Offline Windows Update

By Scott | Published: March 21, 2016

Today I’d like to take a few minutes to go over the offline Windows Update capabilities that are built in to BatchPatch. One of the common problems that sysadmins have, particularly on secured networks, is getting their Windows systems updated without having access to the internet or a WSUS server (Windows Server Update Services). In BatchPatch we provide complete functionality for applying Windows Updates to systems that are members of a totally offline or segregated network.

BatchPatch essentially has four primary modes of operation when it comes to installing Windows Updates remotely:

BatchPatch Online Default Mode

**Online Windows updates with no caching**
(This mode is recommended for most environments)

The default configuration for BatchPatch works when all target computers have access to either ‘Windows Update,’ ‘Microsoft Update,’ or your own local managed WSUS server. In this configuration, BatchPatch instructs target computers to search for and download their own updates from the configured update service (Windows Update, Microsoft Update, or WSUS).

Tutorial: BatchPatch Online Default Mode

BatchPatch Online Cached Mode

**Online Windows updates with caching**
(This mode is recommended for environments with very limited internet bandwidth *and* no WSUS server)

With online cached mode enabled all target computers are required to have access to either ‘Windows Update,’ ‘Microsoft Update,’ or your own local managed WSUS server. In this configuration, BatchPatch instructs target computers to search for updates on the configured service (Windows Update, Microsoft Update, or WSUS), but update downloads only occur through the BatchPatch computer to the BatchPatch update cache. BatchPatch then distributes updates from its cache to target computers. While this process decreases the total bandwidth required to download updates since only one copy of each update is downloaded to the BatchPatch cache (instead of each computer downloading its own copy of each update), the overall process for applying Windows Updates takes longer to complete.

Tutorial: BatchPatch Online Cached Mode

BatchPatch Partially Offline Cached Mode

**Offline Windows updates with caching**
(The mode is recommended for restricted environments where target computers do *not* have access to the internet or a local WSUS but *do* have network access to an internet-connected computer running BatchPatch)

In this configuration, even though target computers do not have internet access, they do have access to the BatchPatch computer, which has access to the internet. The BatchPatch computer instructs target computers to perform an offline search for available updates. The BatchPatch computer then downloads all the necessary updates and distributes them to target computers.

Tutorial: BatchPatch Partially Offline Cached Mode

BatchPatch Completely Offline Cached Mode for Lower-Security Networks

**Offline Windows updates with caching**
(The mode is recommended for restricted environments where target computers are on a completely segregated, offline network, without access to the internet and without network access to an internet-connected computer running BatchPatch. In this scenario, administrators are required to manually copy a single text file from the offline network to an online network via an external flash drive or whatever means is convenient for the administrator)

In this configuration, since target computers do not have internet access and also do not have access to an internet-connected computer running BatchPatch, all updating occurs 100% offline. In this configuration, the search for available updates is performed offline, and then the list of available/needed updates is manually moved to an internet-connected computer running BatchPatch where the updates are downloaded. The entire update cache is then manually moved to the segregated/offline network where BatchPatch is used to distribute them to target computers.

Tutorial: BatchPatch Completely Offline Cached Mode for Lower-Security Networks

BatchPatch Completely Offline Cached Mode for High-Security Networks

**Offline Windows updates with caching**
(The mode is recommended for restricted environments where target computers are on a completely segregated, offline network, without access to the internet and without network access to an internet-connected computer running BatchPatch. In this scenario, the high-security nature of the offline network disallows any files from ever being transferred from the high-security offline network to another network. Files will only ever be transferred *to* the high-security offline network, but files will never need to be removed *from* the high security offline network)

In this configuration, since target computers do not have internet access and also do not have access to an internet-connected computer running BatchPatch, all updating occurs 100% offline. In this configuration, an internet-connected BatchPatch computer is used to pre-download all Windows updates to its local cache. The administrator then copies/moves the entire BatchPatch cache of updates to the completely offline network where BatchPatch is able to distribute the updates to all the target computers even though they do not have internet or WSUS access.

Tutorial: BatchPatch Completely Offline Cached Mode for High-Security Networks

Posted in Blog, General, Tutorials | Tagged | Comments closed

Filter Which Available Updates Are Included Or Excluded When Downloading Or Installing Windows Updates

By Scott | Published: March 8, 2016

In the most recent release of BatchPatch (20160304) we added some new functionality for selecting individual updates to be downloaded / installed on target computers. In addition to the previously available textual filter list option, there is now also a graphical checkbox list available to make it easier to select the updates you want to include or exclude during download and install operations for Windows Update. Below I’ll show you to use it.

