use an alternate method to get these updates on to target computers. Below I’ll demonstrate how that’s accomplished.

  1. Use the Windows 10 Media Creation Tool to obtain the ISO installation media for the version of Windows 10 that you want to deploy. You can download the Windows 10 Media Creation Tooldirectly from Microsoft at this link. It will enable you to obtain the most recent version of Windows 10, which at this time is version 1709. You cannot use this tool to obtain anything other than the current/latest version, so if you are needing an older version then you would have to obtain it through some other means, such as through a volume licensing agreement with Microsoft.
  2. Run the media creation tool. When you run the media creation tool you *must* be logged on to the computer as a local administrator. It is *not* sufficient to use ‘run as’ to run the tool with elevation as an administrator. You must actually be logged-on to the computer as the administrator before you run the media creation tool, otherwise the tool will not let you proceed.
  3. Create installation media. When you run the media creation tool you will have the option to either Upgrade this PC now or Create installation media (USB flash drive, DVD, or ISO file) for another PC. Select the option to Create installation media, and then click Next.
  4. Choose the language, the edition, and the architecture when prompted, and then click Next again.
  5. Select destination media type. The media creation tool gives you the option of putting the installation files on a USB flash drive or into a single ISO file. For this tutorial please choose ISO, and then click Next. You will be prompted for a location on disk to save the ISO file. Choose a file destination and wait for the download to complete.
  6. Extract ISO contents. After the ISO download has completed, extract the contents of the ISO file to a new directory on your computer. While you can use almost any extraction tool for this process, I prefer and recommend 7-zip, which is available for free. After the extraction is complete you will have a folder that contains all of the required installation files.
  7. Create the BatchPatch deployment. Select Actions > Deploy > Create/modify. In the Deployment interface, select the setup.exe (from the extracted contents of the ISO) as the file to deploy, and make sure to check the ‘Copy entire directory‘ box and the ‘Leave entire directory‘ box, so that when the target computer is rebooted multiple times during the upgrade/installation, it still has access to all of the files required for the upgrade. ( After the upgrade is complete you may delete the files, but just please make sure that you don’t delete them while the upgrade is still working. Also note, the target computer will reboot multiple times during the upgrade before it’s complete. ) In your deployment configuration you will additionally need to add the following parameters:
    /auto upgrade /quiet

  8. Execute the deployment. When you are ready you can either save the deployment to execute later by using the double-right-arrow ‘>>’ button, or you can execute the deployment now for the currently selected rows in the BatchPatch grid by clicking the Execute now button. The deployment will take some time because BatchPatch has to copy multiple GBs of data to the target computers before it can execute the upgrade. When BatchPatch shows Exit Code: 0 (SUCCESS) for a given target computer you should expect that the target will still be working and will still reboot at least one time but possibly multiple times while Windows is upgraded and configured on the target, so be patient and let it do its thing!

    NOTE: We have had two reports where a user received the following error:

    Deployment: Error: Access to the path '\\TargetComputer\C$\Program Files\BatchPatch\deployment\autorun.inf' is denied.

    It’s unclear why these two users experienced this error while many others, including us, have executed the deployment successfully without encountering the error. My guess is it might have something to do with the application used to extract the .ISO file. Nonetheless, if you encounter the error it can be resolved by simply deleting the autorun.inf file from the source directory before beginning the deployment.

Posted in Blog, General, Tutorials | Tagged , , , , , , | Comments closed

Advanced Multi-Row Queue Sequence – Contingent Operations with Custom Scripts

Today the goal is to tie together some concepts that I’ve written about in the past in order to demonstrate how you can use the Advanced Multi-Row Queue Sequence to execute certain actions on some hosts with a contingency that something must be true on another host before the additional hosts begin operations.

The Plan

Here is the overall picture of what we’re going to do:

Host1:
1. Check if there is enough disk space. If the available disk space is less than a desired threshold, then stop executing the multi-row queue sequence. If there is enough disk space available, then go on to the next step.

2. Stop a specific service. If this action fails, stop executing the multi-row queue sequence. If it completes, then move on to the next step.

