BatchPatch New Version Released February 2022

By Scott | Published: February 17, 2022

We published a new build last week.

Aside from a number of bug fixes and miscellaneous enhancements, the key features that we added to this build are:

  • Row filter:
    We know a lot of people have wanted this for a long time, so hopefully you’ll all get some good use out of it. In previous versions of BatchPatch you were able to use CTRL+F or Grid > Find in grid… to search either the current grid or all open grids for a particular string. This has its uses but also its limitations, especially when dealing with large grids and lots of matches for your search query. However, now in the current version of BP you can use the row filter (CTRL+H or Grid > Filter rows in grid…) to quickly hide all rows that don’t match the filter string. You can select the column that you want to filter on, and you can enter a search string. So for example, if you want to only show hosts that contain ‘5’ in the host name, you can do it like this:



    Each grid/tab has its own filter, and each grid’s filter will stay enabled until you clear it. However, filters are not saved, so they don’t persist beyond the current session. If you close a grid and then re-open it at a later date, no filter will be applied until/unless you apply a new filter string to the grid. We assume that in most cases people will filter a grid temporarily in order to select/highlight just certain rows that match their filter string, then perform an action, and then clear the filter.

  • Propagate changes made to saved job queues and deployments:
    When we originally designed BatchPatch, we felt it was important for grid files (.bps files) to be portable. The challenge in doing this is that if you save a job queue or a deployment in a scheduled task for a given host or group of hosts, the entire job queue or deployment configuration has to be saved to that grid separately from the repository of saved configurations that exist for the BatchPatch installation for that logon account. Only then could a grid be transferred to a different installation of BP without breaking. However, doing this means that if you subsequently update the configuration for a job queue or a deployment, the changes have to be applied to the grid in every place where that job queue or deployment was previously saved. Prior to the current release of BP, you had to do that manually. However, now when you make changes to a job queue or deployment configuration, you are immediately prompted to apply those changes to any grids where those job queues or deployments were previously saved. We hope this relieves a lot of pain for users who are regularly modifying the contents of their scheduled task job queues and deployments.

Posted in Blog, General, Tutorials | Tagged , , , | Comments closed

Overview for Remotely Deploying Software and Specifying Default Settings

By Scott | Published: February 2, 2022

Today I’m not going to perform a specific deployment. Instead I want to provide a conceptual overview for new users who ask us “How do I remotely install software on multiple computers and configure that software to have specific default settings for the end user?” Similarly, “How do I remotely install software to multiple computers and select or choose all of the settings/configurations that I normally do with my mouse and keyboard during an standalone software installation on a single computer?” These are two common questions that we receive in one form or another, so let me spend some time going over the basic process for deployment.

  1. Silent/quiet installation switch for command line or remote deployment:

    99.9% of software packages have the ability to be installed “silently” or “quietly.” When we talk about a ‘silent’ or ‘quiet’ installation, what we mean is that the software can be installed without any dialog boxes to click through and with no options to choose nor filepaths to specify etc. A silent/quiet installation can be run at a command prompt with a single command that launches the entire process. Once the process has been started, no interaction is needed from anyone to complete the process. You simply have to wait for it to complete, and that’s it. When you want to perform a software deployment in BatchPatch, the first thing you need to do is figure out how to execute a silent/quiet installation for the particular package that you are deploying. We have an entire posting dedicated to explaining this purpose, so please start by reading that carefully.

    2. The summary version is that you’ll check the vendor’s documentation and/or review the built-in help in the actual deployment package itself to determine what the proper silent installation switch is. In many cases it’s just a /q or /s, but every package is different, so please review the aforementioned link for instructions on discovering it for your package.

  2. Configuration or “answer” settings file for controlling the installation settings in a silent installation:

    Many software products are just a very simple, straightforward installation where all you need to do is execute them silently without worrying about anything else. They’ll install to the default location with the default settings, and you’re good to go. However, in an enterprise setting you might have the need to deploy a more complex package or a package where you need to specify non-default settings. How do you accomplish this if the software is being deployed silently, such that you can’t click through any dialog boxes to modify installation settings for the end users? The way this is typically done is through the use of a configuration file which is sometimes referred to as an answer file or an unattended setup file. Generally speaking, if a software package provides the ability for you to perform a silent installation, and if that software package has settings that a user might want or need to change, then it will also provide a way for you to modify those settings during the silent installation through an unattended setup file or similar. Consult the software vendor’s documentation to see the specifics for the package that you are deploying. Below I’ll provide a generic/conceptual overview of what it might look like.

