BatchPatch is NOT Susceptible to the Log4j Vulnerability

By Scott | Published: December 27, 2021

Since we continue to get a lot of emails asking if BatchPatch is affected by the Log4j vulnerability, I wanted to just take this moment to let everyone know that BatchPatch does not use any Java whatsoever. It is not susceptible to the Log4j vulnerability.

Posted in Blog, General | Comments closed

Remote Windows Update and Reboot for Multiple Computers

By Scott | Published: December 20, 2021

In BatchPatch you can trigger the Windows Update and reboot process on numerous computers all at the same time. Select the desired target computers in the grid, and then click on ‘Actions > Windows updates > Download and install updates + reboot if required‘

If you want this to occur automatically every month at a scheduled time, you can instead create a scheduled task to do the same thing. Select Actions > Task scheduler > Create/modify scheduled task

To make the task recurring, choose the desired recurrence option. If you want to have your recurring monthly Windows Update task coincide with Microsoft’s Patch Tuesday, which is the second Tuesday of the month, then you can use the Monthly (2nd Tuesday) + X days option. If your monthly maintenance window is always scheduled for the Saturday that comes after Patch Tuesday, then you can use Monthly (2nd Tuesday) + 4 days, for example.

When you have set your task to do what you want (in my example I’ve again chosen the standard Windows Update option to Download and install updates + reboot if required, you’ll need to enable the scheduler by clicking on the red clock/timer icon in the upper right corner of the BatchPatch window. It will turn green when it’s clicked on, indicating that it’s enabled.

Now, what if you want the task to be able to run even if the computer is not logged on and BatchPatch is not open and visible? For that you’ll need to enable the BatchPatch run-as-service feature. Click on Tools > Run BatchPatch as a service. You can then install the BatchPatch service, which will run always when the computer is on. Any grids that you create can then be sent to run in the service instance so that your scheduled tasks in those grids will be executed regardless of whether or not someone is actually logged on and looking at the BatchPatch console.

And what if you want to do more than just run a standard Windows Update download/install/reboot operation? What if you want to have that actually execute a few times to ensure that after the reboot occurs that no additional updates are waiting to be installed? (We’ve all seen times where in Windows, after you install Windows updates and reboot, all of a sudden more/new updates are available for installation. For that you can use the BatchPatch Job Queue. The job queue enables you to execute multiple actions in a row on a target computer. To launch the job queue, select your desired target hosts in the grid, and then choose Actions > Job Queue > Create/modify job queue. You can then choose a set of steps that you want each host to execute. In this case I’ve added the following steps to my job queue:

Download and install updates + reboot always
Wait 10 minutes
Wait for host to be detected online
Download and install updates + reboot if required

You can then save the job queue by using the double right arrow button (>>). Once it has been saved, it can be executed as a scheduled task, so you can just go back to your scheduled task window and change the drop-down menu to point to the job queue that you just created. In my case I titled the queue Update + reboot cycle, so I see it listed in the drop-down menu under “Job queue (Update + reboot cycle)”

Of course the job queue can be something much more complex, if desired, because maybe you need to execute a certain script before or after the Windows Update process, or perhaps you need to perform a software deployment, or maybe something else altogether. Nearly anything you can think of can probably be included in the job queue, and it can also do branching and looping, or terminate based on specified conditions. There are lots of options.

What if you want to orchestrate an entire sequence where numerous computers are involved, but where maybe certain computers execute certain tasks, other computers execute various other tasks, and there are uptime/downtime dependencies such that some computers have to be online while other computers are offline. Maybe, for example, you can only have a single computer be offline at any given time in a sequence that involves numerous computers, and you need to be able to trigger the Windows update and reboot process on all machines, in an automated fashion? You can use the Advanced Multi-Row Queue Sequence for that. Check out some tutorials here:

Orchestrating Complex Update And Reboot Sequences Involving Multiple Target Computers

Posted in Blog, General, Tutorials | Tagged remote windows update | Comments closed

Advanced Multi-Row Queue Sequence – Staggering Updates and Reboots in a Group of Computers

By Scott | Published: November 30, 2021

One of the most common uses of the BatchPatch ‘Advanced Multi-Row Queue Sequence‘ functionality is to stagger the updates and reboots in a group of computers so that only a single computer or a subset of computers in the group will perform their updates and reboots at any given time. That is, administrators often need to update and reboot machines in a particular order, allowing only certain machines to be updated or go offline at any one time. Today I’m going to illustrate how that is accomplished in a BatchPatch multi-row queue sequence.

