Remotely Deploy Windows Updates To Computers With No Internet Access

We recently added two new features to BatchPatch: Cached Mode and Offline Mode. The use of these two features together enables administrators to deploy windows updates to remote computers when the computers do not have internet access.

For those of you who are working with highly secure networks that are completely detached from the world, or if you simply have a network that doesn’t have internet access or a WSUS server, you can use Offline Mode to install windows updates on all of your computers, simultaneously, in just a few steps.

The general outline is as follows:

  1. Enable both Cached Mode and Offline Mode in BatchPatch.
  2. Run BatchPatch in the offline network to determine which updates are needed by the target computers.
  3. Run BatchPatch on a computer that *does* have internet access, so that it can download the updates needed by the offline computers.
  4. Copy all of the downloaded update files on an external hard drive to the offline network.
  5. Run BatchPatch on the offline network to deploy the repository of updates that were copied in the previous step.

The detailed tutorials are below:

Offline Mode When BatchPatch Has Internet Access But Target Computers Do Not

If you’re using BatchPatch on a network where BatchPatch has access to the internet but the target computers that you’re deploying updates on do not have internet access, then please follow this tutorial:
Using BatchPatch In ‘Offline Mode’ When BatchPatch Has Internet Access

Offline Mode When BatchPatch And Target Computer Do Not Have Internet Access

If you’re using BatchPatch on a network where neither the BatchPatch computer nor the target computers have internet access, please follow this tutorial:
Using BatchPatch In Offline Mode When BatchPatch Does Not Have Internet Access
BatchPatchCachedModeOfflineModeEnabled

Posted in Blog, General, Tutorials | Tagged , , | Comments closed

Getting The Most Out Of BatchPatch

We’ve been doing our best to get new features and functionality added to BatchPatch as quickly as possible, and there’s still a lot more to come. However, today I wanted to take some time to discuss how to get the most out of what’s currently available. Below are some tips for general BatchPatch usage to help an administrator work as efficiently as possible.

Organization:

Using BatchPatch Project (BPP) Files
When you’re managing a large number of hosts it’s likely that you’ll have them divided into groups. For example, you might have production SQL servers in one group, testing SQL servers in another, email servers in another, and so on. Aside from being able to load different groups of computers into different BatchPatch tabs, you might find that creating .bpp files helps you streamline your process. A .bpp file is simply a text file with a .bpp extension that contains a list of filepaths, with each filepath pointing to a different .bps or .bpt file. The nice thing about .bpp files is it gives you another level of organization. So, let’s say you have 5 tabs of database servers… DatabaseGroup1, DatabaseGroup2, DatabaseGroup3… DatabaseGroup5. And let’s also assume you have saved each tab to its own .bps file. Well, if you create a .bpp file either through ‘File > Generate project file’ or by manually editing a text file, you can easily group all of your database servers into a single project. If you launch the single .bpp file in BatchPatch, it will automatically populate the 5 grids with each database server group. You can take this a step further and create one .bpp file for each instance of BatchPatch that you want to run. Then if you launch multiple .bpp files at once, each .bpp file will create a brand new instance of BatchPatch. Each instance will contain one tab for each filepath specfied in the corresponding .bpp file. So, if you have 5 .bpp files, and each .bpp file contains 5 filepaths to different .bps or .bpt files, then when you launch all 5 .bpp files you’ll end up with 5 separate instances of BatchPatch. Each instance will contain 5 tabs.

Using BatchPatch Template (BPT) Files
.bpt files are another convenient way for staying organized when it comes to setting up your BatchPatch instances. A .bpt file is identical to a .bps file in every way except for the file extension which is .bpt instead of .bps, of course. You can create a .bpt file by either manually renaming a .bps file or by using the ‘File > Generate template file’ option in BatchPatch. .bpt files are nice because they allow you to create a template grid that BatchPatch will never overwrite. So, let’s say you want to start your patching run this week/month/quarter, and you load several .bpt files into BatchPatch. Each file might contain entries in the ‘host’ column and the ‘notes’ column. If you execute actions on the hosts in the grid and then go to save the grid, you will be prompted to save a new .bps file rather than overwriting the existing .bpt file. There’s nothing more to it, but this simple task can make it easier to repeat tasks each week or month without having to copy and paste, and without having to worry about accidentally overwriting a .bps file that you were using as a template.