3. Set the service to manual. If this action fails, stop executing the multi-row queue sequence. If it completes, then move on to the next step.

4. Install Windows Updates and reboot.

5. Start the stopped service. If this action fails, stop executing the multi-row queue sequence. If it completes, then move on to the next step.

6. Set the service back to automatic. If this action fails, stop executing the multi-row queue sequence. If it completes, then move on to the next step.

7. Only after all previous actions are complete should the next two hosts begin their operations.

Host2:
1. Check if there is enough disk space. If the available disk space is less than a desired threshold, terminate the queue for this host only, but still proceed with the rest of the multi-row queue sequence for Host3.

2. Deploy Firefox

Host3:
1. Run a custom script


Scripts

In all cases with these scripts we return 0 for success and a non-zero integer (1) for failure. This enables us to use the job queue special items for ‘Terminate queue if previous actions fails/errors’ and ‘Abort advanced multi-row sequence if previous action fails/errors’. If the script returns 1, then those special items will consider it failed and will abort/terminate. If the script returns 0, those items will consider it successful and move on to the next step in the queue.

GetCDriveSpace.vbs

'Gets the free space on C drive.  If free space is less than specified threshold return 1. Else return 0.  
'Cocobolo Software LLC April 2017.
 
on error resume next
Err.Clear
 
Dim freeMB
Const MBCONVERSION = 1048576
 
Set objWMIService = GetObject("winmgmts:\\localhost\root\cimv2")
 
'Get C drive space
Set colLogicalDisk = objWMIService.ExecQuery("Select * from Win32_LogicalDisk")
		For Each objLogicalDisk in colLogicalDisk
			If objLogicalDisk.DeviceId = "C:" Then					
				freeMB = objLogicalDisk.freespace/MBCONVERSION
			End If
		Next
 
If freeMB < 500 Then
	wscript.quit(1)
Else
	wscript.quit(0)
End If

StopService.vbs

'Stops the specified service and returns 0 if successful else returns non-0
'Cocobolo Software LLC February 2018.

'Usage: cscript.exe "C:\Your Script Repository\StopService.vbs" "Your service display name goes here"

'The first argument from the command line is assigned to strServiceDisplayName
strServiceDisplayName = WScript.Arguments(0)
 
on error resume next
Err.Clear
 
Set objWMIService = GetObject("winmgmts:\\localhost\root\cimv2")
 
Set colServices = objWMIService.ExecQuery("Select * from Win32_Service where DisplayName='" & strServiceDisplayName & "'")
	For Each objService in colServices
		ReturnValue = objService.StopService()
			wscript.quit(ReturnValue)			
	Next

StartService.vbs

'Starts the specified service and returns 0 if successful else returns non-0
'Cocobolo Software LLC February 2018.

'Usage: cscript.exe "C:\Your Script Repository\StartService.vbs" "Your service display name goes here"

'The first argument from the command line is assigned to strServiceDisplayName
strServiceDisplayName = WScript.Arguments(0)
 
on error resume next
Err.Clear
 
Set objWMIService = GetObject("winmgmts:\\localhost\root\cimv2")
 
Set colServices = objWMIService.ExecQuery("Select * from Win32_Service where DisplayName='" & strServiceDisplayName & "'")
	For Each objService in colServices
		ReturnValue = objService.StartService()
			wscript.quit(ReturnValue)			
	Next

SetServiceToManual.vbs

'Sets the specified service to manual and returns 0 if successful else returns non-0
'Cocobolo Software LLC February 2018.

'Usage: cscript.exe "C:\Your Script Repository\SetServiceToManual.vbs" "Your service display name goes here"

'The first argument from the command line is assigned to strServiceDisplayName
strServiceDisplayName = WScript.Arguments(0)
 
on error resume next
Err.Clear
 
Set objWMIService = GetObject("winmgmts:\\localhost\root\cimv2")
 
Set colServices = objWMIService.ExecQuery("Select * from Win32_Service where DisplayName='" & strServiceDisplayName & "'")
	For Each objService in colServices
		ReturnValue = objService.ChangeStartMode("manual")
			wscript.quit(ReturnValue)			
	Next

SetServiceToAutomatic.vbs

'Sets the specified service to automatic and returns 0 if successful else returns non-0
'Cocobolo Software LLC February 2018.