For the sake of this example, let’s assume that you have 9 total target computers, and the goal is to update and reboot 3 at a time. The first group of 3 will update and reboot, but the second group of 3 will not be allowed to begin until after all of the first 3 machines have completed their updates and reboots, and are back online. The third group of 3 will not be allowed to begin their process until after the second group of 3 has completely finished and all machines have come back online.

Create the job queue that you want each target computer to execute when its turn comes in the sequence. For the sake of this example I am going to apply the same job queue to each target computer, but you may configure an individual queue for each target, if desired. It’s completely up to you.
Here is what my job queue looks like. I’m going to use the ‘Apply queue to row(s) without executing‘ button to apply this queue to all of the selected rows in my BatchPatch grid. Since the goal in this example is to make sure that each subset of 3 computers will be back online before the next subset begins processing, I’ve ended the queue with ‘Wait for host to be detected online‘. This means that the queue won’t be complete for any given target until the target is confirmed to be online after its update and reboot steps.
Now that our queues are configured for each target host, we’ll setup the advanced multi-row queue sequence. First, I’ve added a sequence execution row to the grid. This is a special row that we create for the sole purpose of being able to execute/begin the sequence. The host name for the execution row can be whatever you want. For this example I’ve simply entered a new host called ‘ExecRow’ which will serve as the execution row for my sequence. I don’t have any computers here called ‘ExecRow’. This row is strictly for BatchPatch to use for the advanced multi-row queue sequence.
Now I’ll select my ‘ExecRow’ and click ‘Actions > Job Queue > Create/modify advanced multi-row queue sequence‘. I’ve titled my sequence “NovemberTutorial”. I use the ‘Create Sequence Execution Row‘ option for my ‘ExecRow’. Then I click “Apply values to selected row(s)“.
For the 9 hosts that will be members in this sequence, now I just need to apply the sequence position number to each of them. The sequence name must be the same as what I used for the execution row. It’s the sequence name that tells BatchPatch which execution row applies to which target computers, so you must apply the same sequence name to all target hosts that you want to be part of the same sequence. In the screenshot below you can see that I have applied the sequence name “NovemberTutorial” to all of the rows. I have set a sequence position number 1 to host1, host2, host3. I have set the sequence position number 2 to host4, host5, host6. And I have set the sequence position number 3 to host7, host8, host9.
Now all we have to do is execute the sequence. To execute the sequence on-demand, simply select the ‘ExecRow’ and use ‘Actions > Job Queue > Execute advanced multi-row queue sequence‘. However, if you want to setup the sequence to run as a scheduled task, simply select the ‘ExecRow’ and use ‘Actions > Task Scheduler > Create/modify scheduled task‘. Then in the task drop-down menu use ‘Execute advanced multi-row queue sequence‘. And of course make sure to enable the scheduled using the timer/clock icon in the upper right corner of the BatchPatch window (green is enabled, red is disabled).

When the sequence executes, first host1, host2, and host3 will begin their patch and reboot process. After all three machines have completed their job queues and come back online after the wait period we specified in the job queue, host4, host5, and host6 will begin processing. When those three complete and are all back online, then finally host7, host8, and host9 will begin processing.

Posted in Blog, General, Tutorials | Tagged queue, sequence, stagger | Comments closed

Excluding Specific Dates or Date Ranges from Recurring Scheduled Tasks

By Scott | Published: November 11, 2021

We recently received a question from a user who has scheduled tasks configured in BatchPatch to run with recurrence set to ‘Monthly (2nd Tuesday) + 4 days‘. He asked how he can effectively exclude the entire month of December so that none of the recurring scheduled tasks run in December.

Now, of course if you don’t want your recurring scheduled tasks to run during December you can simply disable the scheduler, or if you’re running grids inside the BatchPatch service instance then you can remove grids from the service instance altogether during December. However, there’s another option to accomplish the same goal that enables you to add exclusion dates or date ranges to your job queues. Effectively speaking your scheduled tasks will still run, but they can be configured to execute job queues that will terminate or branch based on DateTime.

