Blog | Page 24

Executing Processes on Computers that are Frequently Powered Off or Disconnected from the Network

By Scott | Published: May 2, 2016

Every administrator at one time or another has the need to update user computers that are rarely connected to the corporate network. Whether you need to install Windows Updates or update a third-party software product, it’s always a pain in the butt when the computer in question is a laptop that is rarely brought in to the office and put on the network.

BatchPatch makes this process as easy as possible because we provide an option in the Task Scheduler that enables the administrator to execute a custom process on a computer only after it first detects that the computer is connected to the network and powered on. The task option is titled ‘Run task immediately upon detecting target computer online.’ With this option you are able to schedule a particular task, such as ‘Download and install Windows Updates + Reboot if Required’ on a particular computer. BatchPatch will then check once per minute to see if that computer is online and responding to requests. If the computer responds, then BatchPatch will begin the task. If not, then BatchPatch will sleep for a minute before trying again. This process can be left to run indefinitely until it is complete.

Highlight the desired host(s) in the BatchPatch grid, and then select ‘Actions > Task scheduler > Create/modify scheduled task.’
Select the desired task from the ‘Task’ drop-down menu, and then check the box that says ‘Run task immediately upon detecting target computer online.’ Then click the OK button. The task does not have to be a built-in BatchPatch task. It can also be any custom script, process, or command that you have previously created inside of BatchPatch.
Lastly, enable the scheduler if it is not already running. To do this, click on the small clock icon in the upper right corner of the BatchPatch window. When it has been enabled it will be green (rather than red), and if you mouse over it you see a tooltip that says ‘Scheduler Enabled.’
That’s all there is to it. At this point you can sit back and wait for the task to complete, or better yet you can go on about your daily work. Simply check back on the status in BatchPatch at any time. If you’d like to take it one step further and configure an email alert to notify you when the task has been completed, this is also pretty simple. In this case you would create a job queue with two tasks in it. The first task would be your desired action, such as ‘Download and Install Windows Updates + Reboot if Required.’ The second task in the queue would be the email notification task. Then once you have saved this job queue, you can run it via the scheduler, using the same option that you used above to ‘Run task immediately upon detecting target computer online.’ This way, when the task completes you’ll get an email notification to let you know. More on email notifications can be found here: How to send email notifications in BatchPatch

Posted in Blog, General, Tutorials | Tagged offline, task scheduler | Comments closed

Uninstall QuickTime Remotely

By Scott | Published: April 26, 2016

By now most of you are probably aware that Apple is no longer going to be supporting or updating QuickTime for Windows: https://support.apple.com/kb/DL837?locale=en_US

The internet is abuzz with recommendations to remove QuickTime unless you know that you absolutely need it. If you’re not sure, you probably do *not* need it. Many of you are now focused on how to get it off of your user computers, so here’s a tutorial to remotely remove QuickTime from many computers using BatchPatch.

IMPORTANT: As always, please make sure to test any potentially destructive process or script on one computer before running that process or script on numerous computers!

Method 1 (Preferred Method): Uninstall a specific QuickTime version, by UninstallString:

First we need to locate the UninstallString value in the registry for the version of QuickTime that we want to remove. Generally one of the following two registry keys will contain the UninstallString value that we are looking for:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
OR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
On my test machine I located the UninstallString value for QuickTime 7.79.80.95, and it contains the following data:
MsiExec.exe /I{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}
In BatchPatch, highlight the target hosts and select ‘Actions > Execute remote process/command > Create/modify remote command 1’. Enter the following syntax into the command field, substituting the correct string for the particular version of QuickTime that you are uninstalling:
MsiExec.exe /qn /X{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C} /norestart
Click the ‘Execute’ button
In the ‘All Messages’ column we see Exit Code 0, which indicates success.

IMPORTANT NOTE:

Method 2 should be used with a bit of caution. The following uninstallation method utilizes the Win32_Product class. However, some sysadmins are opposed to using the Win32_Product class, and they have a good point. Before proceeding with this method, please review this article to learn why some sysadmins are opposed to using the Win32_Product class for software removal.

