Deploying .msi, .msu, and .msp Files Remotely to Numerous Computers

You can use BatchPatch to deploy virtually any type of file or package to target computers. As Windows systems administrators, we commonly have to work with .msi and .msu files, and occasionally we need to deal .msp files too. If you have a .msi, .msu, or .msp file that you need to install on numerous computers, consider using BatchPatch to perform the task. Instead of manually logging on to each target computer, you can quickly and painlessly create the deployment in BatchPatch for distribution to any number of remote computers.

Creating a BatchPatch Deployment

The process for creating a deployment for any of the aforementioned file types (.msi, .msu, .msp) is essentially the same.

  1. In BatchPatch click on ‘Actions > Deploy software/patch/script/regkey etc > Create/modify deployment
  2. In the Deployment window that appears, give the deployment a title, and then in the ‘Exe, msi, cmd, etc:‘ field, browse to the file you want to deploy, or manually type the path into the field. In this example you can see that I am deploying E:\temp\Special.msi. Note, if the package that you are deploying is not a standalone package but rather is one of numerous files required for the installation, then put all of the files into the same directory, and then also tick the box to ‘Copy entire directory‘. Generally, for .msi, .msu, and .msp files, they will be standalone, but if you are using ‘Copy entire directory‘ just make sure that *only* the files that are required for the deployment are included inside the directory that will be copied. This is because any/all files in that directory will be copied to each target computer where the deployment is executed, so you’ll want to ensure that only the needed files are copied, otherwise the deployment will take longer to execute, and you could even potentially end up with a disk space issue on target computers if you have very large unneeded files in the directory that is being copied.
  3. You can save the deployment by simply clicking on the double-right-arrow button. Once saved, you’ll see it appear in the list of ‘Saved Deployments’ on the right-hand side of the Deployment window. You have a couple of options for actually executing your deployment.
  4. Executing a BatchPatch Deployment

  5. If you click the ‘Execute now‘ button inside of the Deployment window, BatchPatch will immediately launch the deployment for any rows that are currently selected/highlighted in the grid. However, if you are not ready to execute yet, you can just close the Deployment window until you’re ready. Then when you’re ready, go ahead and select/highlight the desired target computers in your BatchPatch grid, and then click on ‘Actions > Deploy software/patch/script/regkey etc > Execute saved deployments > My Special.msi deployment

Posted in Blog, General, Tutorials | Tagged , , , , , , , , | Comments closed

Error retrieving service instance data: The maximum message size quota for incoming messages has been exceeded.

Today I’d like to discuss an uncommon error that can occur when trying to launch selected .bps files that are active in the BatchPatch service instance. First, if you’re not sure what the BatchPatch service instance is, you might not be running BatchPatch as a service. This error can and will only occur when a grid is already running in the BatchPatch service instance, and then you try to view the contents of that grid. Running BatchPatch as a service is something that users can do if/when they want to be able to have BatchPatch run and execute scheduled tasks without needing to be logged-on to a computer with BatchPatch actively open and running. The service instance enables BatchPatch to run as a service, in the background, even when no one is logged-on to the computer. To learn more about running BatchPatch as a service, please review this page: Running BatchPatch as a Service

The error shown below that I want to address is:

Error retrieving service instance data: The maximum message size quota for incoming messages has been exceeded. To increase the quota, use the MaxReceivedMessageSize property on the appropriate binding element

When BatchPatch is running as a service, the main BatchPatch instance (the one you see when you manually launch BatchPatch) communicates programmatically with the (hidden/invisible) BatchPatch service instance. When you view grids that are currently active/running inside the service instance, the main BatchPatch instance queries the BatchPatch service instance to retrieve the data that it then displays in the service instance grid viewer, as illustrated in the screenshot below.