For example, let’s say that your existing recurring scheduled task executes a job queue with the following steps:

1. Label:BEGIN
2. Check for available updates (with filters applied)
3. If most recent 'Check for available updates (with filters applied)' found 0 updates, terminate queue
4. Download and install updates + reboot always
5. Wait 10 minutes
6. Wait for host to be detected online
7. Goto label:BEGIN

And let’s say you want to modify the job queue so that no updates are ever installed during December 2021. You could change it to the following steps, where you terminate the queue if the queue runs during December:

1. Label:BEGIN
2. If this step is executed between DateTimeBEGIN <Wednesday - 12/01/21 - 00:00> and DateTimeEND <Friday - 12/31/21 - 23:59>, terminate queue
3. Check for available updates (with filters applied)
4. If most recent 'Check for available updates (with filters applied)' found 0 updates, terminate queue
5. Download and install updates + reboot always
6. Wait 10 minutes
7. Wait for host to be detected online
8. Goto label:BEGIN

Or alternatively you could do something like this instead, where instead of terminating the queue if it runs in December you have the queue goto:DECEMBER, so that you can perform whatever actions you want to perform if the queue runs in December:

1. Label:BEGIN
2. If this step is executed between DateTimeBEGIN <Wednesday - 12/01/21 - 00:00> and DateTimeEND <Friday - 12/31/21 - 23:59>, goto label:DECEMBER
3. Check for available updates (with filters applied)
4. If most recent 'Check for available updates (with filters applied)' found 0 updates, terminate queue
5. Download and install updates + reboot always
6. Wait 10 minutes
7. Wait for host to be detected online
8. Goto label:BEGIN
9. Label:DECEMBER
10. <Insert desired December actions here>

Posted in Blog, General, Tutorials | Tagged exclude, exclusion, recurrence, scheduled task, windows update | Comments closed

BatchPatch Error -198: Failed to add scan package service. HRESULT -XXXXXXXXXX

By Scott | Published: October 12, 2021

When you’re running BatchPatch in offline mode, instead of performing the search for Windows Updates against a local WSUS or against Microsoft’s public Windows Update or Microsoft Update servers, BatchPatch utilizes the WsusScn2.cab file that Microsoft publishes each month in order to perform the offline scan for Windows Updates. The WsusScn2.cab is a large file that contains various metadata for Windows Updates. When an offline scan for Windows Updates is performed, Windows is able to use the WsusScn2.cab file to determine which updates are available for download/installation on the scanned computer, without needing direct access to a WSUS, Windows Update, or Microsoft Update.

In BatchPatch, if there is some type of problem with loading the WsusScn2.cab file for scanning, BatchPatch will throw an error that looks like this:

Error -198: Failed to add scan package service. HRESULT: -XXXXXXXXXX

The -198 number simply indicates that the issue was with loading the WsusScn2.cab file. The HRESULT value is the actual reason code that the Windows Update Agent reports to BatchPatch. You’ll be able to see this in the BatchPatch ‘Remote Agent Log’ column after the failure/error occurs. Or you can view it later in the target computer’s BatchPatch.log file, which by default would be located in C:\Program Files\BatchPatch\BatchPatch.log on the target computer.

Various HRESULT values that might be seen with a -198 error

Error -198: Failed to add scan package service. HRESULT: -2146762487

0x800B0109 -2146762487 CERT_E_UNTRUSTEDROOT
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider

We are aware of two possible causes for this error. 1: You are trying to apply updates to an operating system that Microsoft is no longer supporting and delivering updates for. If you have not purchased an Extended Security Update (ESU) package from Microsoft, you might need to do this. 2: You have not installed the most recent servicing stack update (SSU). Try manually applying the most recent SSU for the OS in question, and it’s likely this error will go away.

Error -198: Failed to add scan package service. HRESULT: -2147024894

0x80070002 -2147024894 ERROR_FILE_NOT_FOUND
The System cannot find the file specified

This should only happen if the WsusScn2.cab file itself does not exist on the target computer when the scan is initiated. For the most part, BatchPatch wouldn’t/shouldn’t allow the scan to be attempted to if the file isn’t there, but there may be some edge cases where it could still occur.