  3. Conceptual overview for performing the silent installation with an unattended setup file:

    As mentioned previously, the most important thing you need to do before you get started is consult the vendor’s documentation for the specific software that you’re going to deploy. The way it typically works is something like this. Let’s say you have a software package called SoftwarePackage.exe. That SoftwarePackage.exe is going to have a built-in silent or quiet switch, which for the sake of this example we’ll assume is /q. If you execute a command line installation of the package you would use

    C:\PathOnYourComputerWherePackageIsLocated\SoftwarePackage.exe /q

    to perform a silent installation of the software with its default settings on the local computer. In the case where the vendor provides instructions for creating an unattended setup file so that various settings can be configured at installation time even though the installer is running silently, you’ll probably have a separate file that you have created, which for the sake of this example we’ll just call ‘UnattendedSetup.xml’. Inside of that XML file (your particular software vendor might not use XML format at all– It might be a simple text file or something else altogether) you’ll choose the desired settings per the instructions from your vendor. Furthermore, the vendor’s documentation will include instructions for how SoftwarePackage.exe is going to know about UnattendedSetup.xml. Typically it would be through the use of another command line switch. So, for example, you might find that your silent installation with unattended setup will be executed something like this:

    C:\PathOnYourComputerWherePackageIsLocated\SoftwarePackage.exe /q /u:UnattendedSetup.xml

    Remember, I am just giving you a generic example here. Assume that your software package will be different, and make sure to consult your package’s documentation. OK, once you have determined the proper syntax for executing your silent installation with unattended setup, you need to actually perform that installation from the command prompt of a test computer. You need to make sure that it works properly for your needs. When you have it working properly with the correct syntax for your package, and when you have verified that your settings are applied to the installation as needed (by launching the software after command line installation on your test computer to make sure that the software is configured in the way that you expect), ONLY THEN you should convert that command line installation into a remote deployment in BatchPatch.

  4. Performing the remote deployment in BatchPatch:

    5. Once you have tested your command line installation syntax at the command prompt of a test computer, and you have everything working so that the installation is executed with just a single command, and so that all of your settings are applied during the installation so that when the software is launched for the first time on the computer by the end user it has all of the settings configured in exactly the way that you need or want, then you’re ready to move that command line installation over to BatchPatch for remote deployment to numerous computers. Remember for the sake of this example we have the following syntax for our package to be installed silently at the command line with unattended setup:

    C:\PathOnYourComputerWherePackageIsLocated\SoftwarePackage.exe /q /u:UnattendedSetup.xml

    The way that we would then deploy this with BatchPatch is we would put both UnattendedSetup.xml and SoftwarePackage.exe into C:\PathOnYourComputerWherePackageIsLocated on the BatchPatch computer. Then in BatchPatch we would create a deployment with ‘Actions > Deploy > Create

    In the BatchPatch ‘Deploy’ window we would specify the path to our SoftwarePackage.exe, and in the parameters field would we add our parameters. In the screenshot below you can see that our ‘Command to execute’ is essentially the same as the command that we used when we tested the installation manually at the command prompt earlier. Also note that I have ticked the box ‘Copy entire directory‘. This is important! What this means is that BatchPatch will not only copy SoftwarePackage.exe but will also copy the entire contents of C:\PathOnYourComputerWherePackageIsLocated to the target computer, including the UnattendedSetup.xml file that’s in there. This is required so that when the command line silent installation is performed remotely on the target computer, the target computer will be able to find the UnattendedSetup.xml in the same directory as the SoftwarePackage.exe. At this point you’ll want to test your remote deployment on a single machine before you deploy it to numerous computers. You can either use the “Execute now” button or you can save the deployment with the double-right-arrow for executing at a later time.