  1. Start by highlighting the desired hosts and selecting ‘Actions > Windows Updates > Filter which available updates are included or excluded when downloading/installing > Include / exclude specific updates (graphical)’
    2016-03-08 14_16_11-Photos
  2. A confirmation window appears because in order to provide a graphical list of available updates to select from, BatchPatch must first scan the selected target computers to see which updates are available to them. And since the scan might be initiated on a large number of computers, we also provide an option to used cached search results, if available. This way if you are going in and out of this particular form interface multiple times in succession, the search for updates won’t necessarily have to be repeated each time. We click OK to proceed with the search.
    2016-03-08 14_19_26-Settings
  3. The window that appears displays a list of all available updates (based on the search criteria specified under ‘Tools > Settings > Windows Updates’) on all of the selected target computers. We can now check or uncheck the boxes next to each update that we want to include or exclude from any subsequent download / install operations for these hosts. For the sake of this demonstration I have de-selected all rows except for 2.
    2016-03-08 14_37_57-Individual Update Selection
  4. After clicking ‘OK’ BatchPatch informs us that the selected update filters have been applied to the corresponding rows in the source BatchPatch grid. We can see the application of the filter by looking at the contents of the ‘Download/Install Filter’ column for a given row, as illustrated by the screenshots below.
    2016-03-08 14_39_41-Settings

    We are only including one update for installation on the 192.168.1.117 machine, and we can see that one update appear in our Download/Install Filter in the following screenshot.
    2016-03-08 14_40_46-Settings
  5. At this point the filters have been applied. The next step is to initiate the download or install operation of your choice. Any Windows Update action that is initiated by BatchPatch while the existing filter list is in place will utilize that list for filtering which updates are included (or excluded) in the download / installation operation. That’s all there is to it. If you need to re-do the filter list for any reason, you can simply re-launch the ‘Individual Update Selection’ form using the instructions in this tutorial. Alternatively, if you need to clear the filter list altogether because you want to download or install all available updates on selected machines, then simply clear the filter list using ‘Actions > Windows Updates > Filter which available updates… > Clear filter list’
Posted in Blog, General, Tutorials | Tagged , , | Comments closed

Remotely Update Adobe Reader on Many Computers Simultaneously

By Scott | Published: March 1, 2016

Recently I published a tutorial on how to remotely deploy Adobe Reader to numerous computers. Today I’d like to do a follow-up tutorial that illustrates how to remotely update your existing Adobe Reader installations.

This tutorial assumes you have Adobe Reader 11.0 installed on target computers. If you do not already have Adobe Reader installed, you may follow this tutorial to remotely deploy it using BatchPatch. Then the instructions below can be used to update your Adobe Reader 11.0 installations to the latest/current version Adobe Reader 11.0.14.

  1. Obtain the installation media for the 11.0.14 update. At the time of this writing the installation media can be downloaded from Adobe at the following link: Adobe Reader 11.0.14 Offline Update Media. Download the update titled ‘Adobe Reader 11.0.14 update – Multilingual (MUI) installer.’
    2016-03-01 15_13_48-Adobe - Adobe Reader _ For Windows

  2. After downloading the update file (I saved it on my BatchPatch computer to ‘E:\Temp\AdbeRdr11014_mui_update\AdbeRdrUpd11014_MUI.msp’) the deployment is very easily created by launching ‘Actions > Deploy > Create/modify deployment.’ Then in the Deployment form, simply select the .msp file using the file browser button. Optionally, you may give the deployment a title and then click the >> button to save the it for future usage.
    2016-03-01 15_22_10-Deploy .msi .msp .msu .exe .reg .vbs .bat .cmd .ps1 etc

  3. The only thing left to do now is actually execute the deployment, which we’ll do by clicking ‘Execute now.’ On my test computer it only took about 20 seconds to apply the update. Upon successful completion BatchPatch displays Deployment: Exit Code: 0 (SUCCESS), which you can see in the screenshot below. That’s all there is to it!
    2016-03-01 15_29_27-new 1 - BatchPatch X1
Posted in Blog, General, Tutorials | Tagged , , , | Comments closed

Remotely Install OpenType (.otf) or TrueType (.ttf) Fonts

By Scott | Published: February 22, 2016

A customer recently asked how he can use BatchPatch to deploy .otf and .ttf font files to remote computers. It’s a pretty simple and straightforward process. Below I’ll go through the steps.