Row Separators
What if you have a need/desire to have only a single tab of computers, but you want to create some visual separate between the servers in that single grid? You can create a “spacer” row using the “Enable/disable” feature. Create a “dummy” row and then use ‘Actions > Enable/disable’ to disable the row, which will color it dark gray. Voila! Now it functions as a visual separator.
BPSpacerRows

Efficiency:

Customizing Toolstrip Buttons:
Did you know that you can customize the buttons that are displayed on the toolstrip, thereby enabling you to have almost any BatchPatch action be available with a single click. Click on ‘Tools > Customize visible toolstrip buttons.’ From there you can simply select any action that you want to appear on the toolstrip.

Hard-coding User-defined Commands Into the BatchPatch Menu:
A lot of BatchPatch users have a set of remote commands that they regularly run on target hosts, either to collect information or to execute remote processes. BatchPatch allows you to “hard-code” any command into the BatchPatch menu so that commands you use frequently that aren’t built-in to BatchPatch are just as easily accessible to you as commands that are pre-built-in to the application. For example, BatchPatch has a built-in action for killing remote processes. You can select ‘Actions > Services / Processes > Kill specific running process,’ which lets you input a process name or PID to kill on target systems. This is great, but what if for some reason you always find yourself having to kill the same rogue process repeatedly on your systems? Wouldn’t it be nice to not always have to type in the process name? Well, you can create a user-defined command under ‘Actions > Remote process/command > Create / modify user-defined commands.’ You could then enter the following command into the window provided.

WMIC PROCESS where name='rogueProcess.exe' call terminate

Once you’ve entered a command, it will now be automatically saved so that it appears hard-coded in the ‘Actions > Remote process/command > Execute user-defined commands’ menu! Pretty neat. Now any time you need to kill that rogue process, you can simply click on the menu item that you just created, and that process will be killed without prompting you to enter a process name.

Middle-click Cells to View Cell Contents:
Any time you need to see the entire contents of a cell in a BatchPatch grid, the easiest way to do this is to just middle-click (scroll-wheel-click) on the cell. The cell contents are displayed in a custom tooltip window.

Right-click-drag on Cell Contents Tooltip to Move it to a New Location:
You can move the cell contents tooltip window around on your screen by right-clicking anywhere on it, and then dragging it to a new location.

Posted in Blog, General, Tutorials | Tagged | Comments closed

Using BatchPatch In ‘Offline Mode’ When BatchPatch Does *Not* Have Internet Access

When cached mode is enabled, the computer that is running BatchPatch will download updates for all target computers directly to its local cache directory. Target computers will not individually download their own updates from Microsoft or a WSUS. Instead BatchPatch will distribute updates to target computers from its cache. Cached mode can also be used in conjunction with offline mode, which enables an administrator to apply Windows Updates to computers that don’t have internet access or access to a managed update server such as WSUS.

For more details on the various ways you can use ‘cached mode’ and ‘offline mode’ please see: Cached Mode and Offline Updates

This tutorial demonstrates how to use BatchPatch in offline mode to download and install updates on multiple computers attached to a network that does not have any internet access. In this tutorial, the computer that runs BatchPatch will instruct all target computers to perform an offline search for updates against the offline scan file that Microsoft publishes monthly. The list of available updates from each target computer is transferred back to the BatchPatch computer to be saved as a .bpurl file. The .bpurl file is then manually transferred by the administrator to a computer that has internet access, where it can then be used to download all of the updates to a local repository. The repository is then manually transferred by the administrator back to the offline network. From there BatchPatch is able to distribute the updates to target computers and initiate the installation process. In this way all of the computers attached to the offline network can be updated very easily with minimal time and labor.

The video tutorial is available here: Using ‘Offline Mode’ to Install Windows Updates on Computers That Do Not Have Internet Access or WSUS Access – Video Tutorial

