Jump to content

Search the Community

Showing results for tags 'patching'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • MSPGeek
    • Announcements
    • The Geek Cast
  • ConnectWise Automate / Labtech
    • ConnectWise Automate / LabTech
    • ConnectWise Automate / LabTech - Development


  • ConnectWise Automate
    • Scripts
    • Plugins
    • SQL Snippets
    • Role Definitions
    • Automate PowerShell Code
    • Reports
    • Internal Monitors
    • Remote Monitors
  • ConnectWise Manage
    • API Interacting Code

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



About Me


Agent Count













Found 13 results

  1. Hi All, After speaking with ConnectWise, I understand there is a script from the Solution Centre called 'Windows 10 - Install Feature Update' which requires you to deploy the latest build of Windows 10 to your LTShare, but that it's only a supported feature on-prem and cloud partners currently don't have support for this.. https://docs.connectwise.com/ConnectWise_Automate/ConnectWise_Automate_Knowledge_Base_Articles/Scripting%3A_Windows_10_Install_Feature_Update_Script As a potential workaround, ConnectWise have told me I can individually place the ISO under the LTsvc\packages folder on each machine. Rather than download 50 x 4GB ISO's for a client, I thought to use the server to then have Automate copy this locally, but I'm struggling. My plan was to create an EDF whereby we can enter at the location level the path to the ISO and then call this in a variable for the Script copy as Admin but it doesn't seem to unpack the variable path and the script fails. Has anybody else had any success upgrading from 1803/1809/1903 using Automate? Any help would be appreciated!
  2. Does anyone have a solution to notifying clients of what patches will be installed automatically? We have a client that is asking that we notify them in advance of any and all patches that are to be installed on their systems and we are looking for an automatic way of doing that to ensure we are in compliance of their needs.
  3. I just spoke with Automate support since one of our servers was showing a last patched date of 6/20/2019 by Automate but we found that it had not actually been patched since November 2018. With that said, I found from Automate support that the "last patched" date includes third party patching as well. So, this server was patched by a third party patch on 6/20/2019 but Windows updates had not been installed since November 2018. I asked them if they had a better monitor to best track the agents that have not had a Windows update installed in the last 30 days but they said there wasn't one. They said there are some coming down the road, but has anyone had to create a custom monitor that monitors just for Windows updates not being installed in the last 30 days for example? My goal is to create a monitor that would find agents that have not had a Windows update installed in the last 30 days and fully exclude third party patching from that monitor.
  4. Hi there, We seem to be having a lot of problems patching in Server 2016 - is anyone else here having difficulties? A lot of our Server 2016 servers (but not all) seem to be having updates done by UpdateOrchestrator’ & not by ‘CM Automate’ (see attached screenshot) All the patch settings in Ignite seem to be the same between the Servers that are ok, and the ones that are not, and they are all in the same Patching group, so we are at a bit of a loss to understand why some are not being patched by Labtech & some are. Does anyone know where I can look further to see what is going on here? Thanks in advance, Steve.
  5. Hi all, I am looking for a way to set up a group that will allow any computer added to it to continue patching all day long as long as it has outstanding patches. I envision being able to add new computers to this group and have them run MS patching until completely updated. Currently, I set up a group and assigned the following MS Update Policy to it: Day: Custom Start Time: 12AM Duration: 23 Hours Selected all days, of every month. I then assigned the follow reboot policy: Disable reboot window, issue reboot when patching is complete. Reboot based on Patch Reboot Mode settings. Patch Reboot Mode: Now When I add a computer to this group, it initially begins patching, installs available patches, and then reboots. The computer then has additional patches that are outstanding either as follow-up patches or patches that couldn't be installed till after a reboot, but the computer doesn't attempt to install those patches until the next morning at 12AM when it hits the next patch window. How do I go about making sure that after the first set of patches are installed, the machine reboots, and then continues patching again? Is there an easy way to get this setup?
  6. I am looking to run/schedule a Patch Compliance Report. I can run this against the client only. This gives me all the workstations and servers. Since we have our servers in a different location would it be possible to run this report with the client and location thus giving me the report for just the servers? If there is a different report I need to be running please let me know that as well. What I would like to see is How Compliance is my servers. Last Patch Date and all patches approved and ready to install. Thank you! Rob
  7. We were having trouble managing workstations, especially laptops, because they were going offline overnight. This monitor/autofix setup has drastically improved the situation. Components: Install and Apply Power Plan [function script] This creates and runs a powershell script to download a .pow file, install the power plan, and apply it. This assumes that @powerplanFileSource@ has been defined and points to a .pow file in the LTShare transfer folder. So if your powerplan file is \LTShare\Transfers\PowerPlans\nosleep.pow, you will have defined powerPlanFileSource = PowerPlans\nosleep.pow This sets a variable @installAndApplyPowerPlanResult@ = success upon success, so you can check the result after calling it. Apply Power Plan [function script] This creates and runs a powershell script to apply an already installed power plan This assumes that @powerPlanName@ has been defined and is the power plan it should apply to the computer This sets a variable @applyPowerPlanResult@ = success upon success, so you can check the result after calling it. Apply [YOUR POWER PLAN NAME] [script] This script conditionally runs the two function scripts above. You set the required variables in lines 2 and 3, and it will check to see if the plan is installed or not and act accordingly. This sets a variable @autofixResult@ = success upon success, so you can check it after calling it. ~Autofix incorrect power plan [script] This is an autofix script to be called by a monitor. If called, it will run the Apply [YOUR POWER PLAN NAME] script. If the script is successful, we're