Posted in Blog, General, Tutorials | Tagged , , , | Comments closed

Don’t Forget the Middle-Click Scroll-Wheel Button on your Mouse!

By Scott | Published: January 21, 2022

Sometimes I am reminded that we always have some users who aren’t aware of the middle-click functionality in BatchPatch. This is a bit sad because it’s probably the most clicked button by the rest of us who use BatchPatch on a regular basis. Soooooooooooo… this is just a reminder to everyone that almost every cell in BatchPatch can be middle-clicked to reveal its contents. This helps immensely to get a quick view of what’s going on with a particular target host without having to launch a whole new window.

Middle-Click (Scroll Wheel Mouse Button Click) Example:

For example, in the screenshot below I pressed the middle-click button on my mouse directly on top of the ‘All Messages’ cell in the first row of the grid (this is usually the scroll wheel on your mouse, which some people do not know is actually also a button that you can press!)

Viewing an Entire Row’s Contents:

Yes, you can also double-click a row or press the R key or click ‘Actions > Expand row(s)‘ to view its entire contents in a separate window (see below screenshot), but it’s not as quick and clean as using the middle-click in cases where you just want or need to quickly view the contents of an individual cell.

Viewing the Entire Contents of Multiple Rows:

You can alternatively select multiple rows, and then press the R key or click ‘Actions > Expand row(s)

OK! That’s all for today. Happy BatchPatching!

Posted in Blog, General, Tutorials | Tagged , , | Comments closed

Deploy Microsoft Edge to Multiple Computers

By Scott | Published: January 4, 2022

The process for deploying Microsoft Edge with BatchPatch to numerous computers, simultaneously, is essentially the same as with any standard deployment. In this case we will download the Edge .MSI installer, and then create a BatchPatch deployment, and then execute it against our target computers. The process is illustrated step by step below.

  1. Download the .MSI installer file for Microsoft Edge. Choose the appropriate installer file for your needs. For this example I have downloaded the x86 installer to deploy to a Windows 2012R2 test machine in our lab. The Microsoft Edge .MSI installer file is available at this page.

  2. Create a BatchPatch deployment. Click Actions > Deploy > Create/modify deployment

  3. In your deployment window you only need to select the location of your .MSI file. No additional configuration is required. The screenshot below is what it should look like.

  4. When the deployment has been created you can use the double-right-arrow button to save it for later, or you can execute it now by clicking the Execute now button (just first make sure the desired target hosts are highlighted in your BatchPatch grid)

  5. You can see below I have deployed it successfully to my test target machine. I also verified on the target computer that it’s now installed/available.
Posted in Blog, General, Tutorials | Tagged , | Comments closed

BatchPatch is NOT Susceptible to the Log4j Vulnerability

By Scott | Published: December 27, 2021

Since we continue to get a lot of emails asking if BatchPatch is affected by the Log4j vulnerability, I wanted to just take this moment to let everyone know that BatchPatch does not use any Java whatsoever. It is not susceptible to the Log4j vulnerability.

Posted in Blog, General | Comments closed

Remote Windows Update and Reboot for Multiple Computers

By Scott | Published: December 20, 2021

In BatchPatch you can trigger the Windows Update and reboot process on numerous computers all at the same time. Select the desired target computers in the grid, and then click on ‘Actions > Windows updates > Download and install updates + reboot if required

If you want this to occur automatically every month at a scheduled time, you can instead create a scheduled task to do the same thing. Select Actions > Task scheduler > Create/modify scheduled task

To make the task recurring, choose the desired recurrence option. If you want to have your recurring monthly Windows Update task coincide with Microsoft’s Patch Tuesday, which is the second Tuesday of the month, then you can use the Monthly (2nd Tuesday) + X days option. If your monthly maintenance window is always scheduled for the Saturday that comes after Patch Tuesday, then you can use Monthly (2nd Tuesday) + 4 days, for example.

When you have set your task to do what you want (in my example I’ve again chosen the standard Windows Update option to Download and install updates + reboot if required, you’ll need to enable the scheduler by clicking on the red clock/timer icon in the upper right corner of the BatchPatch window. It will turn green when it’s clicked on, indicating that it’s enabled.