  1. Enable cached mode and offline mode. Go to Tools > Settings > Windows Update, and then check the box to enable cached mode as well as the box to enable offline mode. Also set the Local update cache directory to a folder on your computer that has enough free space to store numerous Windows Update files. The amount of space required completely depends on how many updates need to be applied to target computers, the size of each update, the number of different operating systems you are deploying to, and whether or not you choose to retain cached files after they have been distributed to target computers. When cached mode and offline mode have been enabled, indicators are placed in the upper-right corner of the BatchPatch window.
    BatchPatchToolsSettingsOfflineMode
  2. In the same Tools > Settings > Windows Update window, also take note of the Server Selection option. When cached mode and offline mode are both enabled, target hosts will perform an offline search for updates against the offline scan file that Microsoft publishes each month. The target hosts will then report back to BatchPatch with their lists of available updates. BatchPatch will then download the updates from Microsoft’s public server. The Server Selection setting is disabled/grayed-out when offline mode is enabled because in this case the search for updates by each target computer is always performed against the Microsoft offline scan file, with the actual update files being retrieved by BatchPatch from Microsoft’s public server.
  3. On a computer that does have internet access we have to download the Microsoft Offline Scan file. Launch BatchPatch and click on Tools > Download Microsoft Offline Scan File. If the menu item is disabled/grayed-out, please make sure that cached mode has been enabled. Once cached mode is enabled, the menu item will no longer be grayed-out. The local downloader form will be displayed, and the WsusScn2.cab file will be downloaded to the local cache directory specified in step 1.
    BatchPatchDownloadMicrosoftOfflineScanFileMenuItem

    BatchPatchDownloadMicrosoftOfflineScanFile
  4. Now that the Microsoft Offline Scan file has been downloaded to the cache directory, the directory needs to be manually moved to the offline network. Use whatever method you prefer, such as copying the directory to a USB drive, and then moving that USB drive to a computer on the offline network. Once the cache directory has been moved to a computer in the offline network, launch BatchPatch on that computer and make sure that cached mode and offline mode are both enabled, and that the local cache directory setting in Tools > Settings > Windows Update is pointing to the same location as the Microsoft Offline Scan file (WsusScn2.cab).
  5. Add hosts to the BatchPatch grid using File > Add hosts…
    BatchPatchAddHostsOfflineMode
  6. With cached mode and offline mode enabled, we now need to check for available updates and generate a consolidated URL list. Highlight the target hosts in the BatchPatch grid and select Actions > Windows Updates > Retrieve consolidated url list of available updates. During this process BatchPatch will first copy the wsusscn2.cab file to the target computers. The target computers will then use the wsussc2.cab file to determine what updates are available for installation. The list of available updates will be reported back to BatchPatch.
    BatchPatchRetrieveConsolidatedUrlListOfAvailableUpdates
  7. When the action completes, we’ll have a list of update files and urls presented in a new window. Duplicates are automatically removed so that only one copy of each needed update is displayed. However, since we do not have internet access on the computer that’s running BatchPatch, we cannot download the updates directly from this window. Instead, save the url list to a file, using File > Save.
    BatchPatchConsolidatedUrlList
  8. The next step is to move the new .bpurl file that you just created back to the computer that has internet access. Launch BatchPatch on this computer, and then select File > Open BP Url List… and browse to the .bpurl file that you created in the previous step. Now use the Download files to local cache button at the top of the form to initiate the download process. A new BP Update Downloader window will be launched, and the download process will begin.
    BatchPatchOpenBPUrlListMenuItem
    BatchPatchConsolidatedUrlList2
    BatchPatchUpdateDownloaderDownloadingUpdates
  9. Once the download process has completed, all of the files required by the target computers should be sitting in the local cache directory. So, the next step is to move the populated cache directory to a computer on the offline network. Again, please use whatever method is appropriate for your environment in order to transfer the files from the online network to the offline network, such as a USB drive.
  10. At this point the setup process is complete. You should have a folder full of update files on a computer that is attached to the offline network. BatchPatch should be launched with cached mode and offline mode enabled. The local update cache directory specified in Tools > Settings > Windows Update must point to the directory that contains all of the update files that you just moved. You may now proceed to update your computers. Highlight your hosts in the grid and select Actions > Windows Updates > Download and install updates + reboot if required. The target computers will now all “download” their updates from the BatchPatch computer’s local cache. I use quotation marks around “download” because what actually happens is the BatchPatch computer copies the appropriate update files to the target computers. The target computers then add these files to their Windows Update cache, and then the updates are installed.
  11. I have included a series of screenshots below to show the whole the process. Upon completion we have the overall content logged to the ‘All Messages’ column, with detailed information in the ‘Local Agent’ and ‘Remote Agent’ logs.

