BatchPatch New Version Released 20240716

Just a reminder… we don’t post about every new build/version on this blog. You can see the full change log and version history inside of the software under Help > Check for updates > View change log

On July 16, 2024 we released a new version of BatchPatch (v20240716):

  • BatchPatch Offline Mode now supports Windows 11 and Windows Server 2022. This also includes options for Windows 11 and Windows Server 2022 under Tools > Download offline updates Repository.
  • Fixed an issue where BatchPatch Offline Mode would fail/error when trying to download/install the monthly cumulative update with Copy To Cache: Failed. HRESULT: -2147024894
  • The user-defined.xml file can now be optionally encrypted on disk (Tools > Settings > General > Encrypt user-defined.xml on disk).

    This file is saved in your user profile on the BatchPatch computer. It contains your saved commands, deployments, job queues, etc. The default location is:


  • Miscellanous bug fixes and various minor changes/improvements
Posted in Blog, General | Tagged , | Comments closed

BatchPatch New Version Release Notes and Changelog Etc

Just to clarify some confusion… At the time of this writing the most recent version of BatchPatch was released on 2024-02-02. This website blog does not contain details about every release of BatchPatch. To view the details about each version of BatchPatch that has been released, please refer to the software itself. In the app under Help > Check for updates > View change log you can view the history of versions released along with a list of which features, functionality, and bug fixes have been included in each release.

Posted in Blog, General | Tagged , , , | Comments closed

Using Textual Filters to Limit Which Windows Updates Are Installed by BatchPatch

BatchPatch has a few different ways to filter which available Windows Updates are downloaded and/or installed. The graphical filter is good for most situations where you just want to selectively apply only certain available updates. However, text-based filtering can be useful in cases where you want to have an ongoing filter from month to month to month that enables you to always include or exclude updates with certain text in the update title.

Let’s say for example that you want to always exclude the Windows Malicious Software Removal Tool update from your regular update schedule because it takes too long to run. Maybe you want to run it separately during a different maintenance window each month. One way to accomplish this would be to exclude that update from your normal/regular maintenance window schedule so that it only gets installed during your alternate maintenance window schedule.

  1. In BatchPatch select the desired host(s) where you want to exclude this update from being installed. Then click Actions > Windows updates > Filter > Exclude (textual)

    The filtering works based on matching the update title text or KB number. Matching is done by comparing the update title to the text of each item that you add to the filter list. If the text of any item that you add to the filter list is contained in the update title, the update will not be downloaded and/or installed. To guarantee uniqueness, we recommend entering the KB IDs of the updates that you would like exclude from download / installation, though you may provide a different search string if you prefer based on text in the update title. If you know that the KB ID will be the same for each month where you want this filter to work, then you can just use the KB ID without issue. But if for some reason the KB ID is expected to change each month or the KB ID is not the same for different OS versions where you want to be able to just apply the same filter, then using update title text might be a better option. It will depend on your particular needs and the situation.

  2. In the case of the Windows Malicious Software Removal Tool, on my OS I can see that each month it’s KB890830, so I can exclude it with that KB ID. However, I could also exclude it by using the update title itself. I’ll show you both examples. First I enter into the exclusion filter list the KB ID KB890830

    After clicking Save I can now see that the filter is applied to the rows that were highlighted.

  3. Next, I will use Actions > Windows updates > Check for available updates (with filters applied) to confirm that the filter is behaving in the way that I want or expect it to. The results of my search show me that it’s working as desired because even though there are 4 available updates, there are only 3 applicable updates in the filtered collection. This is visible in the Remote Agent Log column for the most recent search, but it can also be seen in the BatchPatch.log file for historical searches by using Actions > Windows updates > View BatchPatch.log. In the screenshot below of the Remote Agent Log field for the row where I applied the filter I can see that the Windows Malicious Software Removal Tool was skipped due to Reason: Update in ExcludeSpecificUpdatesList

    I get the same results when I set the exclusion based on the update title instead of the KB number:

    And I get the same results when I set the exclusion based on just the word Malicious since Malicious is contained in the update title text.