'Usage: cscript.exe "C:\Your Script Repository\SetServiceToAutomatic.vbs" "Your service display name goes here"

'The first argument from the command line is assigned to strServiceDisplayName
strServiceDisplayName = WScript.Arguments(0)
 
on error resume next
Err.Clear
 
Set objWMIService = GetObject("winmgmts:\\localhost\root\cimv2")
 
Set colServices = objWMIService.ExecQuery("Select * from Win32_Service where DisplayName='" & strServiceDisplayName & "'")
	For Each objService in colServices
		ReturnValue = objService.ChangeStartMode("automatic")
			wscript.quit(ReturnValue)			
	Next

Create Custom Script Deployments

For each script file we need to create a deployment in BatchPatch. I have all of my scripts in a single folder on my BatchPatch computer.

Select ‘Actions > Deploy > Create/modify’, and then for each script create a deployment that looks like the following screenshots, and save those deployments using the double-right-arrow button. Note, the DiskCheck.vbs deployment has no parameters, but each of the other deployments has the desired service name as its only parameter:

Create Job Queue For Each Host

Before we create the Advanced Multi-Row Queue Sequence we have to create a job queue for each host. The job queue will be the step by step list of operations that we want each host to execute inside of the advanced multi-row queue sequence.

Select ‘Actions > Job Queue > Create / modify’ and then create the following job queues for each host. You can ‘apply queue’ to each host/row accordingly:

Host1

Host2

Host3

Note, for the places where we want to abort the entire multi-row queue sequence if the previous action fails/errors, we always add that special item right before the ‘terminate queue if previous action fails/errors’ because if we terminated the queue first, then the queu would not be running and could therefore not execute the command to abort the entire multi row queue sequence. However, in the case of Host2, we want to *only* terminate the queue if the previous action fails/errors, but we do not want to abort the entire multi-row queue sequence.

Assembling the Advanced Multi-Row Queue Sequence

Finally we will create our sequence. I’ve gone ahead and added a new row to the grid called ‘SequenceExecutionRow’ which is essentially a dummy row that is used just for the multi-row queue sequence.

  1. With that special row selected, choose ‘Actions > Job Queue > Create / modify advanced multi-row queue sequence’
  2. In the window that appears enter a Sequence Name and select the radio button for ‘Create Sequence Execution Row’, and apply it to the SequenceExecutionRow
  3. Next highlight Host1 and choose the radio button ‘Set Sequence Position Number’ with a value of 1.
  4. Do the same with Host2 and Host3.
  5. Finally we are ready to execute the sequence. Highlight the SequenceExecutionRow and select ‘Actions > Job Queue > Execute advanced multi-row queue sequence.
Posted in Blog, General, Tutorials | Tagged , , , , , | Comments closed

BatchPatch Custom Script Integration – Install Windows Updates Only After Stopping a Specified Service

Today we’re going to look at another example of how you can integrate a custom script into BatchPatch to create an effect that you could not accomplish with the built-in actions alone.

The Goal

Using a combination of the Job Queue, a Deployment, and a custom script, instruct the target computer(s) to only install Windows Updates after successfully stopping a running service. If the target computer fails to stop the service, don’t install the Windows Updates.

Summary:

Use the BatchPatch Job Queue to execute the following steps:

  1. Deploy a script to target computers that returns 0 if the specified service stops successfully.
  2. Use the Job Queue feature ‘Terminate queue if previous action fails/errors’
  3. Execute ‘Download and install updates + reboot if required’ (or any desired action)

How to do it:

  1. I’ve created a very simple vb script that stops a specified service. If the script is successful it returns 0, otherwise it returns a non-0 value. The contents of my script are below:
    'Stops the specified service and returns 0 if successful else returns non-0
    'Cocobolo Software LLC February 2018.
    