Error -198: Failed to add scan package service. HRESULT: -2147024674

0x8007000D The data is invalid. ERROR_INVALID_DATA

Error -198: Failed to add scan package service. HRESULT: -2145124303

0x80240031 -2145124303 WU_E_INVALID_FILE
File is not of the right format

Either of the above HRESULT values indicate that there is probably an issue (presumably some type of file corruption) with the WsusScn2.cab file that is being used. Either there was corruption when downloading it from Microsoft to the BatchPatch computer, or the corruption is being introduced when the BP computer copies it to the target computers. If you manually inspect the WsusScn2.cab file (both on the BP computer in the local cache directory as well as on a couple of targets) you can right click on the file and view ‘Properties > Digital Signatures’ as a way to verify that the file has not been corrupted/modified. If the Digital Signatures tab is present with signatures listed, then the file is good. If it is not present or if it is present but with no signatures listed, then the file is not good. If it’s not good then you can delete the WsusScn2.cab file and let BatchPatch re-download it. If it’s good on the BP computer but not good on the targets, then the corruption is being introduced during the file copy from the BP computer to the targets. This would be unusual, but it would imply that you might be having issues with your network, or it could be just a one-off copy issue.

Error -198: Failed to add scan package service. HRESULT: -2147024784

0x80070070 -2147024784 ERROR_DISK_FULL
There is not enough space on the disk

This error is self-explanatory. You need to free up some disk space on the target computer and then try again.

Error -198: Failed to add scan package service. HRESULT: -2147023838

0x80070422 -2147023838 ERROR_SERVICE_DISABLED

Typically this means a required service is disabled. Start by verifying that the following services are started:

BITS service (Background Intelligent Transfer Service)
Windows Update service
Windows Modules Installer service

Error -198: Failed to add scan package service. HRESULT: -2146885619

0x8009200D -2146885619 Crypt_E_Bad_Msg
Not a cryptographic message or the cryptographic message is not formatted correctly

Error -198: Failed to add scan package service. HRESULT: -2146869232

0x80096010 -2146869232 Trust_E_Bad_Digest
The digital signature of the object did not verify

Either of the above HRESULT values indicate that the WsusScn2.cab file that you have is likely failing a signature validity check, so you should re-download it and try again. We have seen a number of times when Microsoft first publishes a new WsusScn2.cab file on Patch Tuesday each month, where for some period of time soon after publishing, the WsusScn2.cab file is missing a digital signature when it’s downloaded from Microsoft’s servers. The Windows Update Agent will not load a WsusScn2.cab file that doesn’t haven’t a valid signature. If you manually inspect the WsusScn2.cab file (both on the BP computer in the local cache directory as well as on a couple of targets) you can right click on the file and view ‘Properties > Digital Signatures’ as a way to verify that the file has not been corrupted/modified. If the Digital Signatures tab is present with signatures listed, then the file is good. If it is not present or if it is present but with no signatures listed, then the file is not good. If it’s not good then you can delete the WsusScn2.cab file and let BatchPatch re-download it. If it’s good on the BP computer but not good on the targets, then probably some corruption is being introduced during the file copy from the BP computer to the targets. This would be unusual, but it would imply that you might be having issues with your network, or it could be just a one-off copy issue. If the file you are getting directly from Microsoft does not contain a digital signature, wait a while and then try to download it again from scratch.

Posted in Blog, General, Tutorials | Tagged 198, offline mode, offline updates, wsusscn2.cab | Comments closed

BatchPatch Job Queue Branching Based on DateTime or Number of Iterations

By Scott | Published: September 30, 2021

In the most recent release of BatchPatch (August 2021), we added some new special items to the Job Queue that will give you more flexibility in your queues.