  1. Create a folder on your computer, and then place all of your .otf and .ttf font files in it.

  2. Also create a new text file with a .cmd extension in that same directory. You may call the call the new file ‘Install Fonts.cmd’ or similar. You should now have a folder that looks something like the folder shown in the screenshot below:
    2016-02-22 17_30_38-FontsToDeploy

  3. Modify the contents of your .cmd file to include the necessary commands. In my script file below and in the screenshot you can see that I’ve simply taken the names of the font files and input them into the script contents accordingly: 
    copy "MySpecialOpenTypeFont-Bold.otf" "%SystemRoot%\Fonts"
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" /v "MySpecialOpenTypeFont-Bold (OpenType)" /t REG_SZ /d MySpecialOpenTypeFont-Bold.otf /f
 
copy "MySpecialOpenTypeFont-BoldItalic.otf" "%SystemRoot%\Fonts"
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" /v "MySpecialOpenTypeFont-BoldItalic (OpenType)" /t REG_SZ /d MySpecialOpenTypeFont-BoldItalic.otf /f
 
copy "MySpecialOpenTypeFont-ExtraBold.otf" "%SystemRoot%\Fonts"
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" /v "MySpecialOpenTypeFont-ExtraBold (OpenType)" /t REG_SZ /d MySpecialOpenTypeFont-ExtraBold.otf /f
 
copy "MySpecialTrueTypeFont-Bold.ttf" "%SystemRoot%\Fonts"
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" /v "MySpecialTrueTypeFont-Bold (TrueType)" /t REG_SZ /d MySpecialTrueTypeFont-Bold.ttf /f
 
copy "MySpecialTrueTypeFont-BoldItalic.ttf" "%SystemRoot%\Fonts"
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" /v "MySpecialTrueTypeFont-BoldItalic (TrueType)" /t REG_SZ /d MySpecialTrueTypeFont-BoldItalic.ttf /f
 
copy "MySpecialTrueTypeFont-ExtraBold.ttf" "%SystemRoot%\Fonts"
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" /v "MySpecialTrueTypeFont-ExtraBold (TrueType)" /t REG_SZ /d MySpecialTrueTypeFont-ExtraBold.ttf /f

    2016-02-22 17_30_29-E__Temp_FontsToDeploy_Install Fonts.cmd - Notepad++

  4. Once you have the .cmd script file created with the appropriate contents in the same folder as the actual .ttf and .otf files, you can create the deployment in BatchPatch. Highlight the desired hosts/rows, and then select ‘Actions > Deployment > Create/modify deployment.’
    2016-02-22 17_47_29-Deploy .msi .msp .msu .exe .reg .vbs .bat .cmd .ps1 etc

  5. You can see in the above screenshot that I have selected the ‘Install Fonts.cmd’ file, and I have checked the box that says “Copy entire directory…” When I click “Execute now” the folder that I created earlier containing the .otf and .ttf font files along with the ‘Install Fonts.cmd’ file will be copied to the target computers. BatchPatch will then remotely execute the ‘Install Fonts.cmd’ file, which will handle copying the .otf and .ttf files to the Windows Fonts directory along with creating the necessary registry entries for the new fonts. After successful execution, we see ‘Exit code: 0’ in BatchPatch.
    2016-02-22 17_53_56-new 1 - BatchPatch X1

  6. The final step is to reboot the target machines. The fonts will not be available to applications until after the reboot. You can use BatchPatch to send the reboot command by selecting the target hosts and then choosing ‘Actions > Reboot.’
    2016-02-22 17_55_03-new 1 - BatchPatch X1
Posted in Blog, General, Tutorials | Tagged , , , | Comments closed

Frequently Asked Questions (FAQ)

By Scott | Published: February 11, 2016

FYI – There is a new FAQ posted here: BatchPatch – Frequently Asked Questions (FAQ)

We will be adding more to it in the coming weeks.

Posted in Blog, General | Tagged , | Comments closed

Uninstall Windows Updates Remotely

By Scott | Published: February 4, 2016

It seems like in the past year or so there has been a pretty significant need to remotely uninstall Windows Updates after discovering that a particular update has caused a problem in one’s environment. Unfortunately it’s often the case that even after testing updates in a lab environment, upon final deployment to production there are unexpected issues that can occur. Inevitably, at one point or another, most systems administrators end up having to remove updates that have been previously installed. While this isn’t necessarily always a huge deal, the reality is a problematic Windows Update can wreak havoc in certain situations. When it’s discovered that a particular update is causing major problems, usually it needs to be removed as quickly as possible. Sure, it’s easy enough to manual remove an update from each computer one at a time, but who has time for that, especially when management is breathing down your neck to rectify a major problem rapidly? That’s where BatchPatch comes in.