    The computer that is running BatchPatch will copy the most recently published WsusScn2.cab offline scan file that was downloaded in an earlier step to the target host.
    BPCopyingWsusScn2ToTarget

    BatchPatch instructs the target host to perform a search for available updates against the WsusScn2.cab file, which is why the target host does not require internet access to perform its search.
    BPSearching

    The list of available updates on the target host is copied back to the BatchPatch console. Since the updates were all previously downloaded to BatchPatch’s local cache directory, BatchPatch proceeds to copy the required updates to the target host.
    BPCopying

    After the updates have been copied to the target host, the target host must move the files to its Windows Update cache.
    BPCaching

    When the caching process completes, the installation is finally ready to be executed.
    BPInstalling

    After installation, the target host is rebooted and the process is complete.
    BatchPatchOfflineModeDownloadInstallRebootAllMessagesLog
Posted in Blog, General, Tutorials | Tagged , , , | Comments closed

Using BatchPatch In ‘Offline Mode’ When BatchPatch Has Internet Access

When cached mode is enabled, the computer that is running BatchPatch will download updates for all target computers directly to its local cache directory. Target computers will not individually download their own updates from Microsoft or a WSUS. Instead BatchPatch will distribute updates to target computers from its cache. The advantage of cached mode in this case is that it can save internet bandwidth if updates would normally be downloaded from Microsoft’s public server. The reason for the bandwidth savings is because BatchPatch will download only one copy of each update, which it can then distribute infinitely to target computers, rather than needing every single target computer to download its own copy of each available update.

Cached mode can also be used in conjunction with offline mode, which enables an administrator to apply Windows Updates to computers that don’t have internet access or access to a managed update server such as WSUS. For more on the various ways that you can use ‘cached mode’ and ‘offline mode’ please see: Cached Mode and Offline Updates

This tutorial demonstrates how to use BatchPatch in offline mode to download and install updates on multiple computers. In this example the computer that runs BatchPatch is required to have internet access, but target computers do not need internet access.

In this tutorial, the computer that runs BatchPatch will instruct all target computers to perform an offline search for updates against the offline scan file that Microsoft publishes monthly. The list of available updates from each target computer is transferred back to the BatchPatch computer, and then BatchPatch downloads a single copy of all available updates to its local repository. After it downloads the updates, it copies them to the target computers and initiates the installation process.

  1. Enable cached mode and offline mode. Go to Tools > Settings > Windows Update, and then check the box to enable cached mode as well as the box to enable offline mode. Also set the Local update cache directory to a folder on your computer that has enough free space to store numerous Windows Update files. The amount of space required completely depends on how many updates need to be applied to target computers, the size of each update, the number of different operating systems you are deploying to, and whether or not you choose to retain cached files after they have been distributed to target computers. When cached mode and offline mode have been enabled, indicators are placed in the upper-right corner of the BatchPatch window.
    BatchPatchToolsSettingsOfflineMode
  2. In the same Tools > Settings > Windows Update window, also take note that the Server Selection option is disabled/grayed-out. This is because when cached mode and offline mode are both enabled, target hosts will perform an offline search for updates against the offline scan file that Microsoft publishes each month. The target hosts will then report back to BatchPatch with their lists of available updates. BatchPatch will then download the updates from Microsoft’s public server according to the information provided in the offline scan file for each available update.
  3. Add hosts to the BatchPatch grid using File > Add hosts…
    BatchPatchAddHostsOfflineMode
  4. Highlight the host(s) and select the desired action. For the sake of this example let’s assume we want to download and install updates and then reboot the target if a reboot is required to complete the updates installation. So, we select Actions > Windows Updates > Download and install updates + reboot if required
    BatchPatchDownloadAndInstallUpdatesOfflineMode
  5. I have included a series of screenshots below to show the whole the process. Upon completion we have the overall content logged to the ‘All Messages’ column, with detailed information in the ‘Local Agent’ and ‘Remote Agent’ logs.