Now, what if you want the task to be able to run even if the computer is not logged on and BatchPatch is not open and visible? For that you’ll need to enable the BatchPatch run-as-service feature. Click on Tools > Run BatchPatch as a service. You can then install the BatchPatch service, which will run always when the computer is on. Any grids that you create can then be sent to run in the service instance so that your scheduled tasks in those grids will be executed regardless of whether or not someone is actually logged on and looking at the BatchPatch console.

And what if you want to do more than just run a standard Windows Update download/install/reboot operation? What if you want to have that actually execute a few times to ensure that after the reboot occurs that no additional updates are waiting to be installed? (We’ve all seen times where in Windows, after you install Windows updates and reboot, all of a sudden more/new updates are available for installation. For that you can use the BatchPatch Job Queue. The job queue enables you to execute multiple actions in a row on a target computer. To launch the job queue, select your desired target hosts in the grid, and then choose Actions > Job Queue > Create/modify job queue. You can then choose a set of steps that you want each host to execute. In this case I’ve added the following steps to my job queue:

Download and install updates + reboot always
Wait 10 minutes
Wait for host to be detected online
Download and install updates + reboot if required

You can then save the job queue by using the double right arrow button (>>). Once it has been saved, it can be executed as a scheduled task, so you can just go back to your scheduled task window and change the drop-down menu to point to the job queue that you just created. In my case I titled the queue Update + reboot cycle, so I see it listed in the drop-down menu under “Job queue (Update + reboot cycle)

Of course the job queue can be something much more complex, if desired, because maybe you need to execute a certain script before or after the Windows Update process, or perhaps you need to perform a software deployment, or maybe something else altogether. Nearly anything you can think of can probably be included in the job queue, and it can also do branching and looping, or terminate based on specified conditions. There are lots of options.

What if you want to orchestrate an entire sequence where numerous computers are involved, but where maybe certain computers execute certain tasks, other computers execute various other tasks, and there are uptime/downtime dependencies such that some computers have to be online while other computers are offline. Maybe, for example, you can only have a single computer be offline at any given time in a sequence that involves numerous computers, and you need to be able to trigger the Windows update and reboot process on all machines, in an automated fashion? You can use the Advanced Multi-Row Queue Sequence for that. Check out some tutorials here:

Orchestrating Complex Update And Reboot Sequences Involving Multiple Target Computers

Posted in Blog, General, Tutorials | Tagged | Comments closed

Advanced Multi-Row Queue Sequence – Staggering Updates and Reboots in a Group of Computers

By Scott | Published: November 30, 2021

One of the most common uses of the BatchPatch ‘Advanced Multi-Row Queue Sequence‘ functionality is to stagger the updates and reboots in a group of computers so that only a single computer or a subset of computers in the group will perform their updates and reboots at any given time. That is, administrators often need to update and reboot machines in a particular order, allowing only certain machines to be updated or go offline at any one time. Today I’m going to illustrate how that is accomplished in a BatchPatch multi-row queue sequence.

For the sake of this example, let’s assume that you have 9 total target computers, and the goal is to update and reboot 3 at a time. The first group of 3 will update and reboot, but the second group of 3 will not be allowed to begin until after all of the first 3 machines have completed their updates and reboots, and are back online. The third group of 3 will not be allowed to begin their process until after the second group of 3 has completely finished and all machines have come back online.

  1. Create the job queue that you want each target computer to execute when its turn comes in the sequence. For the sake of this example I am going to apply the same job queue to each target computer, but you may configure an individual queue for each target, if desired. It’s completely up to you.

    Here is what my job queue looks like. I’m going to use the ‘Apply queue to row(s) without executing‘ button to apply this queue to all of the selected rows in my BatchPatch grid. Since the goal in this example is to make sure that each subset of 3 computers will be back online before the next subset begins processing, I’ve ended the queue with ‘Wait for host to be detected online‘. This means that the queue won’t be complete for any given target until the target is confirmed to be online after its update and reboot steps.