  4. At this point now that I have verified that the search result (with filters applied) is showing me what I want to see (that my update is being excluded so that it is skipped when creating the filtered collection), I can move forward with my normal download and install operation. All download/install operations always apply any filters that have been configured for the row, and you can verify that the download/install operation utilized your filter as expected by again checking the Remote Agent Log field after the action completes, if desired.
Posted in Blog, General, Tutorials | Tagged , , , , , | Comments closed

Remotely Initiating Windows Update on Multiple Computers

One of the primary tasks that BatchPatch facilitates is the application of Windows Updates. BatchPatch enables systems administrators to initiate the Windows Update process remotely on numerous computers at the same time. Let’s take a look at how this is accomplished.

  1. Start by adding computers to your BatchPatch grid. To do this you can either select computers directly from an Active Directory security group or organization unit (OU), or you can manually enter the computer names or IP addresses or fully-qualified-domain-names (FQDNs), or just import a text file list of host names.

    Use the Grid menu in BatchPatch to select the desired option, or just drag-drop a text file list (or use File > Import). For the sake of this example, I’m just going to use Grid > Add hosts

  2. Once the hosts are added to the grid we can act on them. For example, to check for available updates on all of the target hosts, just select/highlight all of the hosts in the grid (or select only some, if you prefer), and then click on Actions > Windows updates > Check for available updates

    This is the result. We can easily view which updates are available for a given host by middle-clicking the Remote Agent Log field for a particular row/host.

    If we want to view a consolidated list of available updates for all (or multiple/numerous hosts in the grid), then we can optionally use Actions > Windows updates > Generate consolidated report of available updates

  3. At this point we can move forward with initiating the Windows Update download and/or installation process, if we want, by using the appropriate/desired action, such as Actions > Windows updates > Download and install updates + reboot if required. Or if we want to specify exactly which updates are downloaded/installed (instead of installing all of the available updates), we can first apply a filter by using Actions > Windows updates > Filter…. Or if we want to apply a filter that includes only updates of a certain category, then we can first modify the global update classification filter under Tools > Settings > Windows Update > Update Classification Filtering
  4. In the case where we want or need to deploy a third-party software package or some other Windows Update that is packaged in single file form such as .MSU or .MSI or .MSP file, we would instead use Actions > Deploy. There are numerous such examples and tutorials posted here.
Posted in Blog, General, Tutorials | Tagged , , , , , , , | Comments closed

Remotely Deploying Windows Feature Update Version 23H2 to Numerous Computers

Standard Deployment Method for Windows Feature Update 23H2 (and other feature updates/upgrades such as 22H2, 21H2 etc) in BatchPatch

Unless you are using a version of BatchPatch that was released prior to April 2020, you can usually deploy/install feature updates like 23H2 with the normal Windows Update actions in BatchPatch under ‘Actions > Windows updates‘. However, Microsoft continues to make a lot of changes to how feature updates are handled, so there are some cases where you might have to perform the deployment using the alternate method that’s explained further down in this tutorial.

For the standard deployment method, the first requirement is that the feature update that you desire to install must be offered to the computer and show as an available update when you select ‘Actions > Windows updates > Check for available updates‘ in BatchPatch. If you see the desired feature update in that list of available updates for a given target computer or group of computers, then all you need to do to download/install the update on those computers is modify the classification filtering in ‘Tools > Settings > Windows Update‘ so that the ‘Include “Upgrades”‘ box is ticked.

After the ‘Upgrades’ classification is selected you can simply use ‘Actions > Download available updates‘ with ‘Actions > Install downloaded updates‘ or you can just use ‘Actions > Download and install updates‘. As long as you are operating in standard, non-cached mode, feature updates will install (assuming, of course, that you currently have a feature update showing in the list of available updates for a given computer).

Feature Update Deployment Considerations – Update deferral policies, and when an update is only available for “seekers”

Please note there are a couple of things to consider when installing feature updates using the standard non-cached mode BatchPatch update method.