Method 2: Uninstall all versions of QuickTime, by name query

Method 1 and Method 2 are similar, except we change the query in Method 2 to include all software products on the computer that begin with the name ‘QuickTime’

In BatchPatch, highlight the target hosts and select ‘Actions > Execute remote process/command > Create/modify remote command 3 (logged output)’. Enter the following syntax into the command field:
wmic product where (name like 'QuickTime%') call uninstall
Click the ‘Execute’ button
You can see in the screenshot below that this command returns successfully with Exit Code 0. Also, the ‘Remote Command Output Log’ column shows the output that was returned by the target, giving us additional confirmation of what was executed. Note, in this case every app on the computer that has a name beginning with ‘QuickTime’ is removed.

Posted in Blog, General, Tutorials | Tagged remote software uninstall, remove quicktime, uinstall quicktime | Comments closed

Checking for Available Windows Updates on Windows 7 Targets Takes Too Long!

By Scott | Published: April 18, 2016

If you’re experiencing *very* slow Windows Updates processing (scanning, downloading, installing) with Windows 7, in particular, you’re not alone.

For approximately a year now Windows 7 users have been struggling with very slow performance during the scan for Windows Updates. The issue occurs regardless of whether you check for updates using BatchPatch or directly on a target computer in the control panel Windows Update GUI.

The problem appears to mostly affect machines with slower CPUs. For example, in our lab here we have an old Dell Netbook with Intel Atom CPU. In the most recent test, it took 18 hours just to check for available updates! And no, that is NOT a typo.

It’s hard to say *exactly* why the process is so slow, but it’s likely a combination of complex rule processing for update revisions, superseded updates, and update expiration, along with inefficiencies in the Windows Update Agent code that causes it to require a lot of CPU time, especially for older/slower CPUs. The following links have some good information on the likely causes:

https://superuser.com/questions/951960/windows-7-sp1-windows-update-stuck-checking-for-updates
https://superuser.com/questions/890038/why-is-checking-windows-update-so-slow

Over the past year Microsoft has released numerous updates to the Windows Update Agent, many of which were intended to address the slowness issue. However, here we are in April 2016, and the slowness is worse, not better. A year ago the same Dell netbook that took 18 hours to scan this month took only a few hours. And while a few hours is definitely NOT good performance by any means, it’s much better than 18 hours! Realistically though, the scan should only take minutes, not hours. Note, there does seem to be a correlation between the number of available updates and the time it takes for the scan to complete. For example, as soon as updates are installed on our lab Dell Netbook, the time it takes to check for updates drops to only a few minutes.

If you’re experiencing this slowness on any of your Windows 7 machines, there might finally be a solution!

The poster, EP, in the comments section on the following blog appears to have found the magic combination of updates required to fix the slowness.

He/she says:
"Install a COMBINATION of the following updates on Win7 SP1 -- KB3138612 AND KB3145739. I found out that patching KB3145739 alone without patching the WU Client for Win7 SP1 is not enough."

http://www.askwoody.com/2016/possible-fix-for-the-abysmally-slow-windows-7-update-scans/comment-page-3/#comment-80655

I can confirm that in our lab environment the machine that last week took 18 hours to scan for updates just now took only 10 minutes after installing both of the updates mentioned above. Also there have been numerous other reports from users around the web that this update combination worked in their environments to dramatically reduce scan times. Let’s just hope that it continues to hold up in the future.

2016-06-14 Update:

As of June 14th, the problem resurfaced, and apparently now you also need to install KB3161664 and possibly also KB3161608 to keep things moving. See https://www.askwoody.com/2016/win7-users-install-kb-3161664-to-speed-up-windows-update-scans/ for more information.

He/she says:
"The Windows Update search/scan 'forever' problem has once again resurfaced for Win7 SP1 as of June 14 (June Patch Tuesday). The KB3153199 Win7 updates are no longer doing the job. And once again a new win32k.sys security update (KB3161664) has been released (MS16-073), which supersedes/replaces KB3153199. Win7 SP1 users should now install KB3161664 to speed up Windows Update scans instead of KB3153199 as of today 6/14."