  2. Now that our queues are configured for each target host, we’ll setup the advanced multi-row queue sequence. First, I’ve added a sequence execution row to the grid. This is a special row that we create for the sole purpose of being able to execute/begin the sequence. The host name for the execution row can be whatever you want. For this example I’ve simply entered a new host called ‘ExecRow’ which will serve as the execution row for my sequence. I don’t have any computers here called ‘ExecRow’. This row is strictly for BatchPatch to use for the advanced multi-row queue sequence.

  3. Now I’ll select my ‘ExecRow’ and click ‘Actions > Job Queue > Create/modify advanced multi-row queue sequence‘. I’ve titled my sequence “NovemberTutorial”. I use the ‘Create Sequence Execution Row‘ option for my ‘ExecRow’. Then I click “Apply values to selected row(s)“.

  4. For the 9 hosts that will be members in this sequence, now I just need to apply the sequence position number to each of them. The sequence name must be the same as what I used for the execution row. It’s the sequence name that tells BatchPatch which execution row applies to which target computers, so you must apply the same sequence name to all target hosts that you want to be part of the same sequence. In the screenshot below you can see that I have applied the sequence name “NovemberTutorial” to all of the rows. I have set a sequence position number 1 to host1, host2, host3. I have set the sequence position number 2 to host4, host5, host6. And I have set the sequence position number 3 to host7, host8, host9.

  5. Now all we have to do is execute the sequence. To execute the sequence on-demand, simply select the ‘ExecRow’ and use ‘Actions > Job Queue > Execute advanced multi-row queue sequence‘. However, if you want to setup the sequence to run as a scheduled task, simply select the ‘ExecRow’ and use ‘Actions > Task Scheduler > Create/modify scheduled task‘. Then in the task drop-down menu use ‘Execute advanced multi-row queue sequence‘. And of course make sure to enable the scheduled using the timer/clock icon in the upper right corner of the BatchPatch window (green is enabled, red is disabled).

    6. When the sequence executes, first host1, host2, and host3 will begin their patch and reboot process. After all three machines have completed their job queues and come back online after the wait period we specified in the job queue, host4, host5, and host6 will begin processing. When those three complete and are all back online, then finally host7, host8, and host9 will begin processing.

Posted in Blog, General, Tutorials | Tagged , , | Comments closed

Excluding Specific Dates or Date Ranges from Recurring Scheduled Tasks

By Scott | Published: November 11, 2021

We recently received a question from a user who has scheduled tasks configured in BatchPatch to run with recurrence set to ‘Monthly (2nd Tuesday) + 4 days‘. He asked how he can effectively exclude the entire month of December so that none of the recurring scheduled tasks run in December.

Now, of course if you don’t want your recurring scheduled tasks to run during December you can simply disable the scheduler, or if you’re running grids inside the BatchPatch service instance then you can remove grids from the service instance altogether during December. However, there’s another option to accomplish the same goal that enables you to add exclusion dates or date ranges to your job queues. Effectively speaking your scheduled tasks will still run, but they can be configured to execute job queues that will terminate or branch based on DateTime.

For example, let’s say that your existing recurring scheduled task executes a job queue with the following steps:

1. Label:BEGIN
2. Check for available updates (with filters applied)
3. If most recent 'Check for available updates (with filters applied)' found 0 updates, terminate queue
4. Download and install updates + reboot always
5. Wait 10 minutes
6. Wait for host to be detected online
7. Goto label:BEGIN

And let’s say you want to modify the job queue so that no updates are ever installed during December 2021. You could change it to the following steps, where you terminate the queue if the queue runs during December:

1. Label:BEGIN
2. If this step is executed between DateTimeBEGIN <Wednesday - 12/01/21 - 00:00> and DateTimeEND <Friday - 12/31/21 - 23:59>, terminate queue
3. Check for available updates (with filters applied)
4. If most recent 'Check for available updates (with filters applied)' found 0 updates, terminate queue
5. Download and install updates + reboot always
6. Wait 10 minutes
7. Wait for host to be detected online
8. Goto label:BEGIN

Or alternatively you could do something like this instead, where instead of terminating the queue if it runs in December you have the queue goto:DECEMBER, so that you can perform whatever actions you want to perform if the queue runs in December:

1. Label:BEGIN
2. If this step is executed between DateTimeBEGIN <Wednesday - 12/01/21 - 00:00> and DateTimeEND <Friday - 12/31/21 - 23:59>, goto label:DECEMBER
3. Check for available updates (with filters applied)
4. If most recent 'Check for available updates (with filters applied)' found 0 updates, terminate queue
5. Download and install updates + reboot always
6. Wait 10 minutes
7. Wait for host to be detected online
8. Goto label:BEGIN
9. Label:DECEMBER
10. <Insert desired December actions here>

Posted in Blog, General, Tutorials | Tagged , , , , | Comments closed

BatchPatch Error -198: Failed to add scan package service. HRESULT -XXXXXXXXXX

By Scott | Published: October 12, 2021

When you’re running BatchPatch in offline mode, instead of performing the search for Windows Updates against a local WSUS or against Microsoft’s public Windows Update or Microsoft Update servers, BatchPatch utilizes the WsusScn2.cab file that Microsoft publishes each month in order to perform the offline scan for Windows Updates. The WsusScn2.cab is a large file that contains various metadata for Windows Updates. When an offline scan for Windows Updates is performed, Windows is able to use the WsusScn2.cab file to determine which updates are available for download/installation on the scanned computer, without needing direct access to a WSUS, Windows Update, or Microsoft Update.

In BatchPatch, if there is some type of problem with loading the WsusScn2.cab file for scanning, BatchPatch will throw an error that looks like this:

Error -198: Failed to add scan package service. HRESULT: -XXXXXXXXXX

The -198 number simply indicates that the issue was with loading the WsusScn2.cab file. The HRESULT value is the actual reason code that the Windows Update Agent reports to BatchPatch. You’ll be able to see this in the BatchPatch ‘Remote Agent Log’ column after the failure/error occurs. Or you can view it later in the target computer’s BatchPatch.log file, which by default would be located in C:\Program Files\BatchPatch\BatchPatch.log on the target computer.

Various HRESULT values that might be seen with a -198 error

Error -198: Failed to add scan package service. HRESULT: -2146762487

0x800B0109 -2146762487 CERT_E_UNTRUSTEDROOT
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider

We are aware of two possible causes for this error. 1: You are trying to apply updates to an operating system that Microsoft is no longer supporting and delivering updates for. If you have not purchased an Extended Security Update (ESU) package from Microsoft, you might need to do this. 2: You have not installed the most recent servicing stack update (SSU). Try manually applying the most recent SSU for the OS in question, and it’s likely this error will go away.

Error -198: Failed to add scan package service. HRESULT: -2147024894

0x80070002 -2147024894 ERROR_FILE_NOT_FOUND
The System cannot find the file specified

This should only happen if the WsusScn2.cab file itself does not exist on the target computer when the scan is initiated. For the most part, BatchPatch wouldn’t/shouldn’t allow the scan to be attempted to if the file isn’t there, but there may be some edge cases where it could still occur.

Error -198: Failed to add scan package service. HRESULT: -2147024674

0x8007000D The data is invalid. ERROR_INVALID_DATA

OR

Error -198: Failed to add scan package service. HRESULT: -2145124303

0x80240031 -2145124303 WU_E_INVALID_FILE
File is not of the right format

Either of the above HRESULT values indicate that there is probably an issue (presumably some type of file corruption) with the WsusScn2.cab file that is being used. Either there was corruption when downloading it from Microsoft to the BatchPatch computer, or the corruption is being introduced when the BP computer copies it to the target computers. If you manually inspect the WsusScn2.cab file (both on the BP computer in the local cache directory as well as on a couple of targets) you can right click on the file and view ‘Properties > Digital Signatures’ as a way to verify that the file has not been corrupted/modified. If the Digital Signatures tab is present with signatures listed, then the file is good. If it is not present or if it is present but with no signatures listed, then the file is not good. If it’s not good then you can delete the WsusScn2.cab file and let BatchPatch re-download it. If it’s good on the BP computer but not good on the targets, then the corruption is being introduced during the file copy from the BP computer to the targets. This would be unusual, but it would imply that you might be having issues with your network, or it could be just a one-off copy issue.

