Jump to content
BGags

How I got to 95% patch efficacy in Eight Easy(?) Steps

Recommended Posts

Cubert, awesome plugin.

 

One problem I've noticed is the on/off switch for updating the WU agent. This worries me on servers. For workstations I'd say, go for it and update whatever you can. On servers I can't risk reboots or odd behaviour unless its planned. Maybe it could be divided?

 

I've had it running for a little while and its picked up 250 or so machines, which is good. However the overview graph doesn't match the WUA Versions tab. It says I've got 170+ win7 machines, but the graphic shows just 10 win7 boxes.

 

On the overview tab theres a gauge showing 'succesful installs today' - which should show at least one as I know I have at least one machine which installed some patches and which I personally rebooted and which ran the patch remedy script both before an after patching, so it seems to be missing some stuff.

Share this post


Link to post
Share on other sites

Update 4 is looking good Cubert, ran all the different optional stuff on a test PC. The aggressive fix is a very long one as it started 4 hours ago and it is still working. Which if it is a fix is completely worth it. But I am still not seeing any "Updates Today" in this version. Downgraded to version 2 and it showed 500. Not sure what the difference is but there is apparently a difference.

Share this post


Link to post
Share on other sites

First off.. HUGE PROPS to BGAGS for starting this topi, Cubert for making the plugin (nice work buddy!) and everyone else for their amazing contributions!! I think this thread has brought to light the fact that there are a lot of us with issues around patching, so this thread is VERY VERY AWESOME indeed!! BGags.... The info you laid out was immense, and the additional effort you put in to then post the information... simply.. AMZAEBALLS!! :)

 

I figured I would extend this post a little bit with some SQL queries that i have been working on for a little while and add to the awesomness of this post, with what I hope will add some more value to it, so here we go...

 

Quick notes...

1. ALL THE QUERIES ARE SELECTS. No databases were harmed in the making of these SQL queries! ;p

2. While they are more of a reference, than an actionable query... I have been told that the results look great a 'dashing' HUD.

3. While you wont find what your looking for in every one, hopefully 2 or 3 of these will server some purpose.

4. Feel free to take SQL and edit to your needs.

 

Workstations that are ONLINE and ready to patch (& user NOT logged in!)

 

SELECT `computers`.`ComputerID` AS 'ID',
    `computers`.`name` AS `Name`,
    `clients`.`name` AS 'Client',
    SUBSTRING(`computers`.`OS`,11) AS 'OS',
    `computers`.`LastContact` AS 'Last Contact Time',
    `computers`.`WindowsUpdate` AS 'Last Update Attempt',
COUNT(hotfixid) AS 'Missing Patches'
FROM `hotfix`
JOIN `computers` ON ( `hotfix`.`ComputerID` = `computers`.`ComputerID` )
JOIN `clients` ON (`computers`.`clientid` = `clients`.`clientid`)
JOIN `commands` ON (`computers`.`ComputerID` = `commands`.`computerid`)
JOIN `v_extradatacomputers` ON (`computers`.`ComputerID` = `v_extradatacomputers`.`computerid` )
WHERE `Installed`=0 AND `Approved`=1
AND (((Computers.Flags & 1024) != 1024))
AND `computers`.`OS` NOT LIKE '%server%'
AND `LastContact` > DATE_SUB(NOW(), INTERVAL 5 MINUTE)
AND `Username` LIKE '%not logged in%'
AND `commands`.`command` != 100 AND `commands`.`status` != 2
GROUP BY `computers`.`name` DESC
HAVING `Missing Patches` >= 10
ORDER BY COUNT(hotfixid) DESC;

 

Completed patching (today)

 

SELECT DISTINCT computers.computerid AS 'ID',
    computers.name AS 'Patched today',
    clients.name AS 'Client',
    commands.dateupdated AS 'Completed'
FROM commands JOIN computers ON (commands.computerid = computers.computerid) JOIN clients ON (computers.clientid = clients.clientid)
WHERE command = 100 AND `status` = 3
AND output LIKE '%downloaded and installed successfully%'
AND commands.dateupdated >=CURDATE()
GROUP BY computers.name
ORDER BY `Completed` DESC

 

 

No updates found (today)

 

SELECT DISTINCT computers.computerid AS 'ID',
    computers.name AS 'Patched today',
    clients.name AS 'Client',
    commands.dateupdated AS 'Completed'
FROM commands JOIN computers ON (commands.computerid = computers.computerid) JOIN clients ON (computers.clientid = clients.clientid)
WHERE command = 100 AND `status` = 3
AND output LIKE '%No Updates to Install%'
AND commands.dateupdated >=CURDATE()
GROUP BY computers.name
ORDER BY `Completed` DESC

 

 

Currently Patching...