    The computer that is running BatchPatch will download the most recently published WsusScn2.cab offline scan file from Microsoft and then copy it to the target host.
    BPCopyingWsusScn2ToTarget

    BatchPatch instructs the target host to perform a search for available updates against the WsusScn2.cab file, which is why the target host does not require internet access to perform its search.
    BPSearching

    The list of available updates on the target host is copied back to the BatchPatch console, and BatchPatch proceeds to download the updates to its local cache directory using its own internet connection.
    BPDownloading

    Once the updates have been downloaded to BatchPatch’s local cache, BatchPatch then copies the updates to the target host.
    BPCopying

    After the updates have been copied to the target host, the target host must move the files to its Windows Update cache.
    BPCaching

    When the caching process completes, the installation is finally ready to be executed.
    BPInstalling

    After installation, the target host is rebooted and the process is complete.
    BatchPatchOfflineModeDownloadInstallRebootAllMessagesLog
Posted in Blog, General, Tutorials | Tagged , , , | Comments closed

Using BatchPatch in ‘Cached Mode’

When cached mode is enabled, the computer that is running BatchPatch will download updates for all target computers directly to its local cache directory. Target computers will not individually download their own updates from Microsoft or a WSUS. Instead BatchPatch will distribute updates to target computers from its cache. The advantage of cached mode in this case is that it can save internet bandwidth if updates are being downloaded from Microsoft’s public server. The reason for the bandwidth savings is because BatchPatch will download only one copy of each update, which it can then distribute infinitely to target computers, rather than needing every single target computer to download its own copy of each available update.

Cached mode can also be used in conjunction with offline mode, which enables an administrator to apply Windows Updates to computers that don’t have internet access or access to a managed update server such as WSUS. For more on ‘cached mode’ and ‘offline mode’ usage, please see: Cached Mode and Offline Updates

This tutorial demonstrates how to use BatchPatch in cached mode to download and install updates on multiple computers. In this example all computers are required to have internet access. The computer that runs BatchPatch will instruct all target computers to perform an online search for updates. The list of available updates from each target computer is transferred back to the BatchPatch computer, and then BatchPatch downloads a single copy of all available updates to its local repository. After it downloads the updates, it copies them to the target computers and initiates the installation process.

  1. Enable cached mode. Go to Tools > Settings > Windows Update, and then check the box to enable cached mode. Also set the Local update cache directory to a folder on your computer that has enough free space to store numerous Windows Update files. The amount of space required completely depends on how many updates need to be applied to target computers, the size of each update, the number of different operating systems you are deploying to, and whether or not you choose to retain cached files after they have been distributed to target computers. When cached mode has been enabled, an indicator is placed in the upper-right corner of the BatchPatch window.
    BatchPatchToolsSettingsWindowsUpdateCachedMode
  2. In the same Tools > Settings > Windows Update window, also take note of the Server Selection option. When cached mode is enabled but offline mode is disabled, target hosts will perform an online search for updates against the selected server. The target hosts will then report back to BatchPatch with their lists of available updates. BatchPatch will then download the updates from the same location that is configured in the Server Selection setting.
  3. Add hosts to the BatchPatch grid using File > Add hosts…
    BatchPatchAddHostsCachedMode
  4. Highlight the host(s) and select the desired action. For the sake of this example let’s assume we want to download and install updates and then reboot the target if a reboot is required to complete the updates installation. So, we select Actions > Windows Updates > Download and install updates + reboot if required
    BatchPatchDownloadAndInstallUpdatesCachedModeMenuItem
  5. I have included a series of screenshots below to show the whole process. Upon completion we have the overall content logged to the ‘All Messages’ column, with detailed information in the ‘Local Agent’ and ‘Remote Agent’ logs. In this case the local agent was responsible for downloading updates to the cache directory and then copying the updates to the target machine. The remote agent was responsible for moving the updates into the Windows Update cache and then installing the updates on the target host. In the final screenshot below we can see the ‘All Messages’ log content. I have not included screenshots of the other local or remote agent logs simply because they are too large to view in a meaningful way within a small screenshot.
    BatchPatchCachedModeSearching
    BatchPatchCachedModeDownloading
    BatchPatchCachedModeCopying
    BatchPatchCachedModeCaching
    BatchPatchCachedModeInstalling
    BatchPatchCachedModeDownloadInstallRebootAllMessagesLog
Posted in Blog, General, Tutorials | Tagged , , , , | Comments closed

Using BatchPatch To Remotely Install Windows Updates

This tutorial illustrates how to use BatchPatch in its default configuration to remotely install Windows Updates on your computers. If you prefer a video tutorial, please check out this link: Remotely Installing Windows Updates – Video Tutorial.

Please review the Getting Started page as well as the Authentication Details page to get acquainted with the prerequisites for BatchPatch to work smoothly in your environment.

