Forum Replies Created
-
AuthorPosts
-
dougModerator
Defender automatically installs definition updates daily on its own without BatchPatch. However, BatchPatch will also install definition updates when they are available and have not yet been installed by Defender. You would need the checkbox for ‘Include “Definition updates”‘ checked in the BatchPatch settings.
The client itself would be a software update, not a definition update. My guess is that Microsoft could deliver it under any of the update classifications ‘Critical’, ‘Security’, ‘Updates’, or ‘Update Rollups’ depending on the particular reason the update was published. Generally speaking in most cases you should leave all of the left-side update classification filter boxes checked in the BP settings.
dougModeratorI believe the 10/2016/2019 option will work for 11/2022 also. Please try it and let me know if it works or not. Thanks for highlighting. We need to update the GUI there.
dougModeratorBP has supported 11 for a long time now. I just checked the website and discovered that while we had updated the ‘System Requirements’ section on the ‘Download’ page months ago, we never updated the ‘System Requirements’ on the main/front/home page (until just now).
dougModeratorSee the ‘Access is denied’ section here
dougModeratorHave a look at the ‘Access is Denied’ section of this posting.
dougModeratorI would suggest that you just put the reg file on the BP computer and then deploy it from there.
dougModeratorIt looks like you showed the update in your WSUS console. You need to first make sure that the update is visible to the target computer when looking at the Windows Update control panel on the target computer. If the update is not visible to the target computer in the Windows Update control panel, then it won’t be visible in BatchPatch either. If the update is visible in the target computer Windows Update control panel but not in BatchPatch then you need to alter your ‘Search Preferences’ in BatchPatch.
1. You need to set the ‘Server Selection’ to ‘Default/managed’ so that BatchPatch uses your WSUS instead of Windows Update or Microsoft Update.
2. Generally speaking if you are using a WSUS to control which updates are presented to target computers, then in BatchPatch you’ll want to set your ‘Search Preferences’ to Software and Drivers (check boxes for both the ‘Search for software updates’ and ‘Search for driver updates’) so that BatchPatch can find any/all updates. The other search preferences such as ‘Important’ and ‘Recommended’ are for when you are not using a WSUS, and they will limit the updates to only the updates that fit in the ‘Important’ or ‘Recommended’ criteria, which may not be the case for your update or other updates that you approve in WSUS.
The ? help bubbles in the Settings window right side border provide further information.
dougModeratorI would expect the script to generally continue executing on the target computer in that case even if you were to close BatchPatch, but it’s certainly something that you can just test and see what happens.
dougModeratorSo, you’re executing a remote script that calls some KB .MSU files directly… Yes, in most cases if you close BatchPatch, the remote script execution that you describe will continue, but I can’t make any guarantees.
dougModeratorTools > Settings > Windows Update > Server Selection > Microsoft Update
dougModeratorYou’re welcome. I’m glad you got to the bottom of it!
-Doug
June 14, 2022 at 7:28 pm in reply to: -198: Failed to add scan package service. HRESULT: -2145124303 #13456dougModerator0x80240031 -2145124303 WU_E_INVALID_FILE
Something is wrong with the WsusScn2.cab file. Delete yours from your BatchPatch cache directory (as defined under ‘Tools > Settings > Windows Update > Local update cache directory’). Then use ‘Tools > Download Microsoft offline scan file’ to download a new one from Microsoft.
June 10, 2022 at 3:10 pm in reply to: CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability #13454dougModeratorThe link you pasted says you can use the following command to disable the MSDT URL Protocol:
reg delete HKEY_CLASSES_ROOT\ms-msdt /f
You can just put that command into a BatchPatch remote command to execute on target computers and delete that registry key.
dougModeratorThis is a C0000005 memory access violation error that is being returned when you attempt to run that. It’s not a BatchPatch error. It’s coming from your attempt to execute that syntax, which likely means that your syntax is not correct. And even if I just look at it without knowing anything about TITUS, I see you have “InstallClient_TCO=1 InstallClient_TCO=0” which seems very weird to assign both a 0 and 1 to the same InstallClient_TCO.