Error -198: Failed to add scan package service. HRESULT: -2147024784

0x80070070 -2147024784 ERROR_DISK_FULL
There is not enough space on the disk

This error is self-explanatory. You need to free up some disk space on the target computer and then try again.

Error -198: Failed to add scan package service. HRESULT: -2147023838

0x80070422 -2147023838 ERROR_SERVICE_DISABLED

Typically this means a required service is disabled. Start by verifying that the following services are started:

BITS service (Background Intelligent Transfer Service)
Windows Update service
Windows Modules Installer service

Error -198: Failed to add scan package service. HRESULT: -2146885619

0x8009200D -2146885619 Crypt_E_Bad_Msg
Not a cryptographic message or the cryptographic message is not formatted correctly

OR

Error -198: Failed to add scan package service. HRESULT: -2146869232

0x80096010 -2146869232 Trust_E_Bad_Digest
The digital signature of the object did not verify

Either of the above HRESULT values indicate that the WsusScn2.cab file that you have is likely failing a signature validity check, so you should re-download it and try again. We have seen a number of times when Microsoft first publishes a new WsusScn2.cab file on Patch Tuesday each month, where for some period of time soon after publishing, the WsusScn2.cab file is missing a digital signature when it’s downloaded from Microsoft’s servers. The Windows Update Agent will not load a WsusScn2.cab file that doesn’t haven’t a valid signature. If you manually inspect the WsusScn2.cab file (both on the BP computer in the local cache directory as well as on a couple of targets) you can right click on the file and view ‘Properties > Digital Signatures’ as a way to verify that the file has not been corrupted/modified. If the Digital Signatures tab is present with signatures listed, then the file is good. If it is not present or if it is present but with no signatures listed, then the file is not good. If it’s not good then you can delete the WsusScn2.cab file and let BatchPatch re-download it. If it’s good on the BP computer but not good on the targets, then probably some corruption is being introduced during the file copy from the BP computer to the targets. This would be unusual, but it would imply that you might be having issues with your network, or it could be just a one-off copy issue. If the file you are getting directly from Microsoft does not contain a digital signature, wait a while and then try to download it again from scratch.

Posted in Blog, General, Tutorials | Tagged , , , | Comments closed

BatchPatch Job Queue Branching Based on DateTime or Number of Iterations

By Scott | Published: September 30, 2021

In the most recent release of BatchPatch (August 2021), we added some new special items to the Job Queue that will give you more flexibility in your queues.

  • If this step is executed X time(s), terminate queue
  • If this step is executed X time(s), goto label:Y
  • If this step is executed between DateTimeBEGIN and DateTimeEND, terminate queue
  • If this step is executed between DateTimeBEGIN and DateTimeEND, goto label:X
  • If this step is executed between DayOfWeekBEGIN and DayOfWeekEND, terminate queue
  • If this step is executed between DayOfWeekBEGIN and DayOfWeekEND, goto label:X
  • If this step is executed between TimeOfDayBEGIN and TimeOfDayEND, terminate queue
  • If this step is executed between TimeOfDayBEGIN and TimeOfDayEND, goto label:X

One of the ways that we anticipate these options will be used is with recurring tasks that have to be executed multiple times throughout the day on a given day. For example, let’s say that you want or need to execute a script or command or actions of some kind on target computers every 15 minutes throughout the day, every day. However, you only want the command to be executed between the hours of 9AM and 5PM. You can do something like what I’ve done here, where I’ve setup my BatchPatch job queue to run on a 9AM daily recurring scheduled task. The queue itself is a loop that runs every 15 minutes to execute my custom remote command, but in each iteration of the loop, there’s a check to see what time it is. If the loop executes any time after 5PM (17:00) and before 9AM (09:00), the queue is terminated. This has the effect of running the queue loop every 15 minutes throughout each day but only during the 9AM to 5PM window. Outside of those hours, the queue is terminated until the next day when the scheduled task kicks off anew at 9AM. With all of the new special queue items shown above, you can see there’s now quite a bit of flexibility that wasn’t previously available. While we know that not everyone will need or care about these options, we expect there will be a good number of people who make great use of them.

Posted in Blog, General, Tutorials | Tagged , | Comments closed