  1. Examine and optionally modify the Windows Update settings in BatchPatch. Go to Tools > Settings > Windows Update. In the Server Selection field, select the location you want target computers to search for updates. Selecting Default / Managed will instruct target computers to search for updates in whatever location they are already configured to search. This can be your local WSUS server or Microsoft’s public update server. If you instead select Windows Update or Microsoft Update, target computers will ignore/bypass their own configurations and instead search Windows Update or Microsoft Update. Windows Update includes only operating system updates. Microsoft Update includes operating system updates plus updates for other Microsoft applications. Note, before you can use Microsoft Update you must opt-in to the service. Use Actions > Windows Update > Opt-in…, which is equivalent to manually launching the Windows Update GUI on each target computer and opting-in to the Microsoft Update service.
    BatchPatchWindowsUpdateSettings
  2. Add hosts to the BatchPatch grid using File > Add hosts…
    BatchPatchAddHosts
  3. Highlight the host(s) and select the desired action. For the sake of this example let’s assume we want to download and install updates and then reboot the target if a reboot is required to complete the updates installation. So, we select Actions > Windows Updates > Download and install updates + reboot if required
    BatchPatchWindowsUpdateActionMenuItem
Posted in Blog, General, Tutorials | Tagged , , , | Comments closed

BatchPatch New Build – 20140908

Hey guys/gals – I just wanted to inform you of the new build we posted last week. There were a number of minor bug fixes, updates to logging and error reporting, plus a few functionality enhancements. Also, note that in the next month or so we will be publishing another release with a much more significant addition that we’re really excited about. Stay tuned for more on that. In the meantime, please see below for a description of the additions in the currently published build.

New ‘Tools > Settings > Windows Update’ server selection options: Default, Windows Update, and Microsoft Update

Previously if you wanted to bypass your default/managed WSUS server to search for updates directly on Microsoft’s public server, you couldn’t specify whether you wanted to use Windows Update or Microsoft Update. However, now we’ve given you the option to use any of the 3 search locations. Note that ‘Windows Update’ includes only updates for Windows operating systems. ‘Microsoft Update’ not only includes updates for Windows operating systems but also includes updates for other non-OS Microsoft products/applications. The ‘Default/Managed’ option will tell BatchPatch to use the target computer’s existing configuration to determine where to search for updates. This means that if the target machine is configured via GPO or manually configured to search for updates on a WSUS server, then that is what will be used. Or if the target machine is configured to use ‘Windows Update,’ then that is what BatchPatch will use. We know that quite a few of you will be pleased with this addition. Note that in order to use Microsoft Update you must first “opt-in” to the Microsoft Update service. You can do this using Actions > Windows Updates > Opt-in.
Settings-WindowsUpdateOptions

New option to Restart service by name

This action is available under Actions > Services/processes. This means you no longer have to execute ‘Stop service’ followed by ‘Start service.’ Now you can simply execute ‘Restart service.’
RestartServiceActionsMenuItem

Improved logging and error reporting

We are continuing to improve the logging and error reporting to be easier to digest and more explicative.

Bug fixes and other minor updates

We’ve fixed numerous other bugs, and there are a number of other minor updates included in this release. Many of the updates will enable us to better provide upcoming functionality. We have some exciting stuff in the works for the next release, so stay tuned.

Posted in Blog, General | Tagged , , , , , | Comments closed

Remote Script Deployment – Install Multiple .MSU Files in a Single Action on Remote Computers

One of the common questions we receive is “How does one go about deploying and installing multiple updates to offline computers?” If you’re looking for a way to apply Windows Updates to detached network environments or to environments that don’t have access to a WSUS or the internet, take a look at BatchPatch’s Cached Mode and Offline Update features. While it will address the bulk of requirements that most users have for deploying Windows Updates to computers that do not have access to the internet or a WSUS server, there is still an open question of how does one go about deploying multiple .MSU files to a computer without having to do a separate BatchPatch deployment for each .MSU file.