When the main BatchPatch instance queries the BatchPatch service instance for grid data, the BatchPatch service instance then packages and compresses the data to send to main BatchPatch instance. If this compressed grid data is not smaller than the MaxReceivedMessageSize property, then the above-mentioned error message is generated. At the time of this writing, the BatchPatch MaxReceivedMessageSize is set to 2000000. This value is *not* user-configurable at the time of this writing, though we may expose this is as a user-configurable setting in a future version. In practice, 2000000 is plenty large enough to accommodate the very large majority of grids. However, if your actual .bps file grid data starts approaching 20MB (or greater), you might encounter the above-mentioned error. Even in the absence of this error message, a 20MB .bps grid file is still very large and should be cleaned up to make smaller.

Reducing the size of a BatchPatch .bps grid file

To check how large your .bps grid file is, simply browse to the location of the .bps file in Windows Explorer, and then right-click on the file and select ‘Properties.’ You can see in the screenshot below that my .bps file is only 24.4KB. If you are seeing the above-mentioned error message, then your .bps file is probably at least 15MB-20MB in size.

To reduce the size of your .bps file you have a few different options:

  1. Find where the bulk of the data in the .bps file is, and then remove/purge that data. Usually if you have a very large .bps file, the bulk of the data is going to be in the ‘All Messages’ column. You can selectively and simply purge this data by selecting the desired rows in the grid, and then clicking on ‘Actions > Clear column contents’ as described here: Clearing Column and Grid Contents in BatchPatch. If you are using BatchPatch job queues, you can even add a step to your queues that will execute a ‘Clear column contents’ operation for you.
  2. If you don’t want to clear the column contents in your existing .bps file, you may simply archive your existing .bps file, and then start a new one from scratch.
  3. Alternatively, you might prefer to split up your existing .bps file into multiple .bps files, which you can do by moving hosts from one grid to another. To do this, select the desired hosts to be moved, and then click on ‘Actions > Move or copy host(s) to different tab‘, and then make sure to select the option to ‘Move entire rows‘.
Posted in Blog, General, Tutorials | Tagged | Comments closed

Reset Windows Update with a Single BatchPatch Remote Command

We recently received a request to integrate the following into BatchPatch, so that with a single click a user could perform the following actions on numerous target computers:

  1. Stop the Windows Update service by running the following command:
  2. Rename the C:\Windows\SoftwareDistribution folder to C:\Windows\SoftwareDistribution.old
  3. Start the Windows Update service by running the following command:

Currently there is not a built-in macro in BatchPatch for the above items, but the good news is that it’s easy to create your own one-click method to perform the tasks.

Before I explain how to easily incorporate this macro into your own BatchPatch instance, let’s briefly discuss the impact and implications of performing these actions. Essentially, it’s only step 2 that really *does* anything destructive, but you can’t perform step 2 without first stopping the Windows Update service. So, step 1 stops the Windows Update service, step 2 renames the SoftwareDistribution folder to SoftwareDistribution.old, and then step 3 restarts the Windows Update service. When it starts, Windows will automatically recognize that there is no longer a SoftwareDistribution folder in C:\Windows, thereby forcing it to actually create a new one from scratch.

Windows stores downloaded updates in the SoftwareDistribution folder along with a database that retains history information about updates that have previously been installed. If you have downloaded Windows updates but have not yet installed them, they will be stored in this folder until they are installed. However, if you then delete the contents of the folder or rename the folder, thereby forcing Windows to create a new folder from scratch, your downloaded but not yet installed updates will be deleted, requiring you to download them again from scratch before you can install them. Additionally, much of the Windows Update history information that Windows retains about updates that have previously been installed is stored in a database that is housed in this folder. If the folder has been renamed or deleted, you may no longer be able to determine when a particular update was previously installed. In Windows 10 it has already become increasingly difficult, or in some cases impossible, to determine when old updates were installed, because each time you install a feature update, most of this update history information is wiped since most feature update installations are treated by Windows like a complete operating system upgrade / reinstall. That said, the loss of history information that occurs when the SoftwareDistribution folder is renamed or deleted may not be such a big deal to you since you’re probably going to lose some of that information at some point in the future anyway (if you’re running Windows 10).