 

SELECT cmd.`ComputerID` AS 'ID',
    cl.name AS 'Client',
    c.name AS 'Hostname',
    c.OS AS 'OS',
    cmd.DateUpdated AS 'Start Time',
    (LENGTH (cmd.parameters) - LENGTH(REPLACE(cmd.parameters,',','')))+1 AS 'Patches Installing',
    (ROUND(TIME_TO_SEC(TIMEDIFF(NOW(),cmd.DateUpdated))/60)-1) AS 'Elapsed Time (m)'
FROM commands cmd
JOIN computers c ON (c.computerid = cmd.computerid)
JOIN clients cl ON (cl.clientid = c.clientid)
WHERE cmd.command = 100 AND `status` = 2
ORDER BY `Patches Installing` DESC

 

 

Today's total patch attempts

 

SELECT COUNT(DISTINCT computerid) AS 'Patch Attempts' 
FROM commands
WHERE command = 100 AND `status` = 3
AND dateupdated >=CURDATE()

 

 

Today's successful patch count

 

SELECT COUNT(DISTINCT computerid) AS 'Patch Attempts'
FROM commands
WHERE command = 100 AND `status` = 3
AND output LIKE '%downloaded and installed successfully%'
AND dateupdated >=CURDATE()

 

 

Total Missing Patches

 

SELECT `computers`.`name` AS 'PC Name',
`computers`.`ComputerID` AS 'Agent ID',
`computers`.`OS` AS 'OS',
`computers`.`LastContact` AS 'Last Contact',
COUNT(hotfixid) AS 'Updates Pending'
FROM `hotfix`
JOIN `computers`ON ( `hotfix`.`ComputerID` = `computers`.`ComputerID` )
JOIN clients ON (computers.clientid=clients.clientid)
WHERE `hotfix`.`Installed`=0 AND `hotfix`.`Approved`=1 
AND clients.clientid NOT IN (33)
AND `computers`.`LastContact` > DATE_SUB(NOW(), INTERVAL 5 MINUTE)
AND computers.os NOT LIKE '%server%'
GROUP BY `computers`.`name` DESC
ORDER BY COUNT(hotfixid) DESC

 

 

 

Interrupted Patching

 

SELECT cmd.`ComputerID` AS 'ID',
    cl.name AS 'Client',
    c.name AS 'Hostname',
    c.OS AS 'OS',
    c.LastContact AS 'Last Contact',
    cmd.DateUpdated AS 'Start Time',
    (LENGTH (cmd.parameters) - LENGTH(REPLACE(cmd.parameters, ',', '')))+1 AS 'Patches Installing',
    (ROUND(TIME_TO_SEC(TIMEDIFF(NOW(),cmd.DateUpdated))/60)-1) AS 'Elapsed Time (m)'
FROM commands cmd LEFT JOIN computers c ON (c.computerid = cmd.computerid) JOIN clients cl ON (cl.clientid = c.clientid)
WHERE command = 100 AND STATUS = 2
AND c.LastContact < DATE_SUB(NOW(), INTERVAL 30 MINUTE)
ORDER BY `Patches Installing` DESC

 

Some of the SQL is clean, others not so clean... so while this is not by any means a 'final result'... they should give you enough basis to work from.

 

Enjoy & Thanks again to all of you for making the community AWESOME!!

Share this post


Link to post
Share on other sites
First off.. HUGE PROPS to BGAGS for starting this topi, Cubert for making the plugin (nice work buddy!) and everyone else for their amazing contributions!! I think this thread has brought to light the fact that there are a lot of us with issues around patching, so this thread is VERY VERY AWESOME indeed!! BGags.... The info you laid out was immense, and the additional effort you put in to then post the information... simply.. AMZAEBALLS!! :)

 

I figured I would extend this post a little bit with some SQL queries that i have been working on for a little while and add to the awesomness of this post, with what I hope will add some more value to it, so here we go...

 

Quick notes...

1. ALL THE QUERIES ARE SELECTS. No databases were harmed in the making of these SQL queries! ;p

2. While they are more of a reference, than an actionable query... I have been told that the results look great a 'dashing' HUD.

3. While you wont find what your looking for in every one, hopefully 2 or 3 of these will server some purpose.

4. Feel free to take SQL and edit to your needs.

 

Workstations that are ONLINE and ready to patch (& user NOT logged in!)

 

SELECT `computers`.`ComputerID` AS 'ID',
    `computers`.`name` AS `Name`,
    `clients`.`name` AS 'Client',
    SUBSTRING(`computers`.`OS`,11) AS 'OS',
    `computers`.`LastContact` AS 'Last Contact Time',
    `computers`.`WindowsUpdate` AS 'Last Update Attempt',
COUNT(hotfixid) AS 'Missing Patches'
FROM `hotfix`
JOIN `computers` ON ( `hotfix`.`ComputerID` = `computers`.`ComputerID` )
JOIN `clients` ON (`computers`.`clientid` = `clients`.`clientid`)
JOIN `commands` ON (`computers`.`ComputerID` = `commands`.`computerid`)
JOIN `v_extradatacomputers` ON (`computers`.`ComputerID` = `v_extradatacomputers`.`computerid` )
WHERE `Installed`=0 AND `Approved`=1
AND (((Computers.Flags & 1024) != 1024))
AND `computers`.`OS` NOT LIKE '%server%'
AND `LastContact` > DATE_SUB(NOW(), INTERVAL 5 MINUTE)
AND `Username` LIKE '%not logged in%'
AND `commands`.`command` != 100 AND `commands`.`status` != 2
GROUP BY `computers`.`name` DESC
HAVING `Missing Patches` >= 10
ORDER BY COUNT(hotfixid) DESC;