  1. Prepare the script. In this example we are going to install 5 .MSU files in succession, with a single script that will be deployed with BatchPatch. I’ve already downloaded the 5 .MSU files from Microsoft. They are stored in a folder on my computer called “5_MSU_Files.” Additionally, I’ve created a batch file called “Install_Multiple_MSU_Files.cmd” which is included in the same directory. Note the directory contents and the script contents below:
    Install_Multiple_MSU_Files_Batch
    MSU_Files_In_A_Folder
  2. Prepare the deployment. Select Actions > Deploy software/patch/script/regkey etc > Create/modify deployment. Note that after we select the Install_Multiple_MSU_Files.cmd in the first field, we also check the box to “Copy entire directory contents in addition to the specified file.”
    Deploy_Multiple_MSU_Files
  3. Execute the deployment. When we click the ‘Execute’ button, BatchPatch will copy the script file along with the 5 .MSU files to the target computer’s working directory. BatchPatch will then remotely execute the script, which will install the 5 update files sequentially.
    Deployment_exit_code_0
  4. That’s all there is to it. As you can see, the process is actually pretty simple. Now of course when we installed these updates we used the /norestart option, so now that the script completed, we will want to finalize the installation by rebooting the target machine. We can do this using the Actions > Reboot option in BatchPatch.

Posted in Blog, General, Tutorials | Tagged , | Comments closed

Remotely Uninstall Windows Updates From Multiple Computers

Over the past couple of weeks there’s been a lot of press about problematic Windows Updates causing stability issues for many users. As such, Microsoft recommends that users uninstall the offending updates. We think it’s a good idea for all users to remove these updates even if they haven’t experienced any specific issues that many users encountered as a result of installing them.

You can read more about Microsoft’s recommendations here: https://support.microsoft.com/kb/2982791

The updates that should be removed are:

  • KB2982791
  • KB2970228
  • KB2975719
  • KB2975331

Using BatchPatch to Remove Individual Windows Updates, by KB ID, from Windows 7/2008R2 and newer OSes:

The good news is that BatchPatch makes it very easy to remove individual Windows Updates from multiple computers simultaneously. You may want to first scan your computers to see which ones have the offending updates installed.

The first three steps here are not absolutely necessary/required for our particular needs at the moment, but it’s good to know that we can search for update history on our machines to verify if they even have the offending updates installed in the first place, so I’ll run through what that looks like.

Optional: Scan Machines to Retrieve the List of Installed Updates

  1. Highlight your hosts in the grid, and then select Actions > Windows Updates > Generate consolidated report of update history
    GenerateConsolidatedReportOfUpdateHistoryA
  2. Select the date range that you want to include in the search. Optionally, if you’re looking for specific updates, you may enter them in the field provided, so that the results output includes only the particular updates in question. However, you don’t need to specify updates at this point and may simply search for all installed updates instead, which is what I’ve done in the screenshot below.
    GenerateConsolidatedReportOfUpdateHistoryB
  3. You can see the results for my search in the screenshot below. In this case, none of the offending updates are installed on my lab VM. However, we’ll move forward and uninstall one of the updates that is installed, so that you can see how it’s done.
    GenerateConsolidatedReportOfUpdateHistoryC

Required: Uninstall the Offending Updates:

  1. The test machine that I’m using in the lab here does NOT have any of the offending updates from a couple of weeks ago installed, so for the sake of this example I’ve selected to uninstall KB972270. When you’re removing updates from your own computer, you simply need to specify the KB ID for the update that you want to remove. Select Actions > Windows Updates > Uninstall individual update
    UninstallIndividualUpdateA
  2. Enter the KB ID that you want to remove.
    UninstallIndividualUpdateB
  3. Click ‘OK’ to proceed with the uninstallation

Using BatchPatch to Remove Individual Windows Updates, by KB ID, from Windows XP/2003:

Windows XP and 2003 do not support WUSA.exe, so we use an alternate method to remove individual updates from these older OSes:

  1. Highlight your hosts and select Actions > Execute remote process/command > Create/modify remote command 1
    UninstallIndividualUpdateRemoteCommandA
  2. The command that we execute is formatted as follows:
    C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe /quiet /norestart
    UninstallIndividualUpdateRemoteCommandB
  3. Click ‘Execute’ to proceed with the uninstallation
Posted in Blog, General, Tutorials | Tagged , , , | Comments closed

Remotely Install Only a Subset of Available Windows Updates

Sometimes you might need or want to only install a specific handful (or more) of updates on remote computers, rather than installing all of the updates that are available for those computers. With BatchPatch we provide a few different ways to accomplish this task.

Method 1:

View a list of available updates, and then select or deselect a checkbox for each update that you want (or don’t want) to install. Then execute the update installation for the only the updates that you selected.