"It looks like Microsoft has released a more permanent fix to the problem KB3161647 which is part of the KB3161608 Update Rollup of June 2016. If KB3161664 win32k.sys fix is not installed, try installing the KB3161608 update rollup, which updates the WU client."

2016-10-19 Update:

Microsoft has written an article about this topic here:
https://support.microsoft.com/en-us/kb/3200747

Posted in Blog, General, Tutorials | Tagged windows 7, Windows Updates | Comments closed

How to Block the Windows 10 Upgrade

By Scott | Published: April 4, 2016

As most of already know, Microsoft has been pushing hard in the past few months to get Windows 10 installed on machines that are currently running Windows 7 and 8/8.1. We have received numerous emails from customers asking us how to prevent their computers from installing Windows 10 when using BatchPatch to apply Windows updates.

Do not try to “hide” the ‘Upgrade to Windows 10…’ update. This is not sufficient because it will only remain hidden until Microsoft re-releases it and effectively unhides it on your computers. You’d end up in a never-ending game of cat and mouse.
Do not try to “exclude” the ‘Upgrade to Windows 10…’ update. This will work, but you will have to exclude it every single time you apply Windows updates to your computers today or in the foreseeable future.

There is only one method that you should consider using to prevent the Windows 10 upgrade from running on your PCs. Microsoft describes in the following link setting two registry values to prevent the Windows 10 upgrade from running on a given computer:

https://support.microsoft.com/en-us/kb/3080351

If you are not using Group Policy to apply these settings in your organization, then you may use BatchPatch to deploy the registry settings to target computers. The process is simple.

First create a the .REG file. In Notepad add the following text and save the file as ‘Block Windows 10 Upgrade.reg’

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\GWX]
"DisableGwx"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DisableOSUpgrade"=dword:00000001

After you have created the ‘Block Windows 10 Upgrade.reg’ the next step is to deploy it to your computers. In BatchPatch highlight the desired target computers, and then select ‘Actions > Deploy > Create/modify deployment’
In the ‘Deployment’ window you’ll use the settings shown in the above screenshot, where the ‘Block Windows 10 Upgrade.reg’ file is the file you’ll be deploying.

After you execute the deployment, the ‘Deployment: Exit Code: 0’ indicates success. The registry values were applied to the target computers, and they will not be accidentally/automatically upgraded to Windows 10.

Posted in Blog, General, Tutorials | Tagged block windows 10 upgrade, deploy registry values | Comments closed

Remotely Deploy EMET 5.5 to Multiple Computers

By Scott | Published: March 28, 2016

If you need to deploy EMET (Enhanced Mitigation Experience Toolkit) to one or more computers on your network, you may follow the instructions below.

Download the EMET 5.5 .MSI installer file from Microsoft. At the time of this writing, it’s available from the following link: https://www.microsoft.com/en-us/download/details.aspx?id=50766.
I’ve saved the .MSI file to
E:\Temp\EMET\EMET setup.msi
In BatchPatch select the desired target computers that will be receiving the EMET deployment. Then select ‘Actions > Deploy > Create/modify deployment’. In the window that appears you must now select the .MSI file location as well as any other desired settings. For the sake of this EMET deployment, use the settings show in my sample screenshot below.
At this point we’re already ready to execute the deployment. Simply click the ‘Execute now’ button in the deployment form. Alternatively, you may save the deployment for later execution using the ‘>>’ button.

The deployment generally will not take very long to complete. On my test Windows 2012 target the entire process in BatchPatch took just 23 seconds. In the screenshot below you can see that upon completion BatchPatch printed Deployment: Exit Code: 0 (SUCCESS).
That’s all there is to it. EMET 5.5 has now been deployed to my Windows 2012 machine.