    'Usage: cscript.exe "C:\Your Script Repository\StopService.vbs" "Your service display name goes here"
    
    'The first argument from the command line is assigned to strServiceDisplayName
    strServiceDisplayName = WScript.Arguments(0)
     
    on error resume next
    Err.Clear
     
    Set objWMIService = GetObject("winmgmts:\\localhost\root\cimv2")
     
    Set colServices = objWMIService.ExecQuery("Select * from Win32_Service where DisplayName='" & strServiceDisplayName & "'")
    	For Each objService in colServices
    		ReturnValue = objService.StopService()
    			wscript.quit(ReturnValue)			
    	Next
  2. Save the script. The contents of the script above need to be saved in a text file with a .vbs file extension. For the sake of this example my script is called “StopService.vbs”
  3. Create a deployment. The deployment will be used to copy the vbscript to the target computers, execute it, and retrieve the exit code. To create your deployment select ‘Actions > Deploy > Create / modify.’
  4. Browse to the location of your StopService.vbs file, and then give the deployment a title. Click the ‘>>’ button to save the deployment. The screenshot below shows the configured deployment. Note, the DisplayName of the desired service to be stopped is in the ‘Parameters’ field in quotes.
  5. With your deployment created and saved you can now setup your Job Queue. Go to ‘Actions > Job Queue > Create / modify.
  6. Select the desired steps of the queue. The first step executes the deployment that we created earlier. The second step tells BatchPatch to halt the queue if the previous action fails/errors (a script is considered failed/errored if it returns any non-zero value). The third and final step of the script is to execute whatever action is desired such as ‘Download and install updates.’ The screenshot below shows what your queue should look like:
  7. All we have to do now is execute the queue. Click ‘Execute now’ (or alternatively save the queue first and then execute it directly from the BatchPatch Job Queue menu). When the queue executes, the target computer will first attempt to stop the ‘DNS Client’ service. If successful, it will then install Windows Updates. If unsuccessful then the queue will terminate without installing updates. By the way, there is no good reason that you would ever want or need to stop the ‘DNS Client’ service before installing updates. I only used this particular service in this example. You will, of course, specify the service that you desire to stop.
  8. Notes:

    What if you want to start a service instead of stop a service? In your vb script you can use

    ReturnValue = objService.StartService()

    instead of

    ReturnValue = objService.StopService()

    What if you want to change the start mode of the service from Automatic to Manual?

    ReturnValue = objService.ChangeStartMode("manual")

    instead of

    ReturnValue = objService.StopService()
Posted in Blog, General, Tutorials | Tagged , , | Comments closed

Presenting Data from a BatchPatch Grid for Consumption Outside of BatchPatch

One of the questions we get sometimes is how best to get data out of a BatchPatch grid, usually to present to someone who is not a BatchPatch user. For the most part when IT admins are using BatchPatch there is little need to present information to anyone else. The goal is typically to just get machines patched and rebooted, and then make sure they are back online and functional before maintenance is over. However, for many users there is sometimes a need to present certain information either to management or perhaps to a different team. For example, maybe your manager wants to know the status of your maintenance, including which updates have been deployed to which computers, or which updates are currently available and ready to install on which computers, etc. Today I’m going to show you the best ways to accomplish these objectives.

Copy and Paste

This is not the most elegant option available, but it can still be the best option in certain situations, depending on your needs. If you want to get some data out of a BatchPatch grid, one option that’s always available is to first show/hide the desired columns (you can show/hide columns by right-clicking on any column header or by selecting ‘Tools > Customize columns‘), then use CTRL-A to select the entire grid, or simply highlight the desired rows, then use CTRL-C to copy the contents to the clipboard. Next you can use CTRL-V to paste the contents of the clipboard into your favorite spreadsheet application. From there you can format as desired. Note, if you select all rows in the grid, then when you paste the contents to another application, the header row showing column titles will be included. If you only select some rows in the grid, the header row will not be included.

HTML Grid Export

This is my favorite method for most situations. You can present the grid data in HTML format for anyone to be able to view in a way that is very similar to how the data is presented in the BatchPatch grid. Simply select ‘File > Export grid‘ and then select one of the HTML export options. If you have more than one grid open in BatchPatch you can choose to have each grid go to a separate HTML file or you can have all grids be included in the same HTML file. The grid view that is displayed in the HTML report is clickable. If you click any cell in the HTML grid, it will jump to the spot in that file where that data is expanded, so that you can easily view the complete data. You can then jump right back to the grid view, as needed.