First, as mentioned above, the target computer needs to have the desired feature update showing as one of the available updates for the computer. If you’re expecting to see it but you don’t, it could be because the update is not approved on your WSUS yet, or it could be that you have a Group Policy or Local Policy setting configured for the target computer that is set to defer the installation of feature updates for a specified amount of time. Check your Group Policy configuration for any deferral policies enabled under the following locations:

Computer Configuration > Administrative Templates > Windows Components > Windows Update

Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business

Second, depending at what stage of the rollout Microsoft currently is at the time you attempt to deploy a given feature update, they might not yet be delivering the update through the normal Windows Update channel. They typically begin the rollout with delivery only to “seekers”. This is the name they give to people who manually click on the ‘Check for updates’ button in the Windows Control panel. “Seeker” updates are visible in BatchPatch when you click on ‘Search for only optional software updates

Third, over the past couple/few years Microsoft has made quite a few changes to how Windows Update works, particularly with regard to how feature updates are handled. It’s possible that there is some other reason that I didn’t mention above that is the cause for why you are not seeing the feature update available for installation through the normal Windows Update methods.

Alternate Deployment of Windows Feature Update 23H2 (and other feature updates/upgrades such as 22H2 or 21H2 etc) with BatchPatch (can be used for deployment to offline target computers)

If you need to deploy feature update version 21H2 (or any other feature update) to target computers that don’t have internet access and don’t have WSUS access and therefore cannot be targeted in standard, non-cached mode (that is to say, you are using either online cached mode or offline cached mode with those target computers, and you are not able to disable cached mode and switch to standard mode for whatever reason), then you may use the method outlined below to deploy the feature update to those computers.

  1. Download (from Microsoft) the Windows 10 or 11 Media Creation Tool. Use this link to download the media creation tool directly from Microsoft. The media creation tool web page contains two options: ‘Update now’ and ‘Download tool now’. Do NOT click on ‘Update now’ because doing so would begin the update process on your computer. Since your goal is to deploy the upgrade to remote computers, instead please click on ‘Download tool now’ to save the tool to your computer. Important: When you run the media creation tool per the next step, you will not have a choice to select which Windows 11 version is used to create the media. This means that if Microsoft releases a new version of Windows 11 when you follow this tutorial, you’ll end up with that version as opposed to the specific version 23H2 that is available today at the time of this writing. If you have another channel for obtaining media for a particular Windows 11 version, such as with a Microsoft volume licensing agreement, you may use that instead of obtaining the media through the steps outlined in this tutorial.
  2. Open the Windows 10 or 11 Media Creation Tool that you saved to your computer a moment ago. IMPORTANT: It is NOT sufficient to run the tool as administrator (using right-click, run-as) from an account that is logged on without admin privileges. For reasons that aren’t fully clear, Microsoft requires that you *must* actually be logged on to the computer with an account that is a member of the local administrators group. Otherwise the tool will not allow you to run it to completion. We don’t know why Microsoft made the tool work this way, but it’s what they did, and presumably it’s for a good reason. So go ahead and log on to your computer as a local administrator, and then launch the tool and follow the rest of this tutorial.
  3. Create installation media with the Windows 10 or 11 Media Creation tool. When the tool is running you’ll have to choose between two options to either ‘Upgrade this PC now’ or ‘Create installation media (USB flash drive, DVD, or ISO file) for another PC. Choose the option to ‘Create installation media…’ and then click ‘Next’.

  4. Choose your language / edition / architecture, and then click ‘Next’.
  5. Choose the media type. For the sake of this tutorial please select ISO as the type of media. After clicking the ‘Next’ button you will be prompted to choose a location on your computer to store the ISO file that will be downloaded/created. Select a directory/location to store the file, and then do something else until the download finishes. Depending on your connection speed it could take some time because it’s something like 4GB in size.

  6. Extract the ISO contents to a location on your local disk. After the download in the previous step is complete you’ll have to locate the file on disk and then extract the contents of the ISO to another folder. I like to use the free 7-zip for this process, but you may use whichever tool you prefer: 7-zip. After the ISO has been extracted you’ll have all of the installation files for the feature update in a single folder.
  7. Configure a deployment in BatchPatch. In BatchPatch click on Actions > Deploy > Create/modify. In the window that pops up for the Deployment configuration, click on the ‘…’ button to browse to the location where your ISO contents have been extracted to, and then choose the ‘setup.exe’ file as the file to deploy. Make sure to check the boxes for ‘Copy entire directoryandLeave entire directory. After the initial deployment phase is complete, the target Windows operating system will end up rebooting itself at least once but usually more than once while it completes the setup and installation for the feature update. As the process runs it needs to have access to all of the files that BatchPatch will deploy. Having both of the aforementioned boxes checked will ensure that when the upgrade process runs on the target computer that it has all of the files it needs for the installation. After the feature update has completed 100% you may delete the files from the target computer(s). However, please make absolutely sure that the upgrade process is 100% completed before you delete any files. In your BatchPatch deployment configuration screen you will also need to add the following parameters:
    /auto upgrade /quiet