If this step is executed X time(s), terminate queue
If this step is executed X time(s), goto label:Y
If this step is executed between DateTimeBEGIN and DateTimeEND, terminate queue
If this step is executed between DateTimeBEGIN and DateTimeEND, goto label:X
If this step is executed between DayOfWeekBEGIN and DayOfWeekEND, terminate queue
If this step is executed between DayOfWeekBEGIN and DayOfWeekEND, goto label:X
If this step is executed between TimeOfDayBEGIN and TimeOfDayEND, terminate queue
If this step is executed between TimeOfDayBEGIN and TimeOfDayEND, goto label:X

One of the ways that we anticipate these options will be used is with recurring tasks that have to be executed multiple times throughout the day on a given day. For example, let’s say that you want or need to execute a script or command or actions of some kind on target computers every 15 minutes throughout the day, every day. However, you only want the command to be executed between the hours of 9AM and 5PM. You can do something like what I’ve done here, where I’ve setup my BatchPatch job queue to run on a 9AM daily recurring scheduled task. The queue itself is a loop that runs every 15 minutes to execute my custom remote command, but in each iteration of the loop, there’s a check to see what time it is. If the loop executes any time after 5PM (17:00) and before 9AM (09:00), the queue is terminated. This has the effect of running the queue loop every 15 minutes throughout each day but only during the 9AM to 5PM window. Outside of those hours, the queue is terminated until the next day when the scheduled task kicks off anew at 9AM. With all of the new special queue items shown above, you can see there’s now quite a bit of flexibility that wasn’t previously available. While we know that not everyone will need or care about these options, we expect there will be a good number of people who make great use of them.

Posted in Blog, General, Tutorials | Tagged job queue, task scheduler | Comments closed

BatchPatch System.MissingMethodException When Running New Version 20210827

By Scott | Published: September 2, 2021

In the most recent release of BatchPatch that we published last week (version 20210827), we finally began enforcing the requirement to have .NET version 4.6 installed on the computer where BatchPatch is run. If you don’t have .NET version 4.6 on the BatchPatch computer, BatchPatch will not be able to launch successfully. If you encounter this issue, you will likely see something similar (though not necessarily identical) to the screenshots displayed below.

If you were able to successfully run previous BatchPatch versions without issue, but then you tried the latest BatchPatch version 20210827 and discovered that it won’t even launch successfully, you probably have a .NET version issue. Please check which .NET version is installed on your BatchPatch system, and then install .NET v4.6 if you’re still running an older version of .NET.

Posted in Blog, General | Tagged .NET version, System.MissingMethodException | Comments closed

Can BatchPatch Be Used to Install Windows Updates through SCCM?

By Scott | Published: August 25, 2021

One of the questions we occasionally receive from SCCM users is can BatchPatch install/apply the Windows Updates that are currently being presented to a computer through SCCM?

BatchPatch and SCCM?

There are a couple things that you need to know…

Windows Updates that are being offered to a computer to a computer through SCCM are only available inside of SCCM. BatchPatch does not have the ability to directly access or control your SCCM server. BUT… you still have options. See below.

Executing SCCM Client Triggers from within BatchPatch

If you check in BatchPatch under ‘Tools > SCCM Client Triggers‘ you will see a list of all available SCCM trigger commands. Each of these can be individually executed through BatchPatch on target computers that have SCCM installed. However, depending on your needs and your environment, utilizing these triggers may not be sufficient, so you may need to do more. See below.

Using BatchPatch in an Existing SCCM Environment

If you want to be able to use BatchPatch in an environment that already uses SCCM, you have a couple of options. If you have SCCM in your environment, it’s important to understand that SCCM utilizes its own WSUS server. Once SCCM takes control of a WSUS during the setup/configuration of SCCM, that WSUS can no longer be used by a non-SCCM application like BatchPatch to search for updates. So, if your target computers are configured via Group Policy to search for updates on a WSUS that is controlled by your SCCM server, then if you use BatchPatch to initiate a scan for available updates, and if BatchPatch’s ‘Server Selection‘ setting is set to ‘Default/Managed‘, BatchPatch will always report ‘No applicable updates‘. In order to use BatchPatch with a WSUS, the WSUS must be independent. It cannot be linked to or controlled by SCCM.

