When installing Windows Updates, you have a number of options to select from in order to determine where the updates are retrieved from and which updates are downloaded and installed. Let’s take a moment to go through everything.

Start by taking a look at the Windows Update settings screen under Tools > Settings > Windows Update.

Server Selection:
The Server Selection radio buttons control where target computers will retrieve updates from. When BatchPatch is operating with cached mode disabled (it is disabled, by default), all target computers will retrieve their updates from either a managed WSUS server, Windows Update, or Microsoft Update.

Default / Managed: BatchPatch instructs each target computer to use its existing configuration to determine where to search for updates. A computer’s existing configuration would either come from group policy or manual configuration at the console. In either case, when ‘Default/Managed’ is selected, it just means that BatchPatch will use the target’s configuration. This is frequently what the administrator wants. However, in some cases the administrator might specifically want to instruct computers to bypass their own WSUS server in order to search Windows Update or Microsoft Update instead.

Windows Update: BatchPatch instructs each target computer to bypass its own configuration and search for updates on Microsoft’s public server. This includes only Windows updates.

Microsoft Update: BatchPatch instructs each target computer to bypass its own configuration and search for updates on Microsoft’s public server. This includes Windows updates AND updates for other Microsoft products. However, before using Microsoft Update, target servers must be opted-in to the service, otherwise they will throw an exception when the search for available updates is executed. See Actions > Windows Updates > Opt-in…

Search Preferences: When a search for updates is initiated, BatchPatch uses the Search Preferences to determine what search query is used.

Software and Drivers: When both the ‘Software’ and ‘Drivers’ boxes are checked, BatchPatch instructs target machines to search for *all* available updates. This is the most expansive search allowed. However, if only one of these boxes is checked, the search scope is limited to include only the checked option, while excluding the unchecked option.

Important and Recommended: As you might have noticed when looking at the regular control panel Windows Update interface on any given computer, Microsoft makes its own determination of what updates are considered ‘Important’ vs ‘Recommended’ vs ‘Optional.’ BatchPatch provides you with capability to mimic this behavior, so if you want your computers to only find updates that are ‘Important’ and/or ‘Recommended,’ you are able to do so. If both checkboxes are checked, then the search scope is limited to include important and recommended updates while excluding ones that Microsoft considers optional.

Update Classification Filtering: During the download and/or installation process you are able to further refine which updates are downloaded and/or installed on target computers by checking/unchecking different classification filter options. Every Windows Update that Microsoft publishes is categorized into one of the following groups:

• Critical Updates
• Security Updates
• Definition Updates
• Updates
• Update Rollups
• Service Packs
• Feature Packs
• Drivers
• Tools

If you want to ensure that a service pack or a driver is never installed on your target computers, then leave the Service Packs and Drivers checkboxes unchecked at all times.

For environments that use a WSUS server, we recommend setting the ‘Search Preferences’ to include both software and drivers. Then check every box in the ‘Update Classifications’ section. In this case BatchPatch will *not* restrict or limit the updates that are seen by or installed on target computers. Instead, it’s the approval settings on your WSUS server that will control which updates are available to computers. When BatchPatch is used in this case, generally the administrator wants BatchPatch to detect all updates that have been approved by the WSUS, rather than having BatchPatch restrict which updates are downloaded/installed.

For environments that do *not* use a WSUS server, we recommend checking both the ‘Important’ and ‘Recommended’ checkboxes, so that BatchPatch installs all the updates that Microsoft deems important and recommended. Optional updates will not be installed.

EULA Behavior: Every once in a great while, Microsoft will release an update that requires the user to agree to a EULA (End User License Agreement) before the update is able to be installed. Generally speaking I don’t see a reason to ever uncheck this box as I have only ever seen this feature be used for an update to Internet Explorer. 99.9% of updates will install with no EULA. If an update *does* require a EULA to be accepted (this is exceedingly rare), then if this checkbox is *not* checked, BatchPatch will skip the update without installing it.

Cached Mode / Offline Updates: ‘Cached mode’ turns BatchPatch into a central distribution point that will cache Windows Updates and act as a conduit for the cached updates to be applied to target computers. ‘Offline mode’ provides a facility to apply Windows Updates to computers that do not have access to the internet or a WSUS server. For more information on either of these features, please visit Cached Mode and Offline Updates

You probably didn’t know that you can use BatchPatch to notify you when a host goes offline or comes online. BatchPatch can be configured to only produce an audible alert, or it can be configured to send an email alert (or both). Maybe you want to deploy software to a particular computer that isn’t currently online because the user is out of the office with his/her laptop. One option is to create a scheduled task that will automatically execute the deployment as soon as the computer is detected online. However, perhaps you don’t want to automatically execute the deployment and instead you only want to be notified when the computer comes online. At that point you can either execute the deployment manually or you can touch base with the user about something else altogether, if needed. Here’s how to do it.

1. Email settings: Open the email settings window by selecting Tools > Settings > Email Notifications. Fill out the notification settings, and then make sure to test that the configuration is working by using the Test email settings button, which will send a test email notification to the recipients you included.
   
2. Default alerts: Select Tools > Settings > Ping Status Alerts. When you add new rows to a grid, those new rows will use the settings that are configured in the Global default alert settings for NEW rows panel. Note, once a host has been added to a grid, you can easily change that host’s settings, which I will describe how to do below. Finish configuring the desired default settings, and then click OK to close the settings window.
   
3. Configure individual host alert settings: Once a host has been added to a grid, you may configure it to behave differently from the default configuration, if you wish. For example, some hosts can be setup to send email notifications when they come online, while for other hosts you might only want to generate audio alerts when they go offline. Select any hosts for which you want to change alert settings, and then select Actions > Ping status alerts. In the image below I have configured some of the computers to have no audible alerts and to only send email notifications when the computers come online. The other hosts are configured to generate audible notifications when they come online or go offline.
   
4. Override email recipients on a per-computer basis: (Optional) If you would like to modify specific hosts in the tab so that they email particular people rather than using the default email recipients, you can override the default configuration for any or all row(s). Select the row(s) and then click on Actions > Email notification > Override default email notification settings. You can see in the image below that 6 of the rows are configured with just one email recipient as their only target for email notifications.
   
5. Start pinging: The last thing you need to do is start pinging the computers in the grid. Select the rows and then click Actions > Start pinging. Note, a row will only produce audio alerts and/or send email notifications when they are actively being pinged in a grid. When a given computer’s ping reply changes from ‘TimedOut’ to ‘Reply from…’ you’ll receive an email notification or hear an audio alert, depending on the settings you configured for the row.

One of the most common problems that people encounter with BatchPatch, and consequently one of the most common support questions we receive, has to do with remotely deploying software. A remote software deployment that is executed in BatchPatch without specifying the proper silent/quiet installation parameter/switch, will either fail altogether or in most cases will simply appear to hang indefinitely without ever completing. I want to take some time today to address this issue and to help clarify any confusion that you might have.