  8. Execute the feature upgrade deployment. In the deployment configuration that you created in the in the previous step you can execute the deployment immediately for the currently selected rows in the grid by just clicking on the ‘Execute now’ button. Alternatively you may save the deployment for future usage by clicking the double-right-arrow button ‘>>’. If you choose to save the deployment instead of executing it immediately, then when you are ready to deploy the feature update to your remote computers, you can begin the process by selecting those computers in the BatchPatch grid and then clicking on Actions > Deploy > Execute deployment, and then choose the deployment that you just created/saved.

    You should expect that the entire process will take a bit of time to complete. BatchPatch has to copy the whole installation directory to the target computer(s), which contains several gigabytes, before it can execute the upgrade process on the target(s). IMPORTANT: After the BatchPatch deployment completes for a given target computer BatchPatch will show Exit Code: 0 (SUCCESS). However, this just means that the BatchPatch deployment component is finished. The Windows feature update/upgrade process will take additional time. Please be patient and let the target computer continue upgrading and rebooting as many times as is needed. It might take a little while with multiple automatic reboots before everything is 100% finished.

    NOTE: We have had a couple of reports from users who received the following error:

    Deployment: Error: Access to the path '\\TargetComputer\C$\Program Files\BatchPatch\deployment\autorun.inf' is denied.

    We don’t know the exact cause of this issue, but it seems likely to somehow be related to the way that permissions were applied or inherited during the ISO extraction process. If you encounter this error it can be resolved quickly and easily by just deleting the autorun.inf file from the source directory after extracting the ISO contents but before executing the actual deployment for any target computers. This will prevent the problematic file from ever being copied to target computers. As such, the error will not occur.

Posted in Blog, General, Tutorials | Tagged , , | Comments closed

Executing an Advanced Multi-Row Queue Sequence as a Scheduled Task

If you want to execute an advanced multi-row queue sequence on a specific datetime, you can do it with a scheduled task. Alternatively, you can also execute an advanced multi-row queue sequence from within a job queue. The job queue can also be executed by a scheduled task, if desired.

Executing an advanced multi-row queue sequence directly from a scheduled task

  1. In the screenshot below I have 4 target hosts setup to participate in an advanced multi-row queue sequence with the name TestSequence20240320
  2. Next I set a scheduled task on the Execution Row for the sequence.
  3. Finally you can see the result after the scheduled task ran (it started on 15:50 instead of 15:49 because while I was taking screenshots I missed the original run time and had to reschedule it)

Executing an advanced multi-row queue sequence from within a job queue

  1. In this example I have 4 target hosts setup to participate in an advanced multi-row queue sequence with the name TestSequence20240320. However, I also have an extra row in the grid that we’ll use to illustrate executing a job queue that contains an advanced multi-row queue sequence.
  2. In the screenshot below I’ve created a new job queue, and the only step in this particular case is to execute our advanced multi-row queue sequence. Your job queue can contain more steps, but for the sake of this example I only need a single step.
  3. Next, I save the job queue.
  4. Finally, I can manually execute the job queue that I just created. Alternatively I could setup a scheduled task that will execute the job queue. In either case, the job queue contains a step that will execute the advanced multi-row queue sequence.
  5. Here is the result:
Posted in Blog, General, Tutorials | Tagged , , | Comments closed

How to Run a Remote Task Immediately After a Computer is Detected Online

BatchPatch has functionality built-in that lets you use the Task Scheduler to schedule tasks to run on target computers immediately after those target computers are detected online. This can be useful for computers that are often taken off the network. If you need to deploy an update to such a computer, it might be good to do it the moment it appears back on the network.

In the BatchPatch Task Scheduler there is a checkbox option for Run task immediately upon detecting target computer online

To schedule a task, select the desired target hosts in the grid, and then click on Actions > Task scheduler > Create/modify scheduled task. Then in the dialog that appears, select the desired task from the drop-down menu, and click on the box that says Run task immediately upon detecting target computer online. Then make sure the scheduler is enabled by clicking on the red clock/timer icon in the upper-right corner of the BatchPatch window to toggle it to green/on/enabled. Note: Red is disabled; Green is enabled.