So, if you want to use BatchPatch in an environment that is already using SCCM, you can either set BatchPatch’s ‘Server Selection‘ under ‘Tools > Settings > Windows Update‘ to Windows Update or Microsoft Update

Or… you can setup a secondary WSUS server that is independent and not touched by or controlled by SCCM. However, this creates a minor secondary challenge. Since Group Policy is generally the method that is used to configure target computers to point to a particular WSUS server (in the case of SCCM environments, the Group Policy setting will point to the WSUS server that has been configured for use by SCCM), you would need a way to tell a target computer to utilize your secondary independent WSUS, at will. The idea here would be that since your target computers all look to the WSUS that is controlled by SCCM (let’s call that the SCCM-WSUS from now on), you need a way to temporarily modify that setting to tell target computers to look at your independent WSUS during the time that you are using BatchPatch. While you could modify your Group Policy to point to the independent WSUS, use BatchPatch, and then set it back to the SCCM-WSUS afterward, another option that is probably more seamless would be to directly modify the GPO’s underlying registry values on target computers, rather than touching the GPO itself. In BatchPatch you could actually setup a job queue to do the following all in a single click:

Step 1. Update the target computer registry to point to your independent WSUS
Step 2. Execute your BatchPatch Windows Update actions
Step 3. Reboot the target, which will trigger a Group Policy refresh, which will have the effect of wiping out the registry values that you put in place so that they get set back to the values that the Group Policy Object contains. Alternatively instead of rebooting the target, you can send a new command to the target computer to update the registry values again to point back to the SCCM-WSUS.

At the following link we demonstrate how to setup a BatchPatch job queue with “pre” and “post” commands that will handle what I just described above.

Using An Alternate WSUS Server For BatchPatch Windows Update Actions

Using An Alternate WSUS Server For BatchPatch Windows Update Actions Part 2

Posted in Blog, General, Tutorials | Tagged alternate wsus, sccm, WSUS | Comments closed

Remotely Deploying Windows Feature Update Version 21H1 to Numerous Computers

By Scott | Published: August 10, 2021

Standard Deployment of Windows Feature Update 21H1 (and other feature updates/upgrades) with BatchPatch in Default/NON-Cached Mode

Generally speaking, if you are using the April 2020 or newer release of BatchPatch, you can install Windows feature updates with the normal ‘Windows Update’ actions in BatchPatch, when running the application in standard, non-cached, mode. To do so, you’ll just need to make sure to select the ‘Upgrades’ classification, as illustrated in the screenshot below:

After the ‘Upgrades’ classification is selected you can simply use ‘Actions > Download available updates‘ with ‘Actions > Install downloaded updates‘ or you can just use ‘Actions > Download and install updates‘. As long as you are operating in standard, non-cached mode, feature updates will install (assuming, of course, that you currently have a feature update showing in the list of available updates for a given computer).

Feature Update Deployment Considerations – Update deferral policies, and when an update is only available for “seekers”

However, please note there are a couple of other things to consider when installing feature updates using the standard non-cached mode BatchPatch update method.

First, the target computer needs to have the desired feature update showing as one of the available updates for the computer. If you’re expecting to see it but you don’t, it could be because the update is not approved on your WSUS yet, or it could be that you have a Group Policy or Local Policy setting configured for the target computer that is set to defer the installation of feature updates for a specified amount of time. Check your Group Policy configuration for any deferral policies enabled under the following locations:

Computer Configuration > Administrative Templates > Windows Components > Windows Update

Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business

Second, depending at what stage of the rollout Microsoft currently is at the time you attempt to deploy a given feature update, they might not yet be delivering the update through the normal Windows Update channel. They typically begin the rollout with delivery only to “seekers”. This is the name they give to people who manually click on the ‘Check for updates’ button in the Windows Control panel. “Seeker” updates are visible in BatchPatch when you click on ‘Search for only optional software updates‘

Alternate Deployment of Windows Feature Update 21H1 (and other feature updates/upgrades) with BatchPatch (can be used for deployment to offline target computers)

If you need to deploy feature update version 21H1 (or any other feature update) to target computers that don’t have internet access and don’t have WSUS access and therefore cannot be targeted in standard, non-cached mode (that is to say, you are using either online cached mode or offline cached mode with those target computers, and you are not able to disable cached mode and switch to standard mode for whatever reason), then you may use the method outlined below to deploy the feature update to those computers.