Posted in Blog, General, Tutorials | Tagged remote install, remote software install, software deployment, software installation | Comments closed

Offline Windows Update

By Scott | Published: March 21, 2016

Today I’d like to take a few minutes to go over the offline Windows Update capabilities that are built in to BatchPatch. One of the common problems that sysadmins have, particularly on secured networks, is getting their Windows systems updated without having access to the internet or a WSUS server (Windows Server Update Services). In BatchPatch we provide complete functionality for applying Windows Updates to systems that are members of a totally offline or segregated network.

BatchPatch essentially has four primary modes of operation when it comes to installing Windows Updates remotely:

BatchPatch Online Default Mode

**Online Windows updates with no caching**
(This mode is recommended for most environments)

The default configuration for BatchPatch works when all target computers have access to either ‘Windows Update,’ ‘Microsoft Update,’ or your own local managed WSUS server. In this configuration, BatchPatch instructs target computers to search for and download their own updates from the configured update service (Windows Update, Microsoft Update, or WSUS).

Tutorial: BatchPatch Online Default Mode

BatchPatch Online Cached Mode

**Online Windows updates with caching**
(This mode is recommended for environments with very limited internet bandwidth *and* no WSUS server)

With online cached mode enabled all target computers are required to have access to either ‘Windows Update,’ ‘Microsoft Update,’ or your own local managed WSUS server. In this configuration, BatchPatch instructs target computers to search for updates on the configured service (Windows Update, Microsoft Update, or WSUS), but update downloads only occur through the BatchPatch computer to the BatchPatch update cache. BatchPatch then distributes updates from its cache to target computers. While this process decreases the total bandwidth required to download updates since only one copy of each update is downloaded to the BatchPatch cache (instead of each computer downloading its own copy of each update), the overall process for applying Windows Updates takes longer to complete.

Tutorial: BatchPatch Online Cached Mode

BatchPatch Partially Offline Cached Mode

**Offline Windows updates with caching**
(The mode is recommended for restricted environments where target computers do *not* have access to the internet or a local WSUS but *do* have network access to an internet-connected computer running BatchPatch)

In this configuration, even though target computers do not have internet access, they do have access to the BatchPatch computer, which has access to the internet. The BatchPatch computer instructs target computers to perform an offline search for available updates. The BatchPatch computer then downloads all the necessary updates and distributes them to target computers.

Tutorial: BatchPatch Partially Offline Cached Mode

BatchPatch Completely Offline Cached Mode for Lower-Security Networks

**Offline Windows updates with caching**
(The mode is recommended for restricted environments where target computers are on a completely segregated, offline network, without access to the internet and without network access to an internet-connected computer running BatchPatch. In this scenario, administrators are required to manually copy a single text file from the offline network to an online network via an external flash drive or whatever means is convenient for the administrator)

In this configuration, since target computers do not have internet access and also do not have access to an internet-connected computer running BatchPatch, all updating occurs 100% offline. In this configuration, the search for available updates is performed offline, and then the list of available/needed updates is manually moved to an internet-connected computer running BatchPatch where the updates are downloaded. The entire update cache is then manually moved to the segregated/offline network where BatchPatch is used to distribute them to target computers.

Tutorial: BatchPatch Completely Offline Cached Mode for Lower-Security Networks

BatchPatch Completely Offline Cached Mode for High-Security Networks

**Offline Windows updates with caching**
(The mode is recommended for restricted environments where target computers are on a completely segregated, offline network, without access to the internet and without network access to an internet-connected computer running BatchPatch. In this scenario, the high-security nature of the offline network disallows any files from ever being transferred from the high-security offline network to another network. Files will only ever be transferred *to* the high-security offline network, but files will never need to be removed *from* the high security offline network)

In this configuration, since target computers do not have internet access and also do not have access to an internet-connected computer running BatchPatch, all updating occurs 100% offline. In this configuration, an internet-connected BatchPatch computer is used to pre-download all Windows updates to its local cache. The administrator then copies/moves the entire BatchPatch cache of updates to the completely offline network where BatchPatch is able to distribute the updates to all the target computers even though they do not have internet or WSUS access.