Many forums on the web will describe the process of renaming or deleting the SoftwareDistribution folder as a good way to reset the Windows Update components. We have even occasionally suggested it in our forums. Before you go about doing this, you should make sure you really want to do it. It will certainly fix certain issues at certain times, but I wouldn’t recommend using it as a “first-try” option. Usually this process should be reserved for a last resort attempt at fixing your issue. Also note, it generally always makes more sense to rename the folder as opposed to delete it altogether because if on the off chance it creates a problem, you can always revert back to the renamed folder, if need be. If it works without issues to solve your problem, then you can certainly just move forward and delete the old folder that you had renamed so that it’s no longer taking up space on your hard drive.

OK, so to perform the above operations as a single-click task in BatchPatch, you’ll need to do the following:

  1. Select ‘Actions > Execute remote process/command > Create/modify remote commands’
  2. In the window that appears, click ‘Add Row’ and then enter the following syntax into the ‘Command’ field (you can use any title that you like in the ‘Title’ field):
    NET STOP wuauserv & MOVE C:\Windows\SoftwareDistribution C:\Windows\SoftwareDistribution.old & NET START wuauserv

  3. That’s it! Now when you are ready to execute the task on target computers, simply highlight the desired rows in the BatchPatch grid, then select ‘Actions > Execute remote process/command > Execute saved remote commands’. Find your command in the menu and click on it to execute it on the selected target hosts.
Posted in Blog, General, Tutorials | Tagged , , , | Comments closed

Windows Patch Management Software

The Ultimate Windows Update Tool

BatchPatch is the “Ultimate Windows Update Tool” for a reason. It’s inexpensive, it’s very easy and intuitive to use, and it “just works” when it comes to updating Windows. It can be used to apply standard Windows Updates in addition to managing patch deployments and software updates for third-party applications.

BatchPatch Animation

A Tool Designed for Systems Administrators

Systems administrators love BatchPatch because it was designed specifically for them, with a simple, straightforward interface that works in a way that “just makes sense” to people who work with computers for a living. A wise sysadmin once compared BatchPatch to a fighter jet, whereas some other Windows patch management applications can seem more like an aircraft carrier. We think the analogy is a pretty fair assessment. Some patch management software products can be extremely complicated and expensive to operate. They are slow moving and hard to steer. Their setup typically involves numerous servers with lots of moving parts, which can not only cost a lot of money but can also be a massive time sink for the administrators. They’re bloated, difficult to operate, and frustrating to troubleshoot. While it’s true that they will often offer a ton of different features, in many environments they are just way too much to deal with, especially when only a small subset of the features are typically even utilized. BatchPatch, on the other hand, is able to just swoop in rapidly with high maneuverability to hit the needed targets, and then get out quickly. The patching is completely done practically before it even started. We have many customers who have either completely switched to BatchPatch from these behemoth applications, or who have added BatchPatch as a supplementary tool for those times when they simply need to “get it done” without wasting hours struggling with their standard patch management tool.

Free Evaluation

If you’re new to BatchPatch, please download the free evaluation version so that you can test the software for yourself. In many environments it will “just work” right out of the box with zero configuration required. In those cases you can literally download the app, launch it, and start patching within seconds. In some environments BatchPatch will require a minimal amount of configuration to setup the proper permissions and firewall rules to get going. Have a look at the ‘Getting Started‘ page for details on how to setup your environment to work with BatchPatch.

Instructional Materials and Tutorials

We have numerous tutorials and instructional materials posted here, that will help you get the most out of BatchPatch, whether you just want to apply Windows Update to numerous computers, or if you need to deploy 3rd-party software to your entire network, or even if you need to orchestrate a complex sequence where target servers are patched and rebooted in a specific order, with scripts executed before and after patching, and with detailed requirements for which machines are offline at any given time.

Help and Troubleshooting

If you encounter any problems, have a look at these troubleshooting pages:
Troubleshooting Common Errors in BatchPatch
BatchPatch Troubleshooting Guide


You may also search the forums for help, or post a question there if you can’t find the answer you’re looking for.

Contact us

And of course you may also reach out to us directly with any questions or concerns.