Download (from Microsoft) the Windows 10 Media Creation Tool. Use this link to download the media creation tool directly from Microsoft. The media creation tool web page contains two options: ‘Update now’ and ‘Download tool now’. Do NOT click on ‘Update now’ because doing so would begin the update process on your computer. Since your goal is to deploy the upgrade to remote computers, instead please click on ‘Download tool now’ to save the tool to your computer. Important: When you run the media creation tool per the next step, you will not have a choice to select which Windows 10 version is used to create the media. This means that if Microsoft releases a new version of Windows 10 when you follow this tutorial, you’ll end up with that version as opposed to the specific version 21H1 that is available today at the time of this writing. If you have another channel for obtaining media for a particular Windows 10 version, such as with a Microsoft volume licensing agreement, you may use that instead of obtaining the media through the steps outlined in this tutorial.

Open the Windows 10 Media Creation Tool that you saved to your computer a moment ago. IMPORTANT: It is NOT sufficient to run the tool as administrator (using right-click, run-as) from an account that is logged on without admin privileges. For reasons that aren’t fully clear, Microsoft requires that you *must* actually be logged on to the computer with an account that is a member of the local administrators group. Otherwise the tool will not allow you to run it to completion. We don’t know why Microsoft made the tool work this way, but it’s what they did, and presumably it’s for a good reason. So go ahead and log on to your computer as a local administrator, and then launch the tool and follow the rest of this tutorial.

Create installation media with the Windows 10 Media Creation tool. When the tool is running you’ll have to choose between two options to either ‘Upgrade this PC now’ or ‘Create installation media (USB flash drive, DVD, or ISO file) for another PC. Choose the option to ‘Create installation media…’ and then click ‘Next’.

Choose your language / edition / architecture, and then click ‘Next’.

Choose the media type. For the sake of this tutorial please select ISO as the type of media. After clicking the ‘Next’ button you will be prompted to choose a location on your computer to store the ISO file that will be downloaded/created. Select a directory/location to store the file, and then do something else until the download finishes. Depending on your connection speed it could take some time because it’s something like 4GB in size.

Extract the ISO contents to a location on your local disk. After the download in the previous step is complete you’ll have to locate the file on disk and then extract the contents of the ISO to another folder. I like to use the free 7-zip for this process, but you may use whichever tool you prefer: 7-zip. After the ISO has been extracted you’ll have all of the installation files for the feature update in a single folder.

Configure a deployment in BatchPatch. In BatchPatch click on Actions > Deploy > Create/modify. In the window that pops up for the Deployment configuration, click on the ‘…’ button to browse to the location where your ISO contents have been extracted to, and then choose the ‘setup.exe’ file as the file to deploy. Make sure to check the boxes for ‘Copy entire directory‘ and ‘Leave entire directory‘ . After the initial deployment phase is complete, the target Windows operating system will end up rebooting itself at least once but usually more than once while it completes the setup and installation for the feature update. As the process runs it needs to have access to all of the files that BatchPatch will deploy. Having both of the aforementioned boxes checked will ensure that when the upgrade process runs on the target computer that it has all of the files it needs for the installation. After the feature update has completed 100% you may delete the files from the target computer(s). However, please make absolutely sure that the upgrade process is 100% completed before you delete any files. In your BatchPatch deployment configuration screen you will also need to add the following parameters:
/auto upgrade /quiet

Execute the feature upgrade deployment. In the deployment configuration that you created in the in the previous step you can execute the deployment immediately for the currently selected rows in the grid by just clicking on the ‘Execute now’ button. Alternatively you may save the deployment for future usage by clicking the double-right-arrow button ‘>>’. If you choose to save the deployment instead of executing it immediately, then when you are ready to deploy the feature update to your remote computers, you can begin the process by selecting those computers in the BatchPatch grid and then clicking on Actions > Deploy > Execute deployment, and then choose the deployment that you just created/saved.
You should expect that the entire process will take a bit of time to complete. BatchPatch has to copy the whole installation directory to the target computer(s), which contains several gigabytes, before it can execute the upgrade process on the target(s). IMPORTANT: After the BatchPatch deployment completes for a given target computer BatchPatch will show Exit Code: 0 (SUCCESS). However, this just means that the BatchPatch deployment component is finished. The Windows feature update/upgrade process will take additional time. Please be patient and let the target computer continue upgrading and rebooting as many times as is needed. It might take a little while with multiple automatic reboots before everything is 100% finished.