Once the scheduler is turned on, BatchPatch will check once per minute if any target computer that has been set to Run task immediately upon detecting target computer online is currently detectable online. If the target host is detected on the network, and if BatchPatch is able to reach it to trigger the task to execute, BatchPatch will proceed and launch the scheduled task. If not, it will wait a minute and then try again. It will keep doing this check every minute until eventually the computer is detected online and the task is executed.

Posted in Blog, General, Tutorials | Tagged , | Comments closed

How to Launch an Application Interactively on Remote Computers

Occasionally someone wants to launch an application interactively on target computers. That is, they want to use BatchPatch to trigger the execution of an application that will appear on the desktop of the currently logged-on user of the target system(s). This can be both simple and not-so-simple to do at the same time. There are a few things to consider:

  1. These instructions were created on Windows 10 machines using PsExec version 2.40. These instructions should work with PsExec versions going back to v2.32, but versions of PsExec that are older than 2.32 behave differently. Also older versions of Windows behave differently. The instructions might have to be altered to work with older versions of PsExec and/or older versions of Windows.
  2. Set your Remote Execution Context (Tools > Settings > Remote Execution) in BatchPatch to be either SYSTEM or Elevated token, but leave Interactive UNticked for this operation. IMPORTANT: Normally with PsExec version 2.32 or newer you can only use Elevated token if Interactive is also checked. However, for this particular tutorial to work, Interactive needs to be UNticked, so that we can specify the Interactive -i switch manually in the command itself. If you use SYSTEM, the command will be executed as SYSTEM. If you use Elevated token, the command will be executed as the user you specify in the Alternate Credentials field for the given row in BatchPatch. If no alternate credentials are specified, the command will execute as the user that launched BatchPatch. In all cases, the user account that executes the command needs to be a member of the local administrators group of the target computer(s).
  3. Here is where things get not-so-simple, especially if you want to an application to be launched interactively on many remote computers. To do this, we need to know the session ID of the logged-on user of the target system. The session ID is not guaranteed to be the same for any particular computer or for any particular logon session of a particular computer, which is why this becomes not-so-simple if you want this to be successful on numerous remote computers. However, since the session ID will typically be 1 or 2, or perhaps 3, you can probably fudge it in most cases without actually looking up the session ID for each target. I’ll explain in a moment, but first if you want to identify the correct session ID, one way to do it is to look at Task Manager’s Details tab on a target computer.

    Launch Task Manager and go to the Details tab, then right click on the column headers and choose Select Columns.

    Then tickSession ID in the list of columns to make that columns visible.

    With the Session ID visible you can now figure out the session ID of the desired user. In this case I’m logged on as testAdmin, and that account is running in session 1. Oftentimes I will find the interactive user is logged-on to session 2, but today for whatever reason it’s session 1.
  4. In order for me to launch Google Chrome remotely with BatchPatch so that it appears visible to the interactive/logged-on user of the target system, I have to specify the correct session ID in the command that I execute in BatchPatch. In a BatchPatch Remote Command I am using the following syntax:
    -d -i 1 "C:\Program Files\Google\Chrome\Application\chrome.exe"

    The -d specifies that the command should be executed but that PsExec (and consequently BatchPatch) should NOT wait for the remote process to terminate. The -i 1 specifies that the command should run interactively in session 1 on the target system. Adjust this session ID number accordingly. The path to the executable has to exist on the target system. So, in this case I’m launching Chrome because Chrome has already been installed on the target system, and I’m specifying the correct path to the chrome.exe.

    When this is all done correctly, the exit code you see in BatchPatch will be the process ID (PID) of the process that is launched on the target. In the case of Google Chrome there will be multiple processes launched because when chrome.exe is launched, it spawns multiple other processes.

    If you see exit code 2, it likely means that you specified an invalid session ID. You can use that information to your advantage because instead of looking up the proper session ID manually for every target computer, you can probably just try session ID 1 first, and then for any commands that return exit code 2, next try session ID 2, and then finally after that maybe even try session ID 3.