Delimited Grid Export

Another option is to export the grid to a delimited file. This is a versatile option because the resultant delimited file can be imported into a spreadsheet or database application. To perform this kind of export, choose ‘File > Export grid > Export current grid to delimited file‘. Note, the default delimiter that BatchPatch uses is the ‘?’ character. However, you can choose any delimiter that you want, including a multi-character delimiter. One thing to be careful of is to not use a delimiter that will break your output. For example, we do not recommend using a comma ‘,’. Comma is a common delimiter in many applications, but for BatchPatch it will often produce undesirable results because a BatchPatch grid may very well contain commas in its data fields. In particular, many Windows Update titles contain commas. If there is a Windows Update title in your ‘Remote Agent Log’ column, for example, then choosing comma as a delimiter is going to be problematic.

Built-in Reports

If you specifically need to produce a report of available updates or of previously installed updates for a group of computers you might want to use one of the built-in options for these particular reports. Check ‘Actions > Windows updates > Generate consolidated report of available updates‘ and ‘Actions > Windows updates > Generate consolidated report of update history‘. Once these reports have been created in BatchPatch they can both be exported to delimited files, at which point they can be imported into your favorite spreadsheet or database application.

Posted in Blog, General, Tutorials | Tagged | Comments closed

Remotely Uninstalling Third-Party Applications from Multiple Computers

If all applications could be removed/uninstalled with the same exact command, then it would never be a challenge, but unfortunately that’s not the case. Different applications will inevitably require different methods or commands for uninstallation. In most cases there is a lot of similarity from application to application, which makes it pretty simply to determine the proper method. However, it’s certainly always possible that an application’s silent/quiet removal needs to be performed with an out-of-the-ordinary method. In those cases it’s usually best to reach out to the vendor or search Google for proper uninstallation/removal steps.

Determining the Silent / Quiet / Unattended Software Removal Parameter

The most important part when it comes to remotely installing and removing software is understanding that software that is installed or uninstalled remotely must not require any user input during the operation. Under normal circumstances when you try to add or remove an application from Windows, you click on something (an executable or a link in the add/remove programs wizard) that initiates the process. But the first thing that happens after initiating the task is that you are prompted with a confirmation dialog of some kind. The problem is that if your attempt to remotely install or remove the application requires any user intervention, such as clicking OK to confirm removal, then the process will never complete because you will not be able to remotely click OK to a hidden dialog on a target computer. Your process will instead just appear to hang indefinitely. Before attempting any remote software install/uninstall you should read this posting: Understanding and Discovering the Silent Parameters Required to Remotely Deploy Software with BatchPatch

Removing FeedReader 3.14

Last week a user asked how to use BatchPatch to remotely remove FeedReader 3.14 from numerous target computers. He tried using BatchPatch’s ‘Execute remote process/command‘ feature to run each of the following commands on target computers:

"C:\Program Files (x86)\FeedReader30\unins000.exe"

AND

"C:\Program Files (x86)\FeedReader30\unins000.exe" /S

However, neither command was able to perform the remote software removal. Not surprisingly, if a command is not successful at the command line of the target computer *without* using BatchPatch, it will certainly never be successful when executing through BatchPatch. In order to determine the proper command for uninstallation, we noted to this user that he would need to first test at the cmd prompt of the target computer. In our lab we ran the following commands until until stumbling upon the one that would perform the software removal *without* requiring any additional user input.

"C:\Program Files (x86)\FeedReader30\unins000.exe"
"C:\Program Files (x86)\FeedReader30\unins000.exe" /S
"C:\Program Files (x86)\FeedReader30\unins000.exe" /s
"C:\Program Files (x86)\FeedReader30\unins000.exe" /Q
"C:\Program Files (x86)\FeedReader30\unins000.exe" /q
"C:\Program Files (x86)\FeedReader30\unins000.exe" /quiet
"C:\Program Files (x86)\FeedReader30\unins000.exe" /silent

It turned out in the end that the correct command for FeedReader 3.14 is:

"C:\Program Files (x86)\FeedReader30\unins000.exe" /silent

That command immediately uninstalls the application with no additional user input required, whereas all of the other commands popup a dialog (see screenshot below) asking for the user to click OK to proceed with the uninstallation.