Posted in Blog, General, Topics | Tagged | Comments closed

Applying Windows Updates to a Large Group of Computers En Masse

Many environments will be ready to use BatchPatch without any special or additional configuration required, but some might require a few tweaks in order for everything to work properly. If it’s the first time you’ve used BatchPatch, check out the ‘Getting Started‘ guide to learn how to configure your computers and network for BatchPatch.

Once you have everything configured properly, it’s shockingly easy to download and install updates on a large group of computers, en masse. It doesn’t matter if you’re using your own local WSUS server or if you’re using Windows Update or Microsoft Update. BatchPatch can work with all three. If you’re using a local WSUS, then your target computers are already going to be configured by Group Policy to point to the WSUS. When this is the case, BatchPatch should be configured under ‘Tools > Settings > Windows Update > Server Selection’ to use ‘Default/Managed’ like in the screenshot below.

If you want to override the GPO and use Windows Update or Microsoft Update instead, then just select the desired option. For ‘Search Preferences’ we recommend that WSUS users select ‘Search for software updates’ AND ‘Search for driver updates’, and then tick every box under ‘Update Classification Filtering’ (except for “Upgrades”). This allows BatchPatch to find and download/install every possible update, which means that so long as an update is approved in your WSUS, BatchPatch will be able to find/download/install it. For people who are *not* using WSUS, we generally recommend selecing ‘Important’ AND ‘Recommended’ in the ‘Search Preferences’. Then tick every box on the left side of the ‘Update Classification Filtering’ settings. This will effectively enable BatchPatch to find/download/install the updates that Microsoft thinks you should have.

After your settings have been configured, the process is very straightforward to apply updates to numerous computers all at one time.

  1. Load the desired target hosts into your BatchPatch grid:Click on ‘Grid > Add hosts’ (or use one of the other options in that menu for importing hosts into the grid), and then add the desired hosts.
  2. Start the download and/or install process:Highlight the desired hosts, then select ‘Actions > Windows updates > Download and install updates + reboot if required’ to begin the download and installation process. If you want to first check to see which updates are available and would be downloaded/installed, use the ‘Check for available updates’ option or the ‘Generate consolidated report of available updates’ option.
  3. Monitor to completion:Once the process has begun you can pretty much sit back and watch everything happen. You’ll be able to see the status of download and installation for each target computer in the grid. As each target computer completes its update installation, BatchPatch will initiate a reboot (unless none of the installed updates require a reboot to complete) and automatically start pinging the target. You’ll be able to see the ‘LED’ status orb icon for each row (left-most column) change color as the host goes offline and comes back online, giving a very clear picture of the state of each host.
Posted in Blog, General, Tutorials | Tagged | Comments closed

Deploying a Registry Key / Value to HKEY_CURRENT_USER (HKCU) – Part 2

Last year I posted this tutorial about how you can deploy a registry key/value to the HKEY_CURRENT_USER (HKCU) registry hive of target computers. Following those instructions will enable you to place a registry key/value into the registry hive of all users who have logged on to the target computers. However, what if you want to deploy a registry key/value to target computers that will appear in the registry hive for users who have not yet ever logged on to the target computers? Is that possible? It sure is!

To deploy a registry key to HKCU for users who have not even logged on to the computer yet, you have to modify the *default* user profile. Windows uses a default profile as a template to create the profile for new users who log on to the computer. If you can successfully modify the default user profile to contain the changes that you want, then when a new user logs on to the computer for the first time, his/her profile will be created based on that default profile, which will include the modifications that you previously made to the default profile. So in this case what we have to do is load the registry for the default user profile on all target computers that we desire the modification to exist, then add our desired registry key/value to it, and then unload it. Pretty simple, actually. The process works like this: We’ll start by creating a batch file on the BatchPatch computer. This batch file is what will actually perform the work. We will use BatchPatch to deploy it to all of the desired target computers. BatchPatch will copy the batch file to each target computer and then execute it, effectively modifying the default user profile on all target computers.

Before we get started, if you have not already done so, please review this link, which explains the relationship between HKCU and HKU. It’s important to understand that HKCU is actually just a view into HKU for a specific user’s registry, which is explained at the aforementioned link.