NOTE: We have had a couple of reports from users who received the following error:
Deployment: Error: Access to the path '\\TargetComputer\C$\Program Files\BatchPatch\deployment\autorun.inf' is denied.
We don’t know the exact cause of this issue, but it seems likely to somehow be related to the way that permissions were applied or inherited during the ISO extraction process. If you encounter this error it can be resolved quickly and easily by just deleting the autorun.inf file from the source directory after extracting the ISO contents but before executing the actual deployment for any target computers. This will prevent the problematic file from ever being copied to target computers. As such, the error will not occur.

Posted in Blog, General, Tutorials | Tagged 21H1, deployment, feature updates, Windows 10 | Comments closed

BatchPatch Tweaks And Tips You’ll Probably Never Need Or Use

By Scott | Published: July 9, 2021

OK, so the title to this posting is a bit jocular and misleading because I’m going to include some things in this posting that you will want to use if you don’t already know about them. 🙂

Middle-click tooltip: This is a MUST-USE feature that some users never discover. Every field in the BatchPatch grid can be easily viewed by middle-clicking or scroll-wheel-clicking on it. If you aren’t already using middle-click, you should start. I honestly can’t imagine using BatchPatch without it.
Moving the middle-click tooltip: You can re-position the middle-click tooltip when it’s visible by right-clicking anywhere directly on it and then dragging it to a new location. Middle-click drag and ctrl-left-click will also both work.

Never show certain columns: If you want to prevent a certain column from ever being made visible by BatchPatch, you can do that under ‘Tools > Settings > Grid preferences > Never automatically display or unhide specific columns’

Generate a BatchPatch project file (.bpp): If you want to be able to launch numerous .bps files into the same grid all at once, you can use a BatchPatch project file to do that, if desired. A BatchPatch project file (.bpp) is actually just a regular text file with a .bpp extension that contains a list of full filepaths to .bps files. If you load a .bpp file into BatchPatch, all the .bps files listed in the .bpp file will be loaded as separate tabs. When you generate a .bpp file using the ‘File > Generate project file option’, BatchPatch will create a .bpp file that contains the saved filepath of each open tab in that instance of BatchPatch. If a tab has never been saved to a .bps file, it will not be included in the .bpp file.

Generate a BatchPatch template file (.bpt): A BatchPatch template file (.bpt) is simply a BatchPatch state file (.bps) that has been named with a
.bpt extension instead of .bps. When you load a .bpt file into BatchPatch, BatchPatch will not allow you to save over it. When you try to save it, you will instead be forced to ‘Save As’ a .bps file. The ‘File > Generate template file’ option will enable you to create a .bpt file from any grid in BatchPatch. However, you may also create your own .bpt files by simply renaming existing .bps files with the .bpt extension.

Row template configurator: Use this feature to automatically apply values to new rows that are added to a grid. If you want to auto-populate certain fields when you add a host to the grid, such as scheduled tasks, you can use this feature to do that. Using the Row Template Configurator

Synchronize a grid with Active Directory: If you want to have a BatchPatch grid that always has the same list of hosts as a given OU or Group in Active Directory, you can use this feature to do that. Synchronize a BatchPatch Grid with Active Directory OUs and Groups

Transparency: You can make the entire BatchPatch application transparent, if desired. Use the little arrow icon on the lower right corner of the BatchPatch window to access a slider that lets you adjust the level of transparency.

Alternating rows backcolor intensity: Use the little arrow icon in the lower left corner of the window to access a slider that lets you adjust the intensity of the alternating rows backcolor.

Grid borders: You can use CTRL-B toggle between 4 different styles for column and row borders in the grid.

Host status ping thread: Independently of the normal grid operations, it’s possible to turn on a separate ping thread that will color the LED orb icons, based on the status of the host. Click the LED image header column to turn it on or off. Middle-click the image header column to clear all rows LED image icon. Middle-click a particular row’s LED image icon to disable/remove/skip it from the check. Shift-middle-click a particular row’s LED image icon to turn it blue.
Multi-grid mode: ‘View > Multi-grid mode’