Once the proper command is determined, only then should it be inserted it into the ‘Remote process/command‘ dialog in BatchPatch. At that point remote execution of the software removal on numerous target systems is quick and simple!

Posted in Blog, General, Tutorials | Tagged , , | Comments closed

Remotely Deploying the Patch to Fix Intel’s ‘Meltdown’ CPU Security Flaw

As you have probably already seen in the tech news this week, all Intel CPUs have a newly discovered flaw being called ‘Meltdown‘. More information is available here.

Currently the only way to address this hardware flaw is by applying an update to the operating system. If you will be using BatchPatch to distribute the update to your computers then you have a couple of different options for making this happen.

The update has been released under the following KB IDs, which vary depending on the version of operating system that is installed on your computer. You should definitely read the KB release notes (links below) because there are important compatibility issues, particularly with anti-virus applications, to be aware of before installing the update, which are outlined on the pages linked below.

KB4056892 (applies to Windows 10 version 1709)
KB4056891 (applies to Windows 10 Version 1703)
KB4056890 (applies to Windows 10 Version 1607, Windows Server 2016)
KB4056888 (applies to Windows 10 Version 1511)
KB4056893 (applies to Windows 10 Enterprise released in July 2015)

Applying the Update to Systems that Have Access to the Internet or a WSUS

For systems that have access to the internet or a WSUS, applying the update with BatchPatch should be very straightforward. You’ll simply need to execute your normal Windows Update routine so that computers download and install the appropriate update. For most users this means you’ll execute ‘Actions > Windows updates > Download and install updates + reboot if required‘ or similar.

In the case with my lab Windows 10 Version 1607 computer, when I ran BatchPatch ‘check for available updates’ this is the result I got:

To update this computer I will simply execute ‘Download and install updates + reboot if required‘ and that should be all I need to do.

Applying the Update to Systems that Do Not Have Access to the Internet or a WSUS

Using Offline Mode to Deploy the Updates:

If you are applying this out-of-band patch to systems that do not have internet access or access to a WSUS, one option is to wait until Microsoft publishes the next WsusScn2.cab file, which they do on a monthly basis. The next release of this file *should* have the relevant updates included, which means that you will be able to follow your normal routine of applying Windows updates using ‘offline mode‘ in BatchPatch.

EDIT 20180108: Microsoft released a new WsusScn2.cab file on Jan 4, 2018 that contains the relevant updates.

Using the BatchPatch ‘Deployment’ Functionality to Deploy the Updates:

You will need to first manually download the required update from the Microsoft catalog. Links to each update (each OS version has its own update) are provided on the pages linked above for each KB ID. Once you have downloaded the relevant update for each operating system in your environment, and once you have read through the KB articles to make sure that your systems are ready to receive the update, then you may go ahead and deploy the .MSU file using BatchPatch’s standard ‘Deploy’ method for .MSU files, which is outlined here: Remotely Deploy a Standalone .MSU Update to Multiple Computers

Posted in Blog, General, Tutorials | Tagged , , | Comments closed

Remote Control Patch Management Software

BatchPatch is one of the most cost effective and easiest to use patch management solutions available today. Below I will discuss the core features available:

Remote Windows Update Patch Management With or Without WSUS

BatchPatch provides you with the ability to apply Windows updates to numerous computers on-demand and simultaneously. Regardless of whether or not you have a WSUS (Windows Server Update Services) server in your environment, you can use BatchPatch to help with patching. It will work in conjunction with your local WSUS if you have one, or if you don’t have a WSUS it will work with Microsoft’s public Windows update servers. This video tutorial and this written tutorial demonstrate basic usage of BatchPatch for remote Windows update.