  1. Create the batch file. To do this simply open notepad or your favorite text editor, add the following lines, and then save the file with a .bat or .cmd extension. I have called my batch file “Default_User_Reg.cmd”
    REG LOAD "HKU\temphive" C:\users\default\ntuser.dat
    REG ADD "HKU\temphive\Software\TestKey" /v TestValue /t REG_DWORD /d 1
    REG UNLOAD "HKU\temphive"

    IMPORTANT: For your file, you’ll need to modify the second line to reflect the registry key/value that you want to create.

    As you can see, the second line in the script above is:

    REG ADD "HKU\temphive\Software\TestKey" /v TestValue /t REG_DWORD /d 1

    This will have the affect of creating a DWORD called TestValue with a value of 1 inside the HKCU\Software\TestKey of the computer that the batch file is deployed to.

    You’ll notice the script lines use HKU, not HKCU, so what’s happening here?

    Line 1 of the script loads the ntuser.dat file for the default user temporarily into the registry. The temporary location where we will be able to access the ntuser.dat registry will be HKU\temphive. Have a look at the screenshot below. You can see here what the registry looks like if you were to just run the “REG LOAD” command on its own. Notice how under HKEY_USERS we get a new “temphive” key. This “temphive” key is the HKCU hive for the default user profile, which is stored in the ntuser.dat file that we find in C:\users\default\ntuser.dat. If you have any questions about the syntax for REG ADD review this link from Microsoft.

  2. Once you have created your batch file, you’ll need to create a deployment in BatchPatch. Select ‘Actions > Deploy > Create / modify’, and make your deployment configuration look like mine in the screenshot below, optionally saving it with the double-right-arrow button, if desired:

  3. Now you’re ready to execute the deployment. Select all the desired rows in the grid, and then click on the ‘Execute’ button in your deployment window. Or if you have saved the deployment, then go ahead and execute it by selecting the menu item ‘Actions > Deploy > Execute saved deployments > Default_User_Reg

  4. If you want to check that the registry key/value has been properly added, go back to one of the computers where the script was deployed, and then run *just* the REG LOAD command in an administrator/elevated cmd prompt. Then launch REGEDIT to check for your changes. When your’re done, close REGEDIT, and then run the REG UNLOAD command to unload the ntuser.dat. The next time a brand new user account is logged on to the computer, it will already have the registry key/value.
Posted in Blog, General, Tutorials | Tagged , , , , , , | Comments closed

Deploying Windows 10 Feature Update Version 2004 (the ‘May 2020 Update’) to Numerous Remote Computers Simultaneously

Beginning with the April 2020 release of BatchPatch, all Windows 10 feature updates/upgrades can be applied using the standard/normal Windows Update actions in BatchPatch (‘Actions > Windows updates > Download and install updates‘ or ‘Actions > Windows updates > Install downloaded updates‘). However, please note that for that to work, BatchPatch must be running in default/non-cached mode. If you are using cached mode you’ll have to either switch BatchPatch to non-cached mode OR you may follow the procedure outlined below to deploy the feature update to your target computers. If you are using a version of BatchPatch that was released prior to April 2020, then just follow the instructions below.