  1. Identify the KB number of the update that you want to remove. For this example we will uninstall KB3078405

  2. In BatchPatch highlight all of the computers that need to have the update removed, and then select ‘Actions > Windows Updates > Uninstall individual update.’
    2016-02-04 15_04_13-

  3. In the form that appears, enter the KB number for the update you wish to remove. Optionally uncheck the “norestart” checkbox. In general I prefer to leave “norestart” checked. Then after the update has been removed BatchPatch will report if it requires a restart, and then I can use BatchPatch to initiate the restart and monitor the computers as they go offline and come back online. If “norestart” is unchecked, then the target computers will be able to reboot themselves at the end of the uninstallation, rather than BatchPatch initiating the reboot. Having BatchPatch initiate the reboot at the moment I give the command allows me to have a bit more control over the exact timing of the process, making it easier to monitor and confirm completion.
    2016-02-04 15_07_02-

  4. In this case the update uninstallation completed successfully, but the exit code indicates that a reboot IS required. And so now we can simply initiate a reboot within BatchPatch (‘Actions > Reboot > Reboot (force, if required)’).
    2016-02-04 15_24_09-
Posted in Blog, General, Tutorials | Tagged , , | Comments closed

Remotely Deploy Google Chrome to Numerous Computers

By Scott | Published: January 27, 2016

I’ve posted a handful of deployment tutorials in recent months, but I’ve never demonstrated how to remotely install one of the most popular web browsers — Google Chrome. Today I’ll show you how to use BatchPatch to deploy Chrome to many remote computers in just a few clicks.

  1. When performing software deployments, I like to see if a .MSI installer package is available first. While there is nothing inherently wrong with using a .EXE for a deployment, the reason that .MSI packages are nice is because then we don’t have to go searching for the proper silent installation parameters to use with the .EXE. In the case of Chrome, Google does make available a .MSI installation package that we can easily use with BatchPatch for remotely installing Chrome on our network of computers. Start by downloading the .MSI from https://www.google.com/work/chrome/browser/

  2. Select the hosts that you wish to include in the deployment. Then select ‘Actions > Deploy software > Create/modify deployment.’ In the deployment window, browse to the .MSI file that you saved in the previous step, and then make sure the “install” radio button is selected.
    2016-01-27 14_19_43-Store

  3. To execute the deployment, simply click on the ‘Execute now’ button. Alternatively, if you want to save the deployment for executing later, you can click on the >> double-arrow button.

  4. Once the deployment execution has begun, you can sit back and wait until it completes. Generally this should only be a minute or two, depending on network conditions and how long it takes for BatchPatch to copy the .MSI file to the target computers. Note, you can modify the number of simultaneous file-copy operations allowed in BatchPatch under ‘Tools > Settings > Concurrent file-copy operations maximum.’ When the remote installation is complete, BatchPatch will display:

    Exit Code: 0 (SUCCESS)

    2016-01-27 14_27_57-new 1 - BatchPatch X1

Posted in Blog, General, Tutorials | Tagged , , , , | Comments closed

Using BatchPatch as a WSUS Alternative

By Scott | Published: January 14, 2016

One of the questions we regularly receive from users is “What is the best way to use BatchPatch as an alternative to WSUS?” Even though WSUS is free, lightweight, and relatively easy to install and manage, there are certainly cases where administrators don’t already have it and don’t want to deal with installing or managing it. After all, it *is* yet another thing to manage. Or perhaps there just isn’t any spare equipment to install it on. Whatever the reason, no matter. Below I describe how to get the most out of BatchPatch as a WSUS alternative.

  1. First, follow the steps outlined on this page to configure your environment to work with BatchPatch: Getting Started with BatchPatch

  2. Next, decide where you want to retrieve updates from. Since you are not using WSUS, your options are to use either ‘Windows Update’ or ‘Microsoft Update.’ ‘Windows Update’ provides updates for just Windows operating systems, while ‘Microsoft Update’ provides updates for Windows operating systems PLUS updates for other Microsoft applications. You can easily switch between the two at any time, so there is no problem starting with ‘Windows Update’ and switching later. If you have decided to use ‘Microsoft Update’ then in BatchPatch you can configure target computers to use ‘Microsoft Update’ by first opting-in to the service on those computers. Highlight the computers in your BatchPatch grid, and then select ‘Actions > Windows Updates > Opt-in.’ After the computers are opted-in to the service, set BatchPatch to use it under ‘Tools > Settings > Server selection > Microsoft Update.’
    2016-01-14 20_27_27-
    2016-01-14 20_25_56-Program Manager