I would suggest you start by taking their recommended syntax and running it at the command line without using BatchPatch. Most likely it’s going to give you the same error at the command prompt, indicating that your syntax is no good.
Make sure you can get it working first at the command prompt before you try to put it into BatchPatch. If it can’t complete successfully at the command prompt, then it definitely isn’t going to work in BatchPatch. If it works at the command prompt but not in BatchPatch then there are two things to consider and check in BatchPatch:
1. The account that it’s running under… Make sure that you are using the same account to execute the command in BatchPatch that worked when executing it at the command prompt.
2. Check the remote execution context under ‘Tools > Settings > Remote Execution’ and try to execute it under ‘SYSTEM’. If no luck with SYSTEM, try to execute it using ‘Elevated token’ + ‘Interactive’. To be clear I’m saying that you would select BOTH ‘Elevated token’ and ‘Interactive’ at the same time.
dougModeratorYou’ll need to figure out what is different between your working machines and your non working machine. There is a permissions problem preventing BP from creating that directory.
dougModeratorUnder ‘Tools > Settings > Remote Execution’ there is a setting for ‘Remote working directory’ which defaults to C:\Program Files\BatchPatch . For everything I say below I will assume you have not changed this setting, but if you have changed it to a different location, then modify my suggestions accordingly.
BatchPatch is trying to create this directory on the target computer but isn’t able to because of a permissions problem. If you have not specified alternate logon credentials for the row in the BatchPatch grid, then BatchPatch uses integrated security and makes the connection to the target computer with the logon account that was used to launch the batchpatch.exe. This account needs to have permission to create the folder, or if you have specified alternate credentials for the row (Actions > Specify alternate logon credentials), then you would need to make sure that account has the permission. Under normal operating circumstances, the way this is accomplished is by adding the account to the local administrators group of the target computer. Normally that is the only thing that needs to be done. However, if you already have that account in the local admins group of the target computer, then it implies that specific folder permissions were modified in a way that is preventing the remote working directory from being created. So for example, maybe permission on C:\Program Files has been modified in a way that is preventing C:\Program Files\BatchPatch from being created. I can’t say for sure that this is what is happening as you’ll need to evaluate exactly what’s going on, but hopefully you get the idea of where to start looking. Also make sure that the account hasn’t expired etc.
dougModeratorPerhaps I misunderstood your first posting. And to be honest I’m not sure I understand what you’re describing in your second posting either. It’s unclear to me exactly what you are experiencing on your machines, so at this point I would need more details from you before I can give you a proper explanation of what is going on and how to resolve it. Can you try to describe again exactly what you are seeing occur in BatchPatch as compared to what you think that you should be seeing? Please be as descriptive as possible. Or if you can share screenshots and logs (HTML grid export would be very helpful), feel free to contact us directly via the contact page on our website for support via email instead of here on the forum.
dougModeratorOffline mode does not deliver the exact same set of updates that online mode delivers. This is explained more at the link below:
BatchPatch and the Windows Update Control Panel Report a Different Number of Available Updates
dougModeratorYes BatchPatch will work with child domains. The issue you are encountering is probably one of a couple/few things:
First let’s just consider syntax issues. Example proper syntax for this field is: domainControllerName
or
DC=myDomain,DC=com
or
domainControllerName/DC=myDomain,DC=comYour syntax does not match any of the above three examples because you have CN=domaincontroller,DC=child,DC=prod,DC=domain,DC=com
I would suggest you instead try each of these and see which one(s) work:
domaincontroller
or
DC=child,DC=prod,DC=domain,DC=com
or
domaincontroller/DC=child,DC=prod,DC=domain,DC=comMy guess is that right there will probably solve your issue. However, if it does not solve it, then I think you prob need to connect to a different domain controller. Basically if you specify a domain controller that is not a global catalog server then I think that could cause a referral to be returned. For this reason, it’s usually better to NOT specify a domain controller but instead just specify the domain (like in the second example above). However, there may be cases where this won’t work and where you need to specify a particular domain controller, in which case you probably need to make sure it is a global catalog server too because otherwise I think it will always return a referral due to it not containing the directory information to handle your LDAP request.