  1. Download (from Microsoft) the Windows 10 Media Creation Tool. Use this link to download the media creation tool directly from Microsoft. The media creation tool web page contains two options: ‘Update now’ and ‘Download tool now’. Do NOT click on ‘Update now’ because doing so would begin the update process on your computer. Since your goal is to deploy the upgrade to remote computers, instead please click on ‘Download tool now’ to save the tool to your computer. Important: When you run the media creation tool per the next step, you will not have a choice to select which Windows 10 version is used to create the media. This means that if Microsoft releases a new version of Windows 10 when you follow this tutorial, you’ll end up with that version as opposed to the specific version 1909 that is available today at the time of this writing. If you have another channel for obtaining media for a particular Windows 10 version, such as with a Microsoft volume licensing agreement, you may use that instead of obtaining the media through the steps outlined in this tutorial.
  2. Open the Windows 10 Media Creation Tool that you saved to your computer a moment ago. IMPORTANT: It is NOT sufficient to run the tool as administrator from an account that is logged on without admin privileges. For whatever reason, you must actually be logged on to the computer with an account that is a member of the local administrators group. Otherwise the tool will not allow you to run it to completion. We have no idea why Microsoft made the tool work this way, but it’s what they did. So go ahead and log on to your computer as a local administrator, and then launch the tool and follow the rest of this tutorial.
  3. Create installation media with the Windows 10 Media Creation tool. When the tool is running you’ll have to choose between two options to either ‘Upgrade this PC now’ or ‘Create installation media (USB flash drive, DVD, or ISO file) for another PC. Since you are following this tutorial with the intention of learning how to to use BatchPatch to update other PCs, choose the option to ‘Create installation media…’ and then click ‘Next’.
  4. Choose your language / edition / architecture, and then click ‘Next’.
  5. Choose the media type. For the sake of this tutorial please select ISO as the type of media. After clicking the ‘Next’ button you will be prompted to choose a location on your computer to store the ISO file that will be downloaded/created. Select a directory/location to store the file, and then do something else until the download finishes. Depending on your connection speed it could take a little while because it’s in the range of 4GB.
  6. Extract the ISO contents to a location on your local disk. After the download in the previous step is complete you’ll have to locate the file on disk and then extract the contents of the ISO to another folder. I like to use the free 7-zip for this process, but you may use whichever tool you prefer: 7-zip. After the ISO has been extracted you’ll have all of the installation files for the feature update in a single folder.
  7. Configure a deployment in BatchPatch. In BatchPatch click on Actions > Deploy > Create/modify. In the window that pops up for the Deployment configuration, click on the ‘…’ button to browse to the location where your ISO contents have been extracted to, and then choose the ‘setup.exe’ file as the file to deploy. Make sure to check the boxes for ‘Copy entire directoryandLeave entire directory. After the initial deployment phase is complete, the target Windows operating system will end up rebooting itself at least once but usually more than once while it completes the setup and installation for the feature update. As the process runs it needs to have access to all of the files that BatchPatch will deploy. Having both of the aforementioned boxes checked will ensure that when the upgrade process runs on the target computer that it has all of the files it needs for the installation. After the feature update has completed 100% you may delete the files from the target computer(s). However, please make absolutely sure that the upgrade process is 100% completed before you delete any files. In your BatchPatch deployment configuration screen you will also need to add the following parameters:
    /auto upgrade /quiet

  8. Execute the feature upgrade deployment. In the deployment configuration that you created in the in the previous step you can execute the deployment immediately for the currently selected rows in the grid by just clicking on the ‘Execute now’ button. Alternatively you may save the deployment for future usage by clicking the double-right-arrow button ‘>>’. If you choose to save the deployment instead of executing it immediately, then when you are ready to deploy the feature update to your remote computers, you can begin the process by selecting those computers in the BatchPatch grid and then clicking on Actions > Deploy > Execute deployment, and then choose the deployment that you just created/saved.

    You should expect that the entire process will take a bit of time to complete. BatchPatch has to copy the whole installation directory to the target computer(s), which contains several gigabytes, before it can execute the upgrade process on the target(s). IMPORTANT: After the BatchPatch deployment completes for a given target computer BatchPatch will show Exit Code: 0 (SUCCESS). However, this just means that the BatchPatch deployment component is finished. The Windows feature update/upgrade process will take additional time. Please be patient and let the target computer continue upgrading and rebooting as many times as is needed. It might take a little while with multiple automatic reboots before everything is 100% finished.

    NOTE: We have had a couple of reports from users who received the following error:

    Deployment: Error: Access to the path '\\TargetComputer\C$\Program Files\BatchPatch\deployment\autorun.inf' is denied.

    We don’t know the exact cause of this issue, but it seems likely to somehow be related to the way that permissions were applied or inherited during the ISO extraction process. If you encounter this error it can be resolved quickly and easily by just deleting the autorun.inf file from the source directory after extracting the ISO contents but before executing the actual deployment for any target computers. This will prevent the problematic file from ever being copied to target computers. As such, the error will not occur.