Online Patch Management for Networks That Have Access to the Internet or a Local WSUS Server

We consider BatchPatch to have two primary modes– online mode and offline mode. Online mode is the default mode for BatchPatch. It enables you to initiate Windows update remotely on many computers, so long as those computers have access to the internet or to a local WSUS server. This link explains all of the different possible patching scenarios, and it includes links to tutorials for each of the modes of operation.

Offline Patch Management for Networks That Do Not Have Access to the Internet or to a Local WSUS Server

BatchPatch’s ‘offline mode’ enables administrators to apply Windows security updates to numerous computers that do not have internet access and do not have access to a local WSUS. When offline mode is enabled BatchPatch utilizes the Microsoft WsusScn2.cab file to determine which security updates are available to target computers. These updates can then be downloaded by BatchPatch on a computer that has internet access. Once downloaded, the security updates can be moved to the offline network for distribution by BatchPatch. You can read more about all of the possible offline mode uses along with tutorials here: BatchPatch Cached Mode and Offline Updates

Job Queues and Custom Sequences

One of the coolest and most powerful features that BatchPatch offers is for job queues and custom sequences. You can have BatchPatch execute multiple actions, sequentially, for each target computer, enabling you to have a single-click method to execute various tasks on multiple target computers such as the following:

1. run a script
2. install updates
3. reboot
4. run another script

Additionally, not only does BatchPatch have the job queue to execute multiple steps on each computer, but BatchPatch also has the advanced multi-row queue sequence, which enables you to combine job queues of different computers into a single larger multi-host sequence. This enables you to do many things with just a single click, but one simple example might be:

1. install updates on computer 1
2. reboot computer 1
3. run a script on computer 1
4. install updates on computer 2 and computer 3
5. reboot computer 2 and computer 3
6. run a script on computer 2 and computer 3

Software Deployment

In addition to all of the Windows update features that BatchPatch offers, no patch management solution is really complete without the ability to deploy software and software updates for 3rd party applications. We have numerous tutorials and examples posted on the BatchPatch software deployment page.

Remote Reboot, Remote Script Execution, Inventory Operations

Finally, BatchPatch offers various different capabilities for remotely rebooting, remotely shutting down, Wake on LAN, remote script execution, collecting inventory information from target computers, and more. All of these (and other) BatchPatch operations can operate on numerous target computers at the same time. This makes it very easy and convenient when you need to apply updates to many computers or reboot many computers or deploy a registry value to many computers etc. If you peruse the home page you can read about more of the features that BatchPatch offers, along with links to tutorials for most features.

Posted in Blog, General, Tutorials | Tagged , | Comments closed

Download All Windows Security Updates to Distribute to Remote Computers

BatchPatch has a number of ways that it can work to apply Windows Updates to computers that do not have internet access or access to a WSUS. You can read more about those options here. However, today I am going to focus on how you can pre-download all Windows security updates at once in order to apply them to computers in an offline network.

In BatchPatch first make sure cached mode is enabled. To enable cached mode, go to ‘Tools > Settings > Windows Update’ and then tick the box that says ‘Enable cached mode.’

Once cached mode has been enabled you will be able to access the menu item ‘Tools > Download offline updates repository’. Click that menu item to show the offline update downloader window.

In this window you will need to tick at least one box from the ‘Operating Systems’ that you want to download updates for, as well as at least one language option. You can see in my screenshot that I have selected ‘Windows 10 / Server 2016 (x64)’ and ‘English’.

Click OK to initiate the download of the WsusScn2.cab file from Microsoft. This file will be downloaded to your BatchPatch cache directory (you can view or modify this directory under ‘Tools > Settings > Windows Update’).

After the WsusScn2.cab file is downloaded by BatchPatch it will be parsed for content so that BatchPatch can download all of the update files for the operating system(s) and language(s) that you selected on the previous screen. Then BatchPatch will present you with a download window where you may view the updates to be downloaded. You can also delete any desired updates in this window if for some reason you do not want to download them.

At this point you should click ‘Download’ to initiate the download process. BatchPatch will launch a new window to handle the entire download process. All files will be downloaded to the same cache directory that the WsusScn2.cab was downloaded.