-Doug
dougModeratorThank you for your feedback and suggestions. We really appreciate it!
1: We’ll consider this
2: The sorting of the ‘All Messages’ column is based only one the visible first line of text that you can see in the grid, and it works properly in our tests. Maybe you could email us a screenshot that shows how it is sorting incorrectly for you? In the meantime we will also consider printing the file version info to a separate column
3: Please see ‘Grid > Filter rows in grid’. I think this is what you are asking about. It already exists. If this is not what you were asking, please clarify what you were asking about.
4: We’ll consider this
dougModeratorThere is not currently any such option.
dougModeratorThis is not currently possible. Before we would consider adding an option for this I’d be curious to understand why this would be valuable to you. When the email is sent the email itself has a date/time stamp just as all emails do, so what purpose is served by also putting the date/time into the subject line? Let me know your thoughts. Thanks.
dougModeratorIn that case, one other thing to consider is the basic multi-row queue sequence instead of the advanced. All rows still need to be in the same grid, but you can then just select all rows for a given computer and execute the basic sequence. Each row will execute its job queue one row at a time. Maybe this helps you. Maybe not. Good luck.
dougModeratorI know you said “Other than creating one job queue…” but I don’t understand why you’re looking for a different way. The way to handle this is with a single job queue that contains multiple deployments.
While the advanced multi-row queue sequence could actually also be used for this, it would just add additional complexity over the singular job queue method. To do the advanced multi-row queue sequence you would have to put put each row into a single grid (each row in the sequence would have the same host name, so you’d have multiple rows each with the same host name, and they’d have to go into the same grid because the sequence works in a single grid, not across grids), and then you would have to assign a different sequence position number to each row. Effectively, it would create the same result as putting all of the deployments into a single job queue, but it would do it with more complexity.
dougModeratorGo to ‘Tools > Settings > Remote Execution > Remote Execution Context > Deployment’ and change it to ‘Elevated token’ + ‘Interactive’.
dougModeratorHmmm… I can’t reproduce the column issue. I would suggest you make sure all instance of batchpatch.exe are closed on your computer. Then load your grid and adjust the column sizes as desired. Close BatchPatch. Then re-open BP or your grid file, and it should be all set. If for some reason it’s not, in that second opening, reset your columns once more. Then close BP and reopen it, and it should stick.
dougModeratorIn ‘Tools > Settings > Grid Preferences’ if you disable “Allow BatchPatch to auto-resize column widths”, then the column widths will be remembered. However, it’s a global setting, not a per-grid setting, so whichever grid is closed last is the sizing that will be remembered on next launch. If you want everything to be identical to before closing BP, then you’ll prob also want to disable all or most of the other settings there too for window and column sizing. That said, we recommend leaving all of the settings enabled because BatchPatch will then automatically resize the columns as needed based on the column contents. There really shouldn’t be any need to be manually resizing the “Ping Reply” column or “Last Boot Time” etc because if you use the default settings then those columns will be properly sized for you by the application to fit whatever contents are in those cells.
Regarding the password thing, we’ll consider this for a future build. Thanks.
dougModeratorI’m not quite sure what you’re describing. However, for further support with licensing issues please reach out to support directly.
dougModeratorThe scheduled tasks are saved in the BatchPatch grid file itself. If you don’t save the BatchPatch grid (File > Save), the scheduled tasks are not saved anywhere. The scheduled tasks will only run if the grid is loaded into BatchPatch and the scheduler is enabled, OR if you have enabled BatchPatch to run as a service (Tools > Run BP as a service), and you have sent the desired BatchPatch grids to run in the service instance.
dougModeratorThere is no “Scheduled task file.” I’m not sure what you’re trying to do.
-
AuthorPosts