Posted in Blog, General, Tutorials | Tagged , , | Comments closed

BatchPatch Remote Command Execution Options

BatchPatch has a number of commands and actions that are built-in and come with the software… Windows update commands, reboot and shutdown commands, wake on LAN, commands to get information from target computers about disk space usage, uptime, logged-on users, file version information, registry values, commands to review/modify services and processes, and a lot more. But what if you want to execute a command that isn’t already built-in? Obviously not all commands are going to be useful for all users, and we can’t include every command that ever existed in the history of all commands 🙂 Inevitably you might find yourself wanting to hard-code some of your own commands into BatchPatch to execute on remote systems.

BatchPatch provides a few different places and ways to store and execute your own commands.

1. Under ‘Actions > Get information > Create/modify user-defined commands‘ BatchPatch provides and interface for you to add your own commands. Once a command is added in this interface, the command will appear in the BatchPatch menu under ‘Actions > Get information > Execute user-defined commands

2. Under ‘Actions > Execute remote process/command‘ there are several options. Remote command 1, 2, 3, 4 can be created and will be stored in the current grid and visible in the row under which they are created. Commands 1 and 2 do not attempt to capture output and will only report exit codes upon execution. Commands 3 and 4 attempt to capture output, so that you can display the output in the grid upon execution. Under the hood the logged-output commands (3/4) have to be executed differently from the standard commands (1/2), and in some cases this difference can cause failure, which is why we separate these completely. If a command fails to execute under 3/4 it might be successful under 1/2.

Additionally under ‘Actions > Execute remote process/command‘ we have ‘Create/modify remote commands‘ and ‘Create modify remote commands (logged output)‘ where you can create commands that won’t be tied to a particular grid and will instead be saved globally for all BatchPatch instances that you launch. Commands created under these interfaces appear hard-coded in the BatchPatch menu under ‘Actions > Execute remote process/command‘ as ‘Execute saved remote commands‘ and ‘Execute saved remote commands (logged output)‘, respectively.

More details on hard-coding custom commands into BatchPatch can be found here: How to Hard-Code Your Own Custom Commands in the BatchPatch Actions Menu

Once a command has been hard-coded into BatchPatch, not only is it available for direct execution on target computers, but now it can also be included in job queues or be executed by the Task Scheduler. You can see in the screenshot below that the Job Queue window shows all of my previously created hard-coded commands, deployments, copy jobs etc. I can add any of them to a job queue for automation.

Additionally, all job queues will appear along with all hard-coded commands, deployments, copy jobs etc in the Task Scheduler so that you can schedule any job queue or command that you have previously created.

Posted in Blog, General | Tagged , , | Comments closed

There are no applicable updates in the filtered collection

Sometimes we’ll get an email from someone who is confused about the message ‘There are no applicable updates in the filtered collection‘. They’ll note that when they execute ‘Check for available updates‘, BatchPatch finds updates, but when they execute ‘Download and install updates‘, BatchPatch reports There are no applicable updates in the filtered collection. Below I’ll explain why this happens, how to understand what is going on, and how to get past it.

When you perform a search for updates using ‘Check for available updates‘, BatchPatch utilizes the search preferences that you have configured under ‘Tools > Settings > Windows Update‘. You can see in the screenshot below that my search preferences are set to search for software updates (we generally recommend selecting ‘Important‘ and ‘Recommended‘ to emulate the search that the Windows Update Agent performs when searching for updates directly at the Windows Update control panel of a computer without using BatchPatch, but in this case I happened to have my setting on ‘Search for software updates‘ while I took screenshots for this blog posting).

You’ll also notice in the screenshot above that I have all ‘Update Classification Filtering‘ boxes unchecked. This creates a situation where even though BatchPatch finds updates when it searches for them, BatchPatch does not download or install any updates because the ‘Update Classification Filtering‘ checkboxes only apply to download and installation operations, while the ‘Search Preferences’ checkboxes apply to the search. When the ‘Download and install updates’ operation executes, instead of updates downloading and installing, BatchPatch displays There are no applicable updates in the filtered collection.