Posted in Blog, General, Tutorials | Tagged , | Comments closed

Using BatchPatch to Rename the Windows SoftwareDistribution Folder on Target Computers

In some cases when you’re dealing with Windows Update problems on a target computer, you might find recommendations on the web that suggest to rename the Windows SoftwareDistribution folder ( C:\Windows\SoftwareDistribution ) in order to reset the Windows Update components. The purpose of renaming that folder is to cause Windows to re-create it from scratch. The process is to stop the Windows Update service, then rename or delete the folder, and then start the Windows Update service again. When the Windows Update service starts up again and sees that there is no longer a C:\Windows\SoftwareDistribution folder (because it has been renamed to something like C:\Windows\SoftwareDistribution.old ), Windows then just creates a brand new C:\Windows\SoftwareDistribution folder. The reason why it’s recommended to rename rather than delete the folder initially is because if you rename it, you could then always revert back to that renamed folder at any time. Whereas if you delete it altogether, there will be no going back, of course. This most likely isn’t going to be the end of the world in most situations, but at the very least when you trigger Windows to create a new SoftwareDistribution folder, you’re going to lose any visibility into update history on that computer since the update history database is stored in that SoftwareDistribution folder. That said, I’m not making an explicit recommendation here to perform this operation. I’m just explaining to you how you can do it from within BatchPatch if you’ve decided, at your own risk, to perform this operation.

Recently someone asked us how to perform this operation from within BatchPatch. First let me say that in general, if you’re going to be renaming the SoftwareDistribution folder, it doesn’t really strike me as an operation that should necessarily be done from within BatchPatch. I say this only because typically you’re going to be troubleshooting Windows Update issues on just a single computer at a time. And since BatchPatch really shines when you need to perform an action on numerous computers (as opposed to on just one computer), executing this operation from within BatchPatch on a single computer doesn’t solve a particular problem since it’s easy enough to just manually perform the operation on the machine that you’re troubleshooting. However, there might be some edge cases where you would want to perform this operation on numerous target computers, or you might find yourself performing this operation repeatedly to the point where you want to have it hard-coded into BatchPatch for one-click execution, like the customer who recently asked us how to do it. If you want to perform the SoftwareDistribution rename operations from within BatchPatch, here is how:

  1. In BatchPatch create a Remote Command by selecting Actions > Execute remote process/command > Create/modify remote commands
  2. Create a command with the following syntax:
    NET STOP wuauserv & MOVE C:\Windows\SoftwareDistribution C:\Windows\SoftwareDistribution.old & NET START wuauserv

  3. After you’ve created the command it will become available to execute under Actions > Execute remote process/command > Execute saved remote commands like in the screenshot below. You can then simply select the desired target computers in your grid, and then click on the new menu item that you just created for this action. BatchPatch will then trigger the target computer to stop the Windows Update service, rename the SoftwareDistribution folder to SoftwareDistribution.old, and then finally start the Windows Update service again.
Posted in Blog, General, Tutorials | Tagged , | Comments closed

Using BatchPatch to Update Google Chrome on Remote Computers

The process for updating Google Chrome remotely, using BatchPatch, is quick and painless.

  1. Create a BatchPatch ‘Remote Command’ by highlighting the desired target hosts and then selecting Actions > Execute remote process/command > Create/modify remote command 1
  2. Input the remote command syntax exactly as follows:
    "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler

  3. When you click the Execute button, BatchPatch will run the command on the highlighted target computers. After the above command completes on a given computer, Chrome needs to be restarted, and then it will be on the latest version. You could optionally forcibly close Chrome remotely using another remote command:
    Taskkill /F /IM "chrome.exe"
  4. An alternative to running the one (or two) remote commands above would be to put both together into a text file with a .cmd or .bat extension to make it into a complete script. Put each command on its own line like this:
    "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler
    Taskkill /F /IM "chrome.exe"

    Then instead of using BatchPatch remote commands, just use a single BatchPatch deployment (Actions > Deploy) to deploy the .bat/.cmd file that you created. When you execute the deployment, the .bat/.cmd will be copied to the target computers and then executed, after which Chrome will be updated and closed so that next time its launched it will be on the latest version.

Posted in Blog, General, Tutorials | Tagged | Comments closed