Tutorial: BatchPatch Completely Offline Cached Mode for High-Security Networks

Posted in Blog, General, Tutorials | Tagged offline windows update | Comments closed

Filter Which Available Updates Are Included Or Excluded When Downloading Or Installing Windows Updates

By Scott | Published: March 8, 2016

In the most recent release of BatchPatch (20160304) we added some new functionality for selecting individual updates to be downloaded / installed on target computers. In addition to the previously available textual filter list option, there is now also a graphical checkbox list available to make it easier to select the updates you want to include or exclude during download and install operations for Windows Update. Below I’ll show you to use it.

Start by highlighting the desired hosts and selecting ‘Actions > Windows Updates > Filter which available updates are included or excluded when downloading/installing > Include / exclude specific updates (graphical)’
A confirmation window appears because in order to provide a graphical list of available updates to select from, BatchPatch must first scan the selected target computers to see which updates are available to them. And since the scan might be initiated on a large number of computers, we also provide an option to used cached search results, if available. This way if you are going in and out of this particular form interface multiple times in succession, the search for updates won’t necessarily have to be repeated each time. We click OK to proceed with the search.
The window that appears displays a list of all available updates (based on the search criteria specified under ‘Tools > Settings > Windows Updates’) on all of the selected target computers. We can now check or uncheck the boxes next to each update that we want to include or exclude from any subsequent download / install operations for these hosts. For the sake of this demonstration I have de-selected all rows except for 2.
After clicking ‘OK’ BatchPatch informs us that the selected update filters have been applied to the corresponding rows in the source BatchPatch grid. We can see the application of the filter by looking at the contents of the ‘Download/Install Filter’ column for a given row, as illustrated by the screenshots below.

We are only including one update for installation on the 192.168.1.117 machine, and we can see that one update appear in our Download/Install Filter in the following screenshot.
At this point the filters have been applied. The next step is to initiate the download or install operation of your choice. Any Windows Update action that is initiated by BatchPatch while the existing filter list is in place will utilize that list for filtering which updates are included (or excluded) in the download / installation operation. That’s all there is to it. If you need to re-do the filter list for any reason, you can simply re-launch the ‘Individual Update Selection’ form using the instructions in this tutorial. Alternatively, if you need to clear the filter list altogether because you want to download or install all available updates on selected machines, then simply clear the filter list using ‘Actions > Windows Updates > Filter which available updates… > Clear filter list’

Posted in Blog, General, Tutorials | Tagged filter windows update selections, individual update selection, specific updates | Comments closed

Remotely Update Adobe Reader on Many Computers Simultaneously

By Scott | Published: March 1, 2016

Recently I published a tutorial on how to remotely deploy Adobe Reader to numerous computers. Today I’d like to do a follow-up tutorial that illustrates how to remotely update your existing Adobe Reader installations.

This tutorial assumes you have Adobe Reader 11.0 installed on target computers. If you do not already have Adobe Reader installed, you may follow this tutorial to remotely deploy it using BatchPatch. Then the instructions below can be used to update your Adobe Reader 11.0 installations to the latest/current version Adobe Reader 11.0.14.

Obtain the installation media for the 11.0.14 update. At the time of this writing the installation media can be downloaded from Adobe at the following link: Adobe Reader 11.0.14 Offline Update Media. Download the update titled ‘Adobe Reader 11.0.14 update – Multilingual (MUI) installer.’

After downloading the update file (I saved it on my BatchPatch computer to ‘E:\Temp\AdbeRdr11014_mui_update\AdbeRdrUpd11014_MUI.msp’) the deployment is very easily created by launching ‘Actions > Deploy > Create/modify deployment.’ Then in the Deployment form, simply select the .msp file using the file browser button. Optionally, you may give the deployment a title and then click the >> button to save the it for future usage.

The only thing left to do now is actually execute the deployment, which we’ll do by clicking ‘Execute now.’ On my test computer it only took about 20 seconds to apply the update. Upon successful completion BatchPatch displays Deployment: Exit Code: 0 (SUCCESS), which you can see in the screenshot below. That’s all there is to it!