  1. Please review the following tutorial: Filter Which Available Updates Are Included Or Excluded When Downloading Or Installing Windows Updates
    2016-03-08 14_37_57-Individual Update Selection

Method 2:

Create a list of updates to be installed on target computers, and then execute the update installation for only the updates specified in the list.
(For a video demo instead of method 2, please see Installing Specific Updates on 20 Remote Computers Simultaneously – Video Demo.)

  1. Let’s start by checking the target host(s) to see what updates are available to install. Highlight the host(s) and then select Actions > Windows Updates > Check for available updates
  2. We can see in the screenshot below that there are 37 updates available on our target host. I’ve expanded the ‘Remote Agent Log’ column by middle-clicking on it, so that we can see the list of available updates.
    CheckForAvailableUpdates
  3. For the sake of this tutorial, let’s select 3 of the available updates to install. We’ll use KB2956575, KB2920189, and KB2964736.
  4. Select Actions > Windows Updates > Filter which updates are included or excluded when downloading/installing > Include specific updates (textual)
  5. Copy the KB IDs for the three updates into the provided field, with one KB per line. Then save the list. We do not strictly have to use KB IDs because the update filtering is actually done by comparing the title of the update to the entries in our list. If an available update’s title contains the text of an entry in our list, it will be installed. However, generally speaking, to guarantee uniqueness in our entries, it’s always best to use KB number whenever possible so that we don’t end up installing more updates than we actually want to install. For example, if we simply entered “Security update for Windows” in the list, then any available update that has “Security update for Windows” in its title would end up getting installed, which is not what we want in this case.
    CreateModifyListOfSpecificUpdatesForDownloadInstallation
  6. Now that are list of specific updates has been saved, the last thing left to do is install the updates. I will select Actions > Windows Updates > Download and install updates + reboot if required
  7. After the task completes, we can review the ‘Remote Agent Log’ column again to see that only the 3 specific updates were installed on the target host.
    ReviewInstalledUpdates

Method 3:

Create a list of updates to hide on target computers, hide only those specific updates, and then install all remaining visible updates.

  1. In this method, instead of first selecting the specific updates that we want to install, we instead first select all of the updates that we want to exclude. Let’s start by checking the target host(s) to see what updates are available to install. Highlight the host(s) and then select Actions > Windows Updates > Check for available updates
  2. We can see in the screenshot below that there are 34 updates available on our target host. I’ve expanded the ‘Remote Agent Log’ column by middle-clicking on it, so that we can see the list of available updates.
    CheckForAvailableUpdates2
  3. In this example, let’s select 4 of the available updates to exclude by hiding. This means that after we hide 4 updates, we’ll have 30 leftover to install. Let’s hide KB2962409, KB2967917, KB2971239, and KB2981655.
  4. Select Actions > Windows Updates > Hide/unhide updates > Create/modify list of specific updates for hiding
  5. Copy the KB IDs for the four updates into the provided field, with one KB per line. We do not strictly have to use KB IDs because the update filtering is actually done by comparing the title of the update to the entries in our list. If an available update’s title contains the text of an entry in our list, it will be installed. However, generally speaking, to guarantee uniqueness in our entries, it’s always best to use KB number whenever possible so that we don’t end up hiding more updates than we actually want to hide. For example, if we simply entered “Security update for Windows” in the list, then any available update that has “Security update for Windows” in its title would end up getting hidden, which is not what we want in this case.
    CreateModifyListOfSpecificUpdatesForHiding
  6. Click on the ‘Execute’ button. The four updates in our list will be hidden on the target host, leaving the other 30 updates available. We can examine the ‘Remote Agent Log’ column once again to confirm this.
    ReviewHiddenUpdates
  7. The last step is to install all of the remaining 30 updates. We can do this by selecting Actions > Windows Updates > Download and install updates + reboot if required. Only the visible updates will be installed. The hidden updates will remain hidden indefinitely, though we can unhide them at any time in the future if we want/need to install them.

    IMPORTANT NOTE ABOUT HIDING UPDATES:It’s important to note that Microsoft can effectively unhide an update that you have previously hidden simply by republishing it at a future date. That said, if you hid an update on target computer at some point in the past days/weeks/months, it’s always good when starting a new session to first check for available updates to make sure that a previously hidden update that you still do not want to be installed has not been republished and unhidden by Microsoft in between your last session and your current session.
Posted in Blog, General, Tutorials | Tagged , | Comments closed