If we then look at the contents of the ‘Remote Agent Log‘ column we can see the details of exactly what occurred:

Six updates were found, but since all ‘Update Classification Filtering‘ boxes were unchecked in the settings, when BatchPatch applied the filters to the collection of updates that were found in the search, all updates were excluded. If you look at the section between “::Begin filtering collection” and “::End filtering collection” you can see that updates were “skipped” for the reasons shown, such as “Reason: UpdateClassification-Upgrades“, which indicates that the ‘Update Classification Filtering‘ box for “Include ‘Upgrades’” was not checked when the operation was executed.

There are other filters, in addition to the update classification filter, that could be the reason for you to find the filtered collection is empty when you attempt to download or install updates. The two other ways that updates get filtered are by date (see ‘Update Date Filtering‘ section of ‘Tools > Settings > Windows Update‘) and by including or excluding individual updates (see ‘Actions > Windows updates > Filter which available updates are included or excluding when downloading/installing‘). In all cases, when you see ‘There are no applicable updates in the filtered collection’ all you have to do is check the ‘Remote Agent Log’ data (either by viewing it directly in the ‘Remote Agent Log‘ column after a Windows Update action or by using ‘Actions > Windows updates > View BatchPatch.log‘ which will retrieve the BatchPatch.log file from the target computer’s remote working directory. This file will include the log data for every BatchPatch Windows Update action that you have ever launched (unless you have ever deleted the file or directory that contains it)). The log data detail will point you to the particular reason your filtered collection is empty, and then you can adjust your filters, as desired.

Posted in Blog, General, Tutorials | Tagged , , , | Comments closed

Windows Offline Update for Multiple Computers

You can use BatchPatch to apply Windows security updates to numerous computers that do not have internet access. Many organizations will have a high-security network where no computer on that network may access the internet. Further, it’s common to have the network so protected that it cannot even house a WSUS for update delivery. If you don’t have a WSUS and you don’t have internet access, how do you keep computers up to date? Below I’ll explain how you can use BatchPatch to fill the void.

On the one hand when you don’t allow the computers to access the internet, you increase their security by making it impossible to remotely access anything on the network, but on the other hand you make it harder to install updates, which is something you generally would want to do in order to improve security of the computers and close vulnerabilities in the operating systems. This is definitely a balancing act, but if you have a simple, straightforward method for applying updates to all of the offline computers, you’re going to be in much better shape than simply leaving the computers as-is, without ever updating them or with having to manually handle the update process on a periodic basis.

How does BatchPatch enable administrators to download and install security updates on an entire air-gapped / segregated network of computers?

BatchPatch actually provides a handful of different modes and methods for getting updates installed on offline computers. The method that you select will be primarily dependent on how strict the security rules and requirements are for the offline network. For example if the offline network is not completely air-gapped, and if you’re able and allowed to put BatchPatch on a computer that has both internet access as well as access to the computers on the offline network, then you’re going to select a different method than if the network is truly air-gapped or at least truly segregated such that no computer that has internet access can ever have direct access to computers on the network. However, even when you’re dealing with a completely segregated network, there might still be different levels of security required for that network. For example, in some cases you might be able and allowed to remove files from the offline network when needed, whereas in other cases the rules might be so strict that you are never allowed to remove anything from the offline network… or perhaps in some cases you are technically allowed to do such a thing, but the bureaucracy involved when it comes to change management processes is so burdensome that it’s barely ever worth actually trying to remove a file. BatchPatch provides different methods for each different scenario. There is always a balance between security and convenience, and BatchPatch attempts to provide the administrator with as much flexibility as possible to choose the least painful, most convenient method for any given offline network environment.

At the following page we go through all of the different scenarios, with detailed explanations. Each different scenario has a tutorial that explains how to download and install updates on your network, depending on the details and rules of your environment.

Cached Mode And Offline Windows Update

Posted in Blog, General | Tagged , , , | Comments closed