  3. At this point, you’re ready to start updating your computers without a WSUS. Highlight the desired computers in the BatchPatch grid, and then select ‘Actions > Windows Update > Download and install updates’ (or whichever action you prefer). The configuration described above is the easiest way to use BatchPatch. However, in this configuration each computer will download its own set of updates from Microsoft. Some administrators might want to prevent all the computers from reaching out to Microsoft, and instead they want to use BatchPatch to centrally download the updates on just one computer to then distribute to all of the target computers. We have a page dedicated to this type of usage, which you can see here: Cached Mode and Offline Updates

  4. IMPORTANT: If you want to prevent your Windows 10 computers from automatically installing updates you may use the Group Policy (or local policy) ‘Configure Automatic Updates‘ which is available under ‘Computer Configuration > Administrative Templates > Windows Components > Windows Update‘. Setting the value to either ‘2 – Notify for download and notify for install’ or ‘3 – Auto download and notify for install’ will prevent them from installing on their own so that you can instead trigger the install from BatchPatch.

Additional Tutorials for Using BatchPatch as a WSUS Alternative

Posted in Blog, General, Tutorials | Tagged | Comments closed

Uninstall Skype Remotely

By Scott | Published: January 7, 2016

We are going to uninstall Skype remotely in almost exactly the same way that we installed Skype remotely.

  1. Obtain the .msi installer package from http://www.skype.com/go/getskype-msi.

  2. In BatchPatch select ‘Actions > Deploy > Create/modify deployment.’ Then choose the deployment options just like my screenshot below. Notice that I have selected the path to the .msi installer, and then I have checked the ‘uninstall’ radio button along with the ‘norestart’ option.
    2016-01-07 13_52_11-Deploy .msi .msp .msu .exe .reg .vbs .bat .cmd .ps1 etc

  3. Next, we can simply choose ‘Execute now’ to uninstall Skype from the hosts that are currently selected in the BatchPatch grid. Click OK to confirm the deployment.
    2016-01-07 14_09_01-new 1 - BatchPatch X3

  4. The remote uninstallation has completed. Exit Code: 0 (SUCCESS), indicates that we are done and the uninstallation was successful.
    2016-01-07 14_12_09-new 1 - BatchPatch X3
Posted in Blog, General, Tutorials | Tagged , , , | Comments closed

Remotely Installing Skype on Many Computers

By Scott | Published: January 7, 2016

Installing Skype remotely isn’t much different than installing other applications remotely. Here’s how it goes:

  1. Obtain the Skype .msi installer from http://www.skype.com/go/getskype-msi. If you just go to skype.com and choose the “download” option, you will end up with the .exe version of the installer, not the .msi version. And while the .exe version does apparently support silent installation, since Microsoft also makes available a .msi version, I selected the .msi version for ease of operation. The reason for this is because with the .msi there is no need for me to find the proper silent installation switches that are available in the .exe version.

  2. Now that I’ve saved the .msi installer to my computer, I’m ready to configure the deployment. Select your target hosts in the BatchPatch grid, and then choose ‘Actions > Deploy > Create/modify deployment.’

  3. In the Deployment window that appears, select the location of the .msi file, and check the desired Windows Installer Options. In this case I’ve selected ‘install’ and ‘norestart’ to make sure that if a restart is required by the installer, it won’t happen automatically and catch me off guard. It turns out that the Skype installer generally should not require a restart, but it’s always a good safety precaution to use the ‘norestart’ switch just in case. If the installation completes and says that it needs a restart, I can always then initiate the restart using BatchPatch. In the screenshot below you can see that I’ve setup the deployment, and it’s ready to be executed. If you want to save the deployment configuration for future use, simply click the double-arrow >> button to add the deployment to the ‘Saved Deployments’ grid.
    2016-01-07 13_32_08-Deploy .msi .msp .msu .exe .reg .vbs .bat .cmd .ps1 etc

  4. The last step is to execute the deployment. You can do this directly from the Deployment window with the ‘Execute now’ button, or if you saved the deployment configuration, you could do this from the BatchPatch Actions menu. For the sake of this example, I’ll go ahead and execute it from the Actions menu since I did already save the configuration. I highlighted the target that I want to deploy to, and I selected ‘Actions > Deploy > Execute saved deployments > Skype Install.’
    2016-01-07 13_38_03-

  5. Click OK to confirm the deployment execution.
    2016-01-07 13_40_05-new 1 - BatchPatch X3

  6. That’s all there is to it. We can see the Exit Code: 0 (SUCCESS), which indicates that we are done!
    2016-01-07 13_42_39-new 1 - BatchPatch X3

If you need to uninstall Skype remotely, please follow the instructions at this link.

Posted in Blog, General, Tutorials | Tagged , , , , | Comments closed