fine. If the script fails, it will create a ticket with subject and body defined by lines 2 and 3 of the Then section, and if the monitor succeeds it will close the ticket with the note defined by line 2 of the Else section. On Incorrect Power Plan [monitor] This is a RAWSQL monitor that fails if your power plan isn't applied, and will be configured to use an alert template executing ~Autofix incorreect power plan. Configuration Create your power plan On a laptop, set up the desired power configuration, including lid actions. Save it with a name you want your clients to see if they go looking at their power plan. Get the GUID of your power plan with the powershell command powercfg /List Export the power plan to a .pow file with the powershell command powercfg -export "%UserProfile%\Desktop\MyPowerPlan.pow" GUID (GUID is the GUID from the previous step) Move MyPowerPlan.pow somewhere in your LTShare\Transfer Import the attached files into Automate Modify the Apply [YOUR POWER PLAN NAME] script Rename it and change the Notes section as needed Set lines 2 and 3 to the correct values for the power plan you created and the file you exported Ensure line 24 runs the "Install and Apply Power Plan script Ensure line 34 runs the "Apply Power Plan script Modify the ~Autofix incorrect power plan script Set lines 2 and 3 of the Then section and line 2 of the Else section as desired Ensure line 13 points to the Apply [YOUR POWER PLAN NAME] script Modify the On Incorrect Power Plan monitor In Configuration>Additional Condition, change pp.currentPlan != "[YOUR POWER PLAN NAME]" so it references the name of the power plan you created in step 1 (no brackets) In Configuration>Additional Condition, change WHERE AgentID=[YOUR MONINTOR ID] with the monitor id (this is set upon import) Create an alert template Go to Automation>Templates>Alert Templates (assuming automate 12) Click on New Template Name it as you like Add an alert to run the ~Autofix incorrect power plan script, applied every day all day Now it's just a vanilla monitor setup where you enable the monitor for whatever groups you want (e.g. Patching.Patch Install - Workstations, Service Plans.Windows Workstations.Managed 24x7) and set it to use the alert template you created in step 6. -rgg *thanks to @Gavsto for his rawsql writeup. It's so good I just open it by default every time I'm starting a RAWSQL monitor. ~Autofix incorrect power plan.xml Apply [YOUR POWER PLAN NAME].xml Apply Power Plan.xml incorrect_powerplan_monitor.sql Install and Apply Power Plan.xml
  8. We've recently ran into an issue with cumulative updates on Windows 10 machines causing the machines to bsd. Is there a way to have the cumulative updates install separately over the weekend?
  9. Geeks, Patching your Patch Engine, Microsoft’s Windows Update Agent (WUA) is an agent program that works in conjunction with Windows Server Update Services to support automated patch delivery and installation. Labtech uses this agent to help determine what patches are needed by each Windows system and deploys them. Microsoft often updates the WUA which increases the detection of missing patches more current then the installed version of WUA. This can cause you to get a perception that your patching is up to date when in actuality your massively behind. There is more to patching then just letting the approvals happen. Windows regularly updates the agent (engine) they use to manage and seek for patches. By making sure this agent stays up to date you are making sure your users PCs stay current with the latest in system and office patches. We wanted to help the fellow LabTech geeks out there with a tool to help identify and rectify systems that are falling behind with the current WUA version. So we created Patch Remedy to assist LabTech MSPs with managing WUA. The tool is very simple to use and is mostly automated. Just turn on the master switch and wait for the data to start streaming in. We also added several manual tools inside the plugin that will allow for quick remediation of several common issues with WUA. This plugin is based on this post - http://www.labtechgeek.com/forum/viewtopic.php?f=7&t=2123 https://www.plugins4labtech.com/products/patch-remedy Enjoy Cubert :ugeek:
  10. I have a simple script that will install all missing approved patches. If missing approved patches are found it will install them and create a ticket in CW. Is there a way to get the output of the Install Patch command into the ticket as well to show what was installed or if there was an error? Thanks!
  11. Hello all, A few weeks ago, I inherited the LabTech responsibilities for my company. We're using LabTech 10.5 for patching customer machines. In the past 2 weeks, I have gone from a broken, fully manual LabTech implementation to something that is starting to come together. My computers will now automatically join the correct client/location based on the custom agent installer. From there, custom auto-join searches file machines into the proper groups I've specified. These groups automatically onboard the machines and set schedules, etc, based on my group templates. I have figured out how to do some custom scripting and reporting on a schedule. However, I'm still missing the final killer piece... How do I setup my patching groups to automatically approve all Windows updates that I specify so I don't have to do it manually via the patch manager?????? I have tried various things, and I've searched these forums somewhat (maybe not exhaustively), but I'm still pulling my hair out. Based on the (terrible) documentation I've read, it seems like if my computers are A) onboarded, and B) under a "patching contract," a default script should be doing this already. However, as I said, this is an old implementation that I inherited in bad shape, so I'm not certain that it hasn't been "damaged" somehow. I've gone into the global config to where I thought this script should be, and it isn't there... Can someone please explain how automated group approval should be working in 10.5? Can anyone point me to a good howto guide maybe? If I get this done, and our clients are getting automatically patched as they should, I can then turn my attention to upgrading this software to a later version. So please (PLEASE!) help and I will be oh so grateful... Thanks all
  12. In Continuum Patch Policy, they have failure notifications in the form of tickets. It can generate ticket for patch failures after x days out of compliance and I believe this is their way of tracking recent patching failures. Is there a built-in function like this in Automate 11 or, has anyone made something like this?
  13. Plugins4Automate.com has released a new build of Patch Remedy that now handles Windows 10 version 1709. Read our blog for information of what was added to this plugin at https://www.plugins4labtech.com/blogs/blog/patch-remedy-makes-way-for-windows-10-version-1709
  • Create New...