Posted in Blog, General, Tutorials | Tagged adobe reader, deploy adobe, software deployment, update adobe | Comments closed

Remotely Install OpenType (.otf) or TrueType (.ttf) Fonts

By Scott | Published: February 22, 2016

A customer recently asked how he can use BatchPatch to deploy .otf and .ttf font files to remote computers. It’s a pretty simple and straightforward process. Below I’ll go through the steps.

Create a folder on your computer, and then place all of your .otf and .ttf font files in it.

Also create a new text file with a .cmd extension in that same directory. You may call the call the new file ‘Install Fonts.cmd’ or similar. You should now have a folder that looks something like the folder shown in the screenshot below:

Modify the contents of your .cmd file to include the necessary commands. In my script file below and in the screenshot you can see that I’ve simply taken the names of the font files and input them into the script contents accordingly:

copy "MySpecialOpenTypeFont-Bold.otf" "%SystemRoot%\Fonts"
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" /v "MySpecialOpenTypeFont-Bold (OpenType)" /t REG_SZ /d MySpecialOpenTypeFont-Bold.otf /f
 
copy "MySpecialOpenTypeFont-BoldItalic.otf" "%SystemRoot%\Fonts"
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" /v "MySpecialOpenTypeFont-BoldItalic (OpenType)" /t REG_SZ /d MySpecialOpenTypeFont-BoldItalic.otf /f
 
copy "MySpecialOpenTypeFont-ExtraBold.otf" "%SystemRoot%\Fonts"
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" /v "MySpecialOpenTypeFont-ExtraBold (OpenType)" /t REG_SZ /d MySpecialOpenTypeFont-ExtraBold.otf /f
 
copy "MySpecialTrueTypeFont-Bold.ttf" "%SystemRoot%\Fonts"
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" /v "MySpecialTrueTypeFont-Bold (TrueType)" /t REG_SZ /d MySpecialTrueTypeFont-Bold.ttf /f
 
copy "MySpecialTrueTypeFont-BoldItalic.ttf" "%SystemRoot%\Fonts"
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" /v "MySpecialTrueTypeFont-BoldItalic (TrueType)" /t REG_SZ /d MySpecialTrueTypeFont-BoldItalic.ttf /f
 
copy "MySpecialTrueTypeFont-ExtraBold.ttf" "%SystemRoot%\Fonts"
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" /v "MySpecialTrueTypeFont-ExtraBold (TrueType)" /t REG_SZ /d MySpecialTrueTypeFont-ExtraBold.ttf /f

Once you have the .cmd script file created with the appropriate contents in the same folder as the actual .ttf and .otf files, you can create the deployment in BatchPatch. Highlight the desired hosts/rows, and then select ‘Actions > Deployment > Create/modify deployment.’

You can see in the above screenshot that I have selected the ‘Install Fonts.cmd’ file, and I have checked the box that says “Copy entire directory…” When I click “Execute now” the folder that I created earlier containing the .otf and .ttf font files along with the ‘Install Fonts.cmd’ file will be copied to the target computers. BatchPatch will then remotely execute the ‘Install Fonts.cmd’ file, which will handle copying the .otf and .ttf files to the Windows Fonts directory along with creating the necessary registry entries for the new fonts. After successful execution, we see ‘Exit code: 0’ in BatchPatch.

The final step is to reboot the target machines. The fonts will not be available to applications until after the reboot. You can use BatchPatch to send the reboot command by selecting the target hosts and then choosing ‘Actions > Reboot.’

Posted in Blog, General, Tutorials | Tagged deploy fonts, font, install fonts, remotely deploy fonts | Comments closed

Frequently Asked Questions (FAQ)

By Scott | Published: February 11, 2016

FYI – There is a new FAQ posted here: BatchPatch – Frequently Asked Questions (FAQ)

We will be adding more to it in the coming weeks.

Posted in Blog, General | Tagged FAQ, frequently asked questions | Comments closed