 

Completed patching (today)

 

SELECT DISTINCT computers.computerid AS 'ID',
    computers.name AS 'Patched today',
    clients.name AS 'Client',
    commands.dateupdated AS 'Completed'
FROM commands JOIN computers ON (commands.computerid = computers.computerid) JOIN clients ON (computers.clientid = clients.clientid)
WHERE command = 100 AND `status` = 3
AND output LIKE '%downloaded and installed successfully%'
AND commands.dateupdated >=CURDATE()
GROUP BY computers.name
ORDER BY `Completed` DESC

 

 

No updates found (today)

 

SELECT DISTINCT computers.computerid AS 'ID',
    computers.name AS 'Patched today',
    clients.name AS 'Client',
    commands.dateupdated AS 'Completed'
FROM commands JOIN computers ON (commands.computerid = computers.computerid) JOIN clients ON (computers.clientid = clients.clientid)
WHERE command = 100 AND `status` = 3
AND output LIKE '%No Updates to Install%'
AND commands.dateupdated >=CURDATE()
GROUP BY computers.name
ORDER BY `Completed` DESC

 

 

Currently Patching...

 

SELECT cmd.`ComputerID` AS 'ID',
    cl.name AS 'Client',
    c.name AS 'Hostname',
    c.OS AS 'OS',
    cmd.DateUpdated AS 'Start Time',
    (LENGTH (cmd.parameters) - LENGTH(REPLACE(cmd.parameters,',','')))+1 AS 'Patches Installing',
    (ROUND(TIME_TO_SEC(TIMEDIFF(NOW(),cmd.DateUpdated))/60)-1) AS 'Elapsed Time (m)'
FROM commands cmd
JOIN computers c ON (c.computerid = cmd.computerid)
JOIN clients cl ON (cl.clientid = c.clientid)
WHERE cmd.command = 100 AND `status` = 2
ORDER BY `Patches Installing` DESC

 

 

Today's total patch attempts

 

SELECT COUNT(DISTINCT computerid) AS 'Patch Attempts' 
FROM commands
WHERE command = 100 AND `status` = 3
AND dateupdated >=CURDATE()

 

 

Today's successful patch count

 

SELECT COUNT(DISTINCT computerid) AS 'Patch Attempts'
FROM commands
WHERE command = 100 AND `status` = 3
AND output LIKE '%downloaded and installed successfully%'
AND dateupdated >=CURDATE()

 

 

Total Missing Patches

 

SELECT `computers`.`name` AS 'PC Name',
`computers`.`ComputerID` AS 'Agent ID',
`computers`.`OS` AS 'OS',
`computers`.`LastContact` AS 'Last Contact',
COUNT(hotfixid) AS 'Updates Pending'
FROM `hotfix`
JOIN `computers`ON ( `hotfix`.`ComputerID` = `computers`.`ComputerID` )
JOIN clients ON (computers.clientid=clients.clientid)
WHERE `hotfix`.`Installed`=0 AND `hotfix`.`Approved`=1 
AND clients.clientid NOT IN (33)
AND `computers`.`LastContact` > DATE_SUB(NOW(), INTERVAL 5 MINUTE)
AND computers.os NOT LIKE '%server%'
GROUP BY `computers`.`name` DESC
ORDER BY COUNT(hotfixid) DESC

 

 

 

Interrupted Patching

 

SELECT cmd.`ComputerID` AS 'ID',
    cl.name AS 'Client',
    c.name AS 'Hostname',
    c.OS AS 'OS',
    c.LastContact AS 'Last Contact',
    cmd.DateUpdated AS 'Start Time',
    (LENGTH (cmd.parameters) - LENGTH(REPLACE(cmd.parameters, ',', '')))+1 AS 'Patches Installing',
    (ROUND(TIME_TO_SEC(TIMEDIFF(NOW(),cmd.DateUpdated))/60)-1) AS 'Elapsed Time (m)'
FROM commands cmd LEFT JOIN computers c ON (c.computerid = cmd.computerid) JOIN clients cl ON (cl.clientid = c.clientid)
WHERE command = 100 AND STATUS = 2
AND c.LastContact < DATE_SUB(NOW(), INTERVAL 30 MINUTE)
ORDER BY `Patches Installing` DESC

 

Some of the SQL