Now that you have downloaded all of the Windows security updates, if you want to use BatchPatch to distribute them to a group of computers, you may follow the instructions outlined here.

Posted in Blog, General, Tutorials | Tagged , , | Comments closed

BatchPatch and the Windows Update Control Panel Report a Different Number of Available Updates

Why does BatchPatch sometimes report a different number of available updates when compared to what is being reported by the control panel Windows Update interface on the target computer? This might be the most common question we receive from BatchPatch users. Today I’m going to explain all of the possible reasons why this might occur.

  1. Search Preferences: Usually when someone is seeing a different number of available updates reported by BatchPatch for a particular target computer when compared to that same computer’s Windows Update control panel, it’s because of the search scope in BatchPatch. BatchPatch might be searching a broader scope or a more narrow scope than what the Windows Update control panel is searching for.

    Under ‘Tools > Settings > Windows Update’ review the ‘Search Preferences’ section. If you want to see every possible update then set your search to include all software updates and all driver updates. That is what we recommend for WSUS users because your WSUS approvals will control which updates are presented to target computers, and you want to make sure that BatchPatch sees every update that is presented. However, if you are using Windows Update or Microsoft Update as your search source, then we instead recommend limiting the search to only ‘Important’ and ‘Recommended’ updates. This will most closely mimic what Microsoft presents in the Windows Update control panel interface.

  2. Server Selection: It’s possible that BatchPatch is instructing the target computer to search for updates from a different source than when the computer searches for updates without BatchPatch. If you want to make sure that BatchPatch is using the same source as the target computer’s Windows Update control panel then make sure to select ‘Default / Managed‘. Selecting one of the other options in the BatchPatch settings will instruct BatchPatch to override any settings on the target computer to instead use either Windows Update or Microsoft Update as the search source.

    Default / Managed: Uses the target computer’s existing configuration to determine where to search for updates.

    Windows Update: Bypasses the target computer’s configuration and searches for updates on Microsoft’s public server. Includes only Windows updates.

    Microsoft Update: Bypasses the target computer’s configuration and searches for updates on Microsoft’s public server. Includes Windows updates AND updates for other Microsoft products. Before using Microsoft Update, target servers must be opted-in to the service. See ‘Actions > Windows Updates > Opt-in…

  3. Stale Results: The Windows Update control panel interface on the target computer might be showing stale results. Particularly in newer operating systems, the update list in the interface is cached and can frequently show results that are no longer accurate. You might want to force the Windows Update control panel to perform a new search to make sure it’s showing results that are accurate and up to date. See this posting for more details.
  4. Offline Mode: If you have enabled offline mode you will likely notice a discrepancy between the available updates that are reported in BatchPatch as compared to the available updates reported in the Windows Update control panel. This is because offline mode is designed for offline scanning when no internet or WSUS is available. An offline mode scan relies on the WsusScn2.cab file that Microsoft releases each month. This file contains all security updates along with various other updates, but it does not contain every update that is published on Microsoft’s public Windows Update and Microsoft Update servers.
  5. Dual-Scan: Even if you did not specifically enable “Dual-Scan” it might already be enabled on your computers without you even realizing it, due to the way that Microsoft deployed this “feature”. In this case your Windows Update scans might be searching Microsoft’s public Windows Update servers instead of your own local WSUS server. See here for more:

    **Dual-Scan Difficulties with Windows Update on Windows 10 Versions 1607 Anniversary Update and 1703 Creators Update

    **Deciphering Dual-Scan Behavior in Windows 10

  6. SCCM: If you have SCCM in your environment you need to be aware of the fact that once SCCM takes control over a WSUS, that WSUS cannot be used by a non-SCCM application like BatchPatch to search for updates. So, if your target computers are configured via Group Policy to search for updates on a WSUS that is controlled by your SCCM server, then when BatchPatch initiates a scan for available updates it will always report ‘No applicable updates’. In order to use BatchPatch with a WSUS, the WSUS must be independent and cannot be linked to or controlled by SCCM.
Posted in Blog, General, Tutorials | Tagged | Comments closed