Normally when you install software on a computer you double-click a setup.exe file obtained from software vendor. When you double-click the setup/installation executable you are prompted with a dialog that asks you to choose various settings for the installation, usually including a target directory for the software, components of the software to be installed, startup options, desktop icons, etc. You typically have to click “Next” at least a couple times on the setup dialog until eventually the software installation is complete.

As you can imagine, if you execute the same software installation remotely on many computers, you’ll need a way to select the various setup options without requiring a remote user to have to interact with the installation process. Furthermore, in BatchPatch (or in any other deployment product) when you execute a software deployment on a set of target computers, the deployment process that runs on those remote computers is hidden from the interactive user. If the hidden process requires user input of any kind to select installation options or to click “Next” buttons in a dialog window, the software installation will simply hang forever because no one is able to see or interact with the hidden process in order to be able to click select the installation options and/or click “Next” when prompted.

The solution for remote software deployment is the silent/quiet switch/parameter. The large majority of software installation packages can be executed silently so that they simply install the software without prompting the interactive user to click on anything. For example, if the software to deploy comes in a Setup.exe file, the silent switch might be /silent, -silent, /s, -s, /quiet, -quiet, /q, -q or something similar. Those are the most commonly used switches, though sometimes case actually matters, and it could be /S instead of /s. And if the proper silent switch were just /s, then to execute a silent installation of the software locally we could just launch a command prompt and type:

Setup.exe /s

But how do we determine or discover what the silent installation parameter is for a given installation package? I can tell you that from the various support inquiries we’ve received over the years, many folks seem to think that you can simply make up your own installation parameters. However, I’m here to tell you that you can’t do that. There is generally a three-step method for determining the actual silent / quiet installation parameter for a given package.

1. Try launching the installation package with one of the following parameters:

   /? -? ? /help -help

   As an example, you can see in the screenshot below that I have launched the .msu package with /? as its only parameter.
   
   When executing this .msu at the command line with the appropriate help switch, the installation options for this package are revealed. We can see that in order to execute a silent installation of this package, we would use the /quiet parameter.
   

2. If for some reason the package does not reveal its installation options, typically the next thing to do is check the vendor’s documentation or website, or reach out to the vendor’s support team.
3. Finally, Google is always available when no other methods are working. In most cases you are not going to be the first person trying to silently install a program, so there’s a very good chance that you’ll be able to find a posting somewhere on the web to help you with the correct silent installation parameter.

Once you’ve determined the proper silent installation switch, it’s generally best to test it at the command line first to make sure it works as expected. The goal is to confirm that the software installs successfully and that it does not prompt you to click on anything in order to complete the installation. If any windows appear during the installation and wait for your input, then something isn’t right.

When you have the silent installation working properly at the command line, then you can transfer it to BatchPatch to execute the deployment on a test computer. Assuming all goes well with the test computer, then you can go ahead and feel comfortable executing the deployment on many target computers.

For numerous tutorials/examples for remote software deployment to many computers using BatchPatch, please visit the software deployment page.

If your environment forces computers to make http connections through a corporate proxy of some kind, usually BatchPatch will work properly with no additional configuration. This is because in most environments where an outbound web proxy is already configured and running, the target systems will also already have been configured with all of the settings they need to successfully utilize the proxy to download Windows Updates from Microsoft. However, in some environments there could be additional configuration needed. Proxy configuration problems for BatchPatch users typically manifest in one of two ways:

Scenario 1: The Windows Update Agent on target computers is not configured to use the corporate proxy:

If your environment requires that outbound web requests be initiated through a proxy but your computers are not configured to utilize said proxy, BatchPatch will likely produce an error similar to one of the following. Note, the errors listed below are not the only possible manifestations of a proxy related issue. It’s possible that you have a proxy related issue and you are receiving a different error message or number:

-102: Failed to execute the search. HRESULT: -2147012866
-102: Failed to execute the search. HRESULT: -2147012867
-102: Failed to execute the search. HRESULT: -2147012894

When you see an error message like this, it is always a good idea to first examine the Windows Update log file (C:\Windows\WindowsUpdate.log) on the target computer to see if it has any other potentially relevant error codes or messages. Frequently the WindowsUpdate.log will contain additional errors or error text that can be useful to determine what the cause of the problem is.

In the BatchPatch Remote Agent Log errors listed above, the -102 is noted by BatchPatch to indicate that the target computer was not able to execute the search for updates. The HRESULT value is the decimal representation of the actual Windows error code, which we can use to learn *why* the search for updates failed.

Let’s start by converting the HRESULT decimal values to hex. There are many ways to accomplish this task, but a very simple one is through the use of an online tool such as this: http://www.rapidtables.com/convert/number/decimal-to-hex.htm

In this case a quick Google search reveals what these errors mean (https://support2.microsoft.com/default.aspx?scid=836941):

-2147012866 => 0x80072EFE => ERROR_INTERNET_CONNECTION_ABORTED
-2147012867 => 0x80072EFD => ERROR_INTERNET_CANNOT_CONNECT
-2147012894 => 0x80072EE2 => ERROR_INTERNET_TIMEOUT

Configuring target computers’ Windows Update Agents to utilize your corporate proxy for outbound connections:
Proxy Configuration for the Windows Update Agent – Microsoft

To summarize the link above, in order for the Windows Update Agent to utilize a proxy in your environment, it is *not* sufficient to simply configure the proxy settings in Internet Explorer or Control Panel Internet Options. Instead, the WinHTTP proxy settings must be configured using the NETSH tool or through the use of WPAD (Web Proxy Auto Detect). To set the WinHTTP proxy on each target computer, run the following command at an elevated command prompt, where proxyservername is the name of your proxy server, and portnumber is the port that it is listening on:

netsh winhttp set proxy proxyservername:portnumber

You can even use BatchPatch to execute the above NETSH command on your target computers. See the following links for assistance: Executing Remote Commands with BatchPatch and How to Hard-Code Your Own Custom Commands in the BatchPatch Actions Menu

Scenario 2: The Windows Update Agent on target computers is properly configured to use the corporate proxy, but the proxy requires authentication:

If your environment requires that outbound web requests be initiated through a proxy, and the proxy requires authentication, BatchPatch might produce an error similar to one of the following. Note, the errors listed below are not the only possible manifestations of a proxy related issue. It’s possible that you have a proxy related issue and you are receiving a different error message or number:

Download Result: Failed. HRESULT: -2145107941

Let’s start by converting the HRESULT decimal value to hex. There are many ways to accomplish this task, but a very simple one is through the use of an online tool such as this: http://www.rapidtables.com/convert/number/decimal-to-hex.htm

-2145107941=> 0x8024401B => WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ Same as HTTP status 407 - proxy authentication is required

So, if authentication is required by your proxy, and if you’re receiving an error message in BatchPatch or in the Windows Update log (C:\Windows\WindowsUpdate.log) on the target computer that indicates there is a proxy authentication issue or failure of some kind, you can resolve this problem by whitelisting the Windows Update / Microsoft Update websites in your proxy configuration. This way you allow target computers to bypass the corporate proxy when establishing connections to just these particular sites.

The domains to whitelist are:

http://download.windowsupdate.com
http://*.download.windowsupdate.com
http://download.microsoft.com
https://*.update.microsoft.com
http://*.update.microsoft.com
https://update.microsoft.com
http://update.microsoft.com
http://*.windowsupdate.com
http://*.windowsupdate.microsoft.com
http://windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
http://ntservicepack.microsoft.com
http://wustat.windows.com

If you are using a wpad.dat file to configure your computers’ proxy settings, you can use the following syntax in the wpad.dat file to whitelist the Microsoft domains:

if ( shExpMatch ( url, "*.download.windowsupdate.com/*") ) { return "DIRECT"; }
if ( shExpMatch ( url, "*.download.microsoft.com/*") ) { return "DIRECT"; }
if ( shExpMatch ( url, "*.update.microsoft.com/*") ) { return "DIRECT"; }
if ( shExpMatch ( url, "*.windowsupdate.com/*") ) { return "DIRECT"; }
if ( shExpMatch ( url, "*.download.windowsupdate.com/*") ) { return "DIRECT"; }
if ( shExpMatch ( url, "*.windowsupdate.microsoft.com/*") ) { return "DIRECT"; }
if ( shExpMatch ( url, "*.ntservicepack.microsoft.com/*") ) { return "DIRECT"; }
if ( shExpMatch ( url, "*.wustat.windows.com/*") ) { return "DIRECT"; }

BatchPatch currently provides functionality for retrieving from target computers the list of services that are set to ‘automatic’ but currently in the ‘stopped’ state. The reason this is valuable/convenient for most users is because after you reboot computers you frequently want to have a quick way to determine that all of the services that should be running are, in fact, running.

If a service is set to ‘automatic’ it generally should be running after Windows boots. However, unfortunately there are actually some cases where a service might be set to ‘automatic’ but isn’t always running. In these cases we may or may not actually care about the particular service in question.

For example, the following services on my computer are currently set to ‘automatic,’ but none of them are actually running at the moment:

Microsoft .NET Framework NGEN v4.0.30319_X86
Microsoft .NET Framework NGEN v4.0.30319_X64
Google Update Service (gupdate)
Multimedia Class Scheduler
Software Protection
Skype Updater

We have had some customers request the ability to create an exclusion list for the BatchPatch “Get stopped automatic services” action. The idea here is that you would be able to create a list of services that you don’t really care about, so that when you execute “Get stopped automatic services” it only lists the services that are NOT contained in the exclusion list. So if a really important ‘automatic’ service, like SQL Server, had not started after rebooting a computer, it would be easier to identify it if it weren’t buried in a list of other services that aren’t started, like the ‘Software Protection’ service, which is usually not started, even though it’s set to ‘automatic.’ We intend to provide this functionality in a future version of BatchPatch. However, in the meantime while you are waiting for it, there is actually a very easy way to accomplish the same task in the current version of BatchPatch.

Sample script:

Download StoppedAutoServices.vbs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

'Gets the list of services on a computer that are set to automatic and stopped but do not exist in the script's hardcoded list: arrayServiceExclusions.  Cocobolo Software, LLC June 2015

'usage: cscript.exe StoppedAutoServices.vbs COMPUTERNAME

'the first argument from the command line is assigned to strComputer
strComputer = WScript.Arguments(0)
 
'create an array containing the list of service display names to exclude from the check for stopped automatic services.
arrayServiceExclusions = Array("Microsoft .NET Framework NGEN v4.0.30319_X86","Microsoft .NET Framework NGEN v4.0.30319_X64","Google Update Service (gupdate)","Multimedia Class Scheduler","Software Protection","Skype Updater")
strStoppedAutoServicesList = ""
intCounter = 0
 
on error resume next
Err.Clear
 
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
 
'Get list of running services
Set colService = objWMIService.ExecQuery("Select * from Win32_Service")
		For Each objService in colService
			If ((objService.StartMode = "Auto") And (objService.State = "Stopped")) Then
				boolIsServiceContainedInList = 0
				'loop through our hardcoded list and compare
				For Each strServiceName in arrayServiceExclusions
					If objService.DisplayName = strServiceName Then
						boolIsServiceContainedInList = 1
					End If
				Next
				'if a service is set to automatic and in the stopped state and NOT contained in our hardcoded list, then add it to our final report and increment the counter
				If boolIsServiceContainedInList = 0 Then
					strStoppedAutoServicesList = strStoppedAutoServicesList & vbLf & objService.DisplayName
					intCounter = intCounter + 1
				End If
			End If
		Next
 
'write the results list to the console
WScript.Echo strStoppedAutoServicesList
'exit the script with the return value as the number of items in our list
Wscript.Quit(intCounter)

To integrate the StoppedAutoServices.vbs script into BatchPatch:

1. Create a ‘Local process/command’ in BatchPatch. Select Actions > Execute local process/command > Create/modify local commands.
   
2. Add the StoppedAutoService.vbs script to the grid.
   Note, we use $computer as a parameter in the cscript.exe command. This tells BatchPatch to send the host name from the row that executes the script. This is what allows us to execute a script locally on the computer running BatchPatch to retrieve information from a remote computer.
3. Now we’re ready to execute the script. For the sake of this example, I have removed all but ‘Software Protection’ from the exclusion list hardcoded into the script as arrayServiceExclusions. The reason for this is to demonstrate what the output looks like when some ‘automatic’ services are found in the ‘stopped’ state. However, we will not see ‘Software Protection’ appear in our output since it remains in the arrayServiceExclusions. Highlight the target computers in the grid and then select Actions > Execute local process/command > Execute saved local commands > Get Stopped Automatic Services
   
4. When the script completes a couple of seconds later, we can see that the ‘Exit Code’ value in the ‘All Messages’ column is equal to the number of stopped automatic services that were found, excluding (of course) the items hardcoded into the script arrayServiceExclusions, which in this instance was only ‘Software Protection.’ In the screenshot below I have revealed the cell contents for the first row, and we can see the 4 services that were found. If a machine is clear and no stopped automatic services are found, then the Exit Code will be 0, indicating that we do not need to further examine that computer.
   

Executing PowerShell commands and scripts remotely can be a bit tricky. BatchPatch currently has direct support for deploying PowerShell scripts to target computers, and we will be adding more PowerShell functionality in the not-too-distant future. However, today I’d like to take a few minutes to go over the current options you have for executing PowerShell commands through BatchPatch on target computers.

Executing PowerShell Scripts:

If you’ve written a powershell script that you simply need to execute on a set of target computers, your easiest option is to use BatchPatch’s deployment feature. BatchPatch will handle copying the file to target systems, executing the script, and then deleting the file.

1. In BatchPatch, select Actions > Deploy software/patch/script/regkey etc > Create/modify deployment
   
2. In the Deployment form set a title, browse and for the .ps1 script file. For ease of operation I’m going to save this Deployment using the double right arrow button >>. Once the Deployment has been saved, the Deployment form can be closed.
   
3. Highlight the hosts you want to deploy the script to. I titled my deployment “Execute PowerShell Script 1,” so I will now select Actions > Deploy software/patch/script/regkey etc > Execute saved deployments > Execute PowerShell Script 1. You can see in the screenshot below that when the mouse hovers over the menu item, the configuration of the actual deployment is displayed in a tooltip.
   
4. When you click OK you’ll be presented with a confirmation dialog which also displays the configuration of the deployment that is going to be executed. Click OK to continue.
   
5. When the script completes Exit Code: 0 (SUCCESS) is displayed in the ‘All Messages’ column. That’s all there is to it. However, if your script was specifically written to output messages to the console, you could select the “Retrieve console output” checkbox option in the Deployment form when configuring the deployment. However, this setting can cause a deployment to not execute in some cases, so proceed accordingly.

Executing PowerShell Cmdlets:

If you only need to execute a particular powershell cmdlet that’s already available/installed on the target computer, you can do that with a single command instead of deploying a whole script.

1. Select Actions > Execute remote process/command > Create/modify remote commands (logged output)
   
2. In the ‘Remote Process’ form, add a new row, give the cmdlet a title, and enter the actual cmdlet into the ‘command’ field. For the sake of this tutorial I’m just going to execute the ‘get-help’ cmdlet. Here’s the key part: Unfortunately you can’t simply enter ‘get-help’ like you would at the command line. In a future build of BatchPatch we will be adding direct support for PowerShell cmdlets so that will be able to execute cmdlets more intuitively, but for the time being you’ll need to enter the following syntax, substituting the cmdlet that you want to run for ‘get-help,’ of course:

   cmd.exe /c echo . | powershell.exe -ExecutionPolicy Bypass -command "get-help"

   Click OK after you’ve created the command.
   

3. Now highlight the hosts that you would like to execute the cmdlet on, and then select Actions > Execute remote process/command > Execute saved remote commands (logged output) > PowerShell Get-Help Cmdlet. Of course you’ll substitute your own title for ‘PowerShell Get-Help Cmdlet.’
   
4. The command completes and we see the output from the cmdlet in the ‘Remote Command Output Log’ column.
   

The distinction between ‘Windows Update’ and ‘Microsoft Update’ has caused a significant amount of confusion for people over the years, so I’d like to take a moment to clarify the difference, as well as to explain how you can configure your target computers to use one or the other with BatchPatch.

First note that if you are using WSUS in your environment, then you probably aren’t going to be too concerned with the distinction. Your target computers will be receiving updates from your local WSUS server, and that’s all there is to it. However, for environments and users that are not using WSUS, the distinction is more important.

Defining ‘Windows Update’ and ‘Microsoft Update’

Generically, when we say ‘Windows Update’ or ‘Microsoft Update’ we are talking about software updates for computers. More specifically, when Microsoft uses the term ‘Windows Update’ they are referring to the update service that provides software updates to Windows operating systems. When they mention ‘Microsoft Update’ they are referring to the update service that provides software updates to Windows operating systems AND to individual software products that Microsoft has created, such as Office, Visual Studio, Exchange, and SQL.

By default all Windows computers today are subscribed to the ‘Windows Update’ service when a computer is first enabled for receiving software updates from Microsoft. When configured to use ‘Windows Update’ a computer will only ever detect available operating system updates. To enable the system also retrieve updates for individual Microsoft products, ‘Microsoft Update’ needs to be explicitly enabled on each computer.

Configuring ‘Windows Update’ vs ‘Microsoft Update’ on Individual Computers

If you launch the control panel Windows Update interface (Control Panel > Windows Update), you can determine which service a particular computer is configured to use.

When ‘Windows Update’ is enabled, you’ll see something like this:

To configure the computer to use the ‘Microsoft Update’ service instead of the ‘Windows Update’ service, click on the link that says “Find out more.”

When ‘Microsoft Update’ is enabled, you’ll see something like this:

Configuring ‘Windows Update’ vs ‘Microsoft Update’ on Numerous Computers with BatchPatch

You can use BatchPatch to determine which update service your target computers are configured to use, as well as to configure your target computers for a particular service.

Highlight the desired hosts in the BatchPatch grid and select ‘Actions > Windows Updates > Get Windows Update configuration’ (note, this is the same as ‘Actions > Get information > Get Windows Update configuration’).

After clicking OK BatchPatch will connect to the target computers to retrieve their current settings. You can see in the screenshot below that both of my test computers are currently set to use the ‘Windows Update’ service. If either were configured for ‘Microsoft Update’ we would see it in the screenshot. Additionally, if either were configured to use a local WSUS server instead of one of the Microsoft public services, we would see that here as well too.

To configure the target computers to use ‘Microsoft Update’ we select ‘Actions > Windows Update > Opt-in to Microsoft Update (enable updates for other MS products)’

Note, the Windows Update service on the target computer will be restarted as part of the ‘opt-in’ process. In the screenshot below you can see that I enabled the ‘Microsoft Update’ service on one of the computers.

In the same way that I just enabled ‘Microsoft Update’ I can easily disable it by using ‘Actions > Windows Update > Opt-out of Microsoft Update (disable updates for other MS products)’. That’s all there is to it.

In the latest release of BatchPatch we added functionality to run BatchPatch as a service, enabling you to execute scheduled tasks even when no one is logged on to the BatchPatch computer.

Go to Tools > Run BatchPatch as a service to reveal the run-as-service settings window.

The installation of the service requires BatchPatch to be running with elevation (as administrator). When running as admin you simply need to click the Install Service button. The service will be installed under the logon account that you’re currently using to run BatchPatch. In this way we allow multiple users on the same computer to each install their own instances of the BatchPatch service.

Once installed we can see 3 green check marks to indicate that the service is installed, the service is running, and the service instance is running. The BatchPatch service is responsible for starting the BatchPatch service instance (a dedicated/special instance of BatchPatch that runs as long as the service is running).

Once the service has been installed, you can select grids to be run by the service instance. You would create a BatchPatch grid and set the various scheduled tasks that you desire to execute on the hosts in the grid. Then save the grid to a .bps file. Once the file has been saved you can ‘send’ it to the service instance in two ways. Either right-click on the tab header and choose “Send grid to service instance”

Or use the run-as-service settings dialog + button to add .bps files:

Once a file has been added, we’ll see it appear in the list of currently active .bps files:

We can monitor this grid by launching it in the service instance .bps file viewer. Either double-click the filename in the list, or highlight it and choose the option to “Launch selected .bps file(s) in viewer.” Alternatively, you could even select “File > Open” and browse to the .bps file, or you could drag and drop the .bps file onto the BatchPatch window. Any of these actions will launch the grid in the service instance viewer.

The viewer will allow you to monitor the grid in real-time, but you will not be able to edit/modify it. If you desire to modify the grid, you’ll have to first remove the grid from the service instance. The removal process is similar to the process we used to add the grid in the first place. Only this time we’ll choose the “Remove grid from service instance” option. We can also just drag the grid from the service instance viewer into the regular/main BatchPatch window. Either action will prompt BatchPatch to display a confirmation dialog.

Don’t hesitate to contact us with comments, criticisms, and suggestions: Contact us

In the most recent release of BatchPatch we added a simple but very useful little feature to assist with reporting on stopped automatic services on a large number of target computers.

As sysadmins, we know that after rebooting a large number of computers, it’s extremely useful to be able to confirm that the services that have been set to ‘automatic’ have actually started properly. If you install updates on 100 SQL servers, but one of the updates somehow prevents the SQL Server service from starting properly after the machines are rebooted, you’re going to want to know about it immediately. The same goes for Exchange services, which commonly don’t all start properly after reboot, as well as many other services.

BatchPatch has always had the ability to retrieve from target computer the list of services that are set to ‘automatic’ but in the ‘stopped’ state. However, when working with a large number of target machines, this was less than ideal because there are some automatic services that we don’t care about that might regularly be in a stopped state. The perfect example is the Windows ‘Software Protection’ service. It’s generally going to be in the stopped state even though it’s set to automatic. It would be really nice if we could simply report on the services that we really care about, so that at a quick glance we can immediately determine which machines we need to investigate further, rather than having to read through separate a list of stopped automatic services for every single target computer.

In the latest release of BatchPatch we added an exclusions list that works in conjunction with the check for stopped automatic services. Using it is very simple. Go to ‘Tools > Settings > General’ and then click on the “exclusions list” button next to the label that says “Global exclusions list for automatic services in stopped state.”

You can see in the screenshot above that I’ve added a few services to exclude. In this list we require the service ‘Display Name’ not the actual service name. For example, the ‘Software Protection’ service corresponds to the sppsvc service. You can see the display name vs the actual service name of all services in the Services console. My favorite way to launch the services console is to go to ‘Start > Run’ and then type “services.msc” in the run box without the quotes.

In the Services console if we double-click the ‘Software Protection’ service entry, we can see the details where it shows us the ‘Service name’ and the ‘Display name.’

So, for the BatchPatch services exclusions list, make sure to always use the display name, not the actual service name. Enter one service display name per line. Any service that is included in the exclusions list will then be skipped/ignored if it is stopped on target hosts when you perform the check for stopped automatic services.

In the screenshot below I’ve executed ‘Actions > Get information > Get automatic services in stopped state.’ You’ll notice that the first host reports 2 stopped automatic services. In reality, the computer has 3 stopped automatic services, with that third service being ‘Software Protection.’ However, since ‘Software Protection’ is in our exclusions list, when we check for stopped automatic services, BatchPatch simply reports that 2 services are stopped, and we can see in the list of stopped services that ‘Software Protection’ is not included.

BatchPatch provides the administrator with the ability to easily copy files and/or folders to numerous computers, simultaneously. If you simply need to push a file to target computers or you need to replace a file that already exists on target computers, here’s how to do it:

1. Select the target hosts that you want to copy files/folders to. Then select ‘Actions > Copy file / folder > Create/modify file or folder copy’
   
2. In the dialog that appears, let’s start by adding a title for our copy job. Note, a title is not required for one-off jobs. The title is only required if you plan to save the copy job to use again in the future. For the sake of this example, we’ll save the job.
3. Use the browse button to select the source file/folder to be copied. In the ‘Destination folder’ field, we manually type the path of the folder on target computers that we want to set as the destination for the copied files. Lastly, if we want to overwrite existing files with the same name, then we can check the ‘overwrite’ box. Optionally use the >> button to save the copy job for future use.
   
4. At this point we are actually ready to execute the copy. If we click on the button that says “Execute now,” the file copy job will be executed for each selected row. The file will be copied from our source folder to the specified destination folder on each selected computer in the BatchPatch grid. Alternatively, if we saved the copy job, then we can close this window and execute the copy job later. For the sake of this example, let’s close the window.
5. Now that the copy job has been created, let’s go ahead an execute it. Highlight the desired target hosts in the grid, and then select ‘Actions > Copy file/folder > Execute saved file/folder copy job.’ In this case since I’ve only saved one job, I’ll select it. You can see when I hover my mouse over the menu item, a tooltip window appears showing the details of the copy job configuration, so that I can verify that I’m executing the correct job.
   
6. Finally, I will complete the job by clicking the menu item for the job in question. I’m prompted to confirm the action, so I select OK to complete the copy.
   
7. We can see the successful copy in the screenshot below. That’s all there is to it!
   

One of BatchPatch’s core features is the ability to remotely initiate the Windows Update search/download/install process on target computers. Not only does it allow you to execute this process on many computers at the same time, but it even lets you monitor the process in real-time so that you can see how far along each computer is. In a BatchPatch grid, one row is created per computer, and each row has its own progress bar, which enables you to see the overall completion percentage, the name of the currently downloading/installing update, as well as the current update completion percentage. I’ll do a run-through of the entire process below, so that you can see just how quick, simple, and painless it is to remotely apply Windows Updates to an entire network of computers.

1. We’ll start by adding some computers to a BatchPatch grid. Launch BatchPatch and then right click on the empty grid and select ‘Add hosts.’ Then input the host names of the computers you want to add. Finally click ‘OK’ to add the hosts to the grid.
   
   
   
2. Before we proceed, let’s double-check our Windows Update settings. Go to ‘Tools > Settings > Windows Update.’ In the window that appears you have the option of choosing ‘Windows Update,’ ‘Microsoft Update,’ or your local WSUS server. You can also select from a few different search preferences, and you can set download and installation filters too, if you want.
   
3. Now that the grid has been populated with some target computers, let’s go ahead and initiate a check for available updates. This check will show us which updates are available on each computer. Highlight the desired rows, and then select ‘Actions > Windows Updates > Check for available updates.’
   
   We can see the results for one of the hosts in the screenshot below. This log is made visible by simply middle-clicking on the ‘Remote Agent Log’ column for the host in question. There are also a couple of other ways to view this information in BatchPatch, including the ability to get a consolidated list of available updates from all hosts in the grid.
   
4. Even though we first did a check for available updates in the previous step, if we had wanted we could have skipped straight to this step, where we’ll download and install the updates to our target computers. However, in some cases it’s nice to know ahead of time what updates are even available to the computers before initiating the download and/or installation process. To remotely initiate the Windows Update download and installation process on all the selected computers, all you have to do is select ‘Actions > Windows Updates > Download and install updates + reboot if required.’ If you don’t want the hosts to be rebooted automatically by BatchPatch, then instead go ahead and select ‘Actions > Windows Updates > Download and install updates.’
   
5. At this point it’s just a question of waiting a few minutes until the process is complete. The process can take anywhere from a few minutes all the way up to a couple of hours, depending on how many updates need to be downloaded and installed. A new installation of Windows will likely have more than a hundred updates available, whereas an older installation that has been maintained might only have a couple. However, it doesn’t matter how many hosts are in the grid or how many hosts are executed simultaneously. Each host will be handled in a separate thread, so you don’t need to factor in extra time for more hosts. If a host will take about 10 minutes on its own, then it will still take the same 10 minutes when its handled concurrently with numerous other hosts. You can imagine how much time this can save when executing the process across dozens or even hundreds of target computers!

Some administrators might need a singular, consolidated report that lists all Windows Updates that are needed by computers in the organization. It would be nice if creating such a report didn’t require any manual work on the part of the administrator. The good news is that with BatchPatch you can create a consolidated report like this for all computers in just a few clicks. Usually it only takes a minute or two for all of the target computers to report back with results. However, the report is generated and displayed in real-time, so as target hosts complete their processing and report back to the main interface, the results are immediately visible in the report grid even if not all computers have reported back yet. The information displayed includes host name, update title, KB number (if applicable), update size, the published date or date of approval in WSUS, the update classification (Critical, Security, Definition, Updates, Update Rollups, Service Packs, Feature Packs, Drivers, Tools), whether or not the update has actually been downloaded to the target yet, and whether or not the update requires a reboot to complete installation.

1. Add target hosts to the BatchPatch grid by selecting ‘File > Add hosts’ and then inputting the names of the computers you want included in the consolidated report.
   
2. Select ‘Actions > Windows Updates > Generate consolidated report of available updates’
   
3. When you click OK to begin generating the report, you’ll see the report window appear. As individual hosts in the list are scanned and their scans complete, the available updates for those hosts will begin appearing in the report. In the screenshot below you can see we scanned a single host that had 12 available updates.
   
4. It should be noted that the ‘Date’ field is used to show the date the update was published, or in the event that a managed update server like WSUS is being used, it will show the date the update was approved by the WSUS administrator. The report can be exported to a delimited file by selecting the ‘Export report’ menu item in the upper left corner of the window, making it easy to import the report into your favorite spreadsheet application, such as Microsoft Excel.

The ‘Job Queue’ feature lets you line up a sequence of multiple actions to execute on a target host. There are many different situations where you might want to execute a sequence of actions on a given host (or set of hosts). For example, maybe you want to string together multiple software deployments into a single click action. Or perhaps you want to create an update and reboot cycle that can be used to trigger your computers to run Windows Update, then reboot, then wait a few minutes, then run the update and reboot again, and so on. Or perhaps you want to have a single click action that will execute a script, then execute the update+reboot process, then execute another script. All of these examples (plus many more) are possible with the Job Queue. It’s extremely simple to operate. Here’s how it works:

1. Select the host(s) that you want to include in the job queue execution, and then click on Actions > Job Queue > Create/modify job queue
   
2. In the Job Queue window that appears you can either select a previously saved Job Queue, or you can create a new one. To select a previously saved queue, double-click the previously saved queue in the ‘Saved Queues’ grid. Or highlight the saved queue and use the ‘<<' button to load it. Once loaded, you can modify it however you like. However, if you want to create a new queue, you can simply double-click on each action you want to be included in the queue, one at a time. Or you can highlight each action one at a time, and use the '>‘ button to add that action to the queue. In the screenshot below you can see that I’ve created a simple queue that does the following:

   A. Wait for host to have zero logged-on users
   B. Download and install updates + reboot always
   C. Wait for host to go offline and come back online
   D. Wait 3 minutes
   E. Download and install updates + reboot always
   F. Wait for host to go offline and come back online
   G. Wait 3 minutes
   H. Start stopped automatic services

3. Now that the queue has been created, we have the option of either saving it or running it without saving it. If we just want to run it now without saving it, we can use the ‘Execute now’ button. If we want to apply the queue to the selected hosts to run later, we can use the ‘Apply queue’ button. Once a queue has been applied to a row/host, it can be executed later from the actions menu by selecting the hosts and choosing ‘Actions > Job queue > Execute job queue.’ However, we also have the option of saving the queue, which we do by adding a Queue Title and then using the ‘>>’ button to save it. Once a queue has been saved, it can be run at any time directly from the actions menu by selecting ‘Actions > Job Queue > Execute saved job queues > Title of job queue to be executed’
4. That’s all there is to it. When we execute the job queue, each action that was included in the list will be executed sequentially on the host(s) selected. We could also execute a job queue from within a scheduled task, so that it’s launched on a particular date and time, even if we are not in front of the BatchPatch window at the time. Or, if you need to execute a sequence of actions/tasks that involves multiple hosts in the same sequence, please have a look at the advanced multi-row queue sequence, which allows you to coordinate a sequence of actions across multiple hosts, with dependencies such as a particular reboot/shutdown order for a given environment.
   

One of the things that BatchPatch does very well is remote script execution on many computers all at the same time. The ability to remotely execute a single script on numerous computers, simultaneously, with just a few clicks, is one of the awesome features of BatchPatch. No administrator wants to repeat a single process over and over on many computers. What about when the script you want to execute is written in PowerShell? How do you go about executing that single PowerShell script on all of your networked computers?

First, before you try to execute a single PowerShell script on numerous computer, you need to make sure that the script at least executes successfully on a single computer. One of the annoyances with PowerShell is that if you don’t have the same version of PowerShell on your computer, you might find that the syntax of certain portions of your scripts might only work on version 3 of PowerShell, which would obviously be a problem if some or many of computers are currently only on version 2 of PowerShell.

The first thing you’ll want to do is check to see which version of PowerShell is installed on your target systems. You can use the following PowerShell command to get the version information:

$PSVersionTable.PSVersion

If you want to use BatchPatch to check the version of PowerShell on all of your target systems, here’s what to do.

1. Highlight the target hosts in BatchPatch, and then select ‘Actions > Execute remote process/command > Create/modify remote command 3 (logged output)
2. In the command field we type or paste the following command exactly as it is written below:

   cmd.exe /c echo . | powershell.exe -ExecutionPolicy Bypass -command "$PSVersionTable.PSVersion"

3. Note, if you think you might want to re-use the same command in BatchPatch more than once, then feel free to add the command to ‘Actions > Execute remote process/command > Create/modify remote commands (logged output), which will allow you to “permanently” hard-code any commands into the BatchPatch menu.
4. Click ‘execute’ to run the command on the selected hosts. You can see the results below from my quick run. I have one computer with version 3 of PowerShell, while the other still has version 2.
   
5. Now, let’s say you want to run a multi-line PowerShell script on your target machines. After verifying the PowerShell version that you have running on target computers and after making sure that your desired script works properly on at least one computer from each group (just to make sure that the syntax of your PowerShell script works on all versions of PowerShell being used in your environment, you now have two options for executing it from BatchPatch.

   One option is to use the BatchPatch deployment feature. There are numerous deployment examples posted here: https://batchpatch.com/software-deployment If you follow any of those tutorials, you’ll see how a deployment works. However, in this case instead of deploying a software package or an update, we want to deploy a PowerShell script. So, we would highlight the desired target computers, and then we’d select ‘Actions > Deploy > Create/modify deployment.’ In the window that appears we would select the script to be deployed, and then we would check the “retrieve console output’ if our script outputs anything to the console that we want to see. And then we can simply choose “Execute now” to execute the deployment and have BatchPatch copy the script to the target systems and subsequently execute it on each system.
   

   A second option is to just run the script directly on target systems without doing a full deployment. In this case we would need to convert our script into the right format for it to be able to run in a single line. So, for example, let’s make up a very simple multi-line script to use for this example.

   $version = $PSVersionTable.PSVersion $version | format-list

   In order to execute this using the ‘Remote process/command’ feature of BatchPatch, we have to convert it into a single-line for execution. In PowerShell the semi-colon is used to separate multiple lines into a single line. So, in this case we would follow the same example that was given higher up in this tutorial, but note that this time we substitute in the above 2-line script.

6. Highlight the target hosts in BatchPatch, and then select ‘Actions > Execute remote process/command > Create/modify remote command 3 (logged output)
7. In the command field we type or paste the following command exactly as it is written below:

   cmd.exe /c echo . | powershell.exe -ExecutionPolicy Bypass -command "$version = $PSVersionTable.PSVersion; $version | format-list"

8. In the results screenshot below you can see our 2-line script was successful, and now we see our version outputted in list format.
   

In the most recent release of BatchPatch we added functionality that enables you to easily filter out recently published/approved updates during download and installation. In many environments there is a need or desire to be able to apply updates to computers only if the updates are at least X days old, where X is a value that is configured by the administrator. So, for example, it might be the case that during monthly maintenance in September the administrator desires to install all Windows Updates that were published or approved for August. And then in October the administrator would apply the updates released in September, and so on, so that the entire environment is always one month “behind” in updates that have been released. You can now do this using BatchPatch without adding any extra work.

You can see the setting called ‘Update Date Filtering’ under Tools > Settings > Windows Update in the screenshot below:

This filter instructs BatchPatch to compare the current date to the LastDeploymentChangeTime property of each update. The LastDeploymentChangeTime property is printed as a date (yyyy-MM-dd) next to each updated listed in the BatchPatch.log file. You can see this easily in the ‘Remote Agent Log’ column when performing a check for available updates in BatchPatch. In the below screenshot I’ve displayed the ‘Remote Agent Log’ column with the middle-click field viewer. For the sake of this tutorial I circled the date entries in green.

Important note about LastDeploymentChangeTime:
***When updates are obtained from ‘Windows Update’ or ‘Microsoft Update,’ the LastDeploymentChangeTime property is equivalent to the date the update was published by Microsoft. However, when updates are obtained from WSUS, the LastDeploymentChangeTime property is equivalent to the date the update was approved in WSUS.***

So, when you set the ‘Update Date Filter’ value to something greater than 0, BatchPatch will only download/install updates that were published / approved at least X days ago, where X is the value that you’ve input. For example, if you set this value to 30, updates that were published / approved any time between today and 29 days ago will *not* be installed by BatchPatch. Only updates that were published / approved 30 or more days ago will be installed. Once the setting has been saved, there is nothing else special that needs to be done. You would simply initiate the regular download and/or installation of Windows Updates using one of the options on the BatchPatch ‘Actions > Windows Updates’ menu, such as “Download and install updates + reboot if required.” This action will initiate the normal download/install process on selected computers, but updates will only be installed if they were deployed/approved more than 29 days ago.

Windows provides a feature that enables it to automatically logon after reboot, which can sometimes be very handy in certain environments. The configuration is applied through a series of registry values, which isn’t particularly convenient to enable manually. However, BatchPatch provides a quick way to apply the settings to target computers when you want to set them to automatically logon after reboot.

The most important thing to know about the automatic logon feature in Windows is that it creates a security vulnerability. In order to automatically logon after reboot, the computer stores the username and password in the registry in plain text. In some environments, this may be an acceptable risk, especially if the logon account being used does not have access to anything that wouldn’t be publicly accessible already. In environments where the risk is not acceptable, automatic logon probably should not be used at all. However, there is also always the possibility of inserting the appropriate username and password registry values, rebooting the computer and letting it automatically logon, and then finally removing the registry values that were previously inserted.

1. To use BatchPatch to insert the autologon registry entries in target systems, highlight the desired host(s) and select ‘Actions > Reboot > Configure autologon > Insert autologon registry values’

2. The ‘Auto Logon Credentials’ window appears. Input the username and password that you want to use to automatically logon the target system(s). In the ‘Domain’ field either enter the domain name where the user account resides, or if it’s a local computer account simply untick the ‘Domain’ checkbox, and you’ll see that it will be automatically filled in with $computer. Lastly, input a value for the ‘AutoLogonCount’ field.
   
   Note: The ‘AutoLogonCount’ value controls how many times the machine can be auto-logged-on after reboot before Windows automatically purges the username and password from the registry to prevent further automatic logons. With each restart, Windows decrements the value by 1 until it reaches 0. Note, if you set the ‘AutoLogonCount’ to 1, it will actually take 2 restarts before the credentials are automatically removed by Windows. On the first restart, Windows will automatically logon with the specified credentials. On the second reboot, Windows will remove the saved credentials from the registry and not automatically logon again. For the sake of maximum security, if you set the AutoLogonCount to 1, then you should still plan to remove the entries yourself after reboot by selecting the ‘Remove autologon registry values’ menu item in BatchPatch, unless you are OK with the username and password being stored in the registry in plain text until the following reboot. If you want the system(s) to automatically logon indefinitely, and if you aren’t concerned about the username and password being stored in plain text in the registry, then you can simply choose a very high number for the ‘AutoLogonCount’ field.

3. Finally, to actually insert the necessary registry values, click OK.
   
4. Once the registry values have been successfully inserted you can go ahead and initiate the reboot. You’ll see that unless you entered invalid credentials, the computer will automatically logon after the reboot completes. As mentioned above, you might now choose to remove the previously inserted registry values so that the username and password are not left stored in plain text in the target computers’ registries. To do this, highlight the computers and select ‘Actions > Reboot > Configure autologon > Remove autologon registry values’

Today I’d like to demonstrate a silent remote software installation with BatchPatch. We’ll deploy 7-zip to the computers in our lab. Once deployed, we’ll then go ahead and remotely uninstall it too.

Remote Software Installation – Deploying 7-zip to remote computers

1. Select the desired target host(s) in the BatchPatch grid, and then choose ‘Actions > Deploy > Create/modify deployment’
   
2. In the ‘Deploy’ window, browse to the 7-zip installer that you previously downloaded from 7-zip.org. I did a google search to see what the silent installation parameter is for the 7-zip 32-bit .exe installer, and it’s just a /S (case-sensitive). So, you can see in the ‘Deploy’ window screenshot above, I’ve browsed to the location of the 7z920.exe, and I’ve added the /S parameter.
3. All we have to do is execute the deployment now by clicking the ‘Execute now’ button. BatchPatch prompts us to confirm the deployment. Click OK to proceed.
   
4. A few seconds later the ‘All Messages’ column reports ‘Deployment: Exit Code: 0 (SUCCESS),’ and we’re all done! In the screenshow below I’ve expanded the ‘All Messages’ contents so that you can see exactly what BatchPatch did.
   

Remote Software Installation – Uninstalling 7-zip from remote computers

1. For the removal / uninstallation, we don’t need to deploy any files to target computers. Instead we simply need to execute a command. In the case of a default installation, the 7-zip files will be stored in “C:\Program Files\7-zip.” Make sure you identify the correct directory in your environment. Then highlight the host and select ‘Actions > Execute remote process/command > Create/modify remote command.’
   
2. In the ‘Remote process/command’ window, add the uninstallation command exactly as follows:

   "C:\Program Files\7-Zip\Uninstall.exe" /S

3. Click ‘Execute’ to initiate the uninstallation. Then click ‘OK’ to confirm that you want to proceed.
   
4. After a few seconds we see ‘Remote Command: Exit Code: 0 (SUCCESS)‘ to indicate that the command has been executed. We can now check the target machine to confirm that the software has been removed.
   

In a previous posting I demonstrated how to install Adobe Flash on numerous computers, simultaneously. In this posting I will demonstrate how to remove (uninstall) Adobe Flash from numerous computers, simultaneously.

1. Obtain the installation media. In this example we’re going to use the .msi installer file for Flash player version 19 for plugin-based browsers that Adobe makes available because it seems to be the simplest to use. Adobe has a specific distribution license agreement, so you should review that before you proceed with deploying Adobe Flash in your environment to make sure that you are complying with their rules. The following link has more information about that: Adobe Flash Player Distribution.
2. Once you have saved the installation media to your computer, you’re ready to proceed. I’ve put the ‘install_flash_player_19_plugin.msi’ file in my E:\temp directory on the computer that is running BatchPatch. Add the desired host(s) to the grid, and then select ‘Actions > Deploy > Create/modify deployment.’
   
3. In the Deployment window that appears, browse to the .msi file to select it. Then select the radio button option for ‘uninstall.’ Optionally give the deployment a title so that you can save it for future use. That’s all there is to the setup/configuration. Pretty simple, right?
   
4. To perform the actual removal/uninstallation task, you may select ‘Execute now’ to immediately initiate the removal for all highlighted hosts in the grid. Or if you prefer, give the Deployment a title, and then save it using the ‘>>‘ button, and then close the Deployment window so that you may execute the uninstallation later. For the sake of demonstration, I’ll show you what it looks like when we save it and execute it later.
5. After saving the deployment and closing the Deployment window, I’m now left with my normal grid view. I select the host(s), and choose ‘Actions > Deploy > Execute saved deployments > Remove Adobe Flash 19 for Plugin-based Browsers,’ because that’s the title I gave it in the previous step. When I mouse over the saved deployment, BatchPatch displays the deployment’s configuration in a tooltip, so that I can quickly confirm that I’m selecting the desired one.
   
6. When I click ‘OK’ I am prompted with a confirmation dialog that also displays the configuration of the deployment to be executed. The key part of the configuration (see the screenshot below) is the command:

   msiexec.exe /x "install_flash_player_19_plugin.msi" /q

   The /x is the removal parameter for .msi packages.

7. I click OK to proceed with the uninstallation of Adobe Flash Player from the selected computers.
   
8. After waiting a few seconds, the deployment is complete, and the Adobe Flash Player has been removed from the selected computer(s). We see Exit Code: 0 (SUCCESS), and we know that it’s done. We can also then confirm on the target computer that the Flash Player is gone.
   

In this tutorial I will demonstrate how to deploy Adobe Reader to multiple computers on your network, simultaneously, in just a few clicks. After the installation is complete, I will then execute a remote uninstallation.

1. Obtain the Adobe Reader offline installer package. At the time of this writing, the following link contains the offline installer downloads. For this example I downloaded the ‘Adobe Reader 11.0 – Multilingual (MUI) installer package.’ Adobe Reader Offline Installer Download
   
2. After downloading the .zip file, extract it. In the screenshot below you can see that I’ve extracted it to AdbeRdr11000_mui_Std.
   
   The AdbeRdr11000_mui_Std contains the following items:
   
3. Now that we have the installation files, we’re ready to create the deployment in BatchPatch. Launch BatchPatch and highlight the desired hosts that will receive the deployment. Then select ‘Actions > Deploy > Create/modify deployment.’ The deployment window will appear.
   
4. In the deployment window, type a title (if you wish to save the deployment for future use), and browse to the .msi in the AdbeRdr11000_mui_Std folder that you created earlier. Also make sure to tick the option to ‘Copy entire directory contents in addition to the specified file.’
   
   
5. Now that we’ve selected our deployment options, we are ready to execute the remote software installation. Click ‘Execute Now,’ and then click ‘OK’ to confirm that you want to continue.
   
6. 20 seconds later we see Deployment: Exit Code: 0 (SUCCESS). That’s all there is to it!
7. The process for uninstalling / removing Adobe Reader is almost identical as the installation process. For the uninstallation we have to change just a single parameter in the deployment configuration to select ‘uninstall’ instead of ‘install.’
   
8. We can then execute the uninstallation, if needed. Again, I’ll just click the ‘Execute Now’ button and wait. After 14 seconds, Adobe Reader has been uninstalled from the target computer. Once again we see Deployment: Exit Code: 0 (SUCCESS).
   

One of the challenges that administrators often face is getting things done on user computers that rarely connect to the network. For example, part of your job might be to update Java, Adobe Flash, or Adobe Reader on all of your users’ computers. Inevitably it seems that you are able to get 90% done immediately while the other 10% take many days or even weeks (sometimes months!) simply because the users aren’t in the office frequently. And then when they are in the office, you don’t learn about it quickly enough to perform the update, so they’re back on the road before you get it done! Wouldn’t it be nice if you could just setup a job that would automatically run the update the moment the traveling users come back to the office and attach their computers to the network? Fortunately with BatchPatch this is actually very easy to accomplish.

In the BatchPatch task scheduler there is an option to “Run task immediately upon detecting target computer online.”

This scheduled task option works exactly as it sounds. It’s as simple as selecting any BatchPatch task such as downloading/installing Windows updates, deploying software, or executing a custom script or job queue, and then ticking the box to “Run task immediately upon detecting computer online.” BatchPatch will constantly monitor the network for the desired computer. As soon as BatchPatch detects that the computer is online, the task is executed. Below is a step-by-step tutorial.

1. Select the desired hosts in the BatchPatch grid, and then select ‘Actions > Task Scheduler > Create/modify scheduled task.’
   
2. In the task scheduler window select from the drop-down menu the desired task. In this case I’m going to choose a previously saved software deployment task that installs 7-zip (any deployment that you create in the ‘Actions > Deploy > Create/modify deployment’ window can be saved in that same interface).
   
3. Make sure that you have ticked the “Run task immediately upon detecting computer online” checkbox. Then click OK.
   
4. Lastly, make sure you enable the scheduler if it isn’t already running. Do this by clicking on the smaller clock icon in the upper right portion of the BatchPatch window.
   
5. That’s all there is to it! At this point you can simply go on about your other regular duties and just check back every now and again to see which computers have come online and received the update. Or if you prefer to receive an email notification each time a machine is updated, then instead of executing the software deployment directly from the task scheduler, setup a two-step job queue with the software deployment as the first step, and an email notification as the second step. Then from the task scheduler you can just execute that job queue with the same “Run task immediately upon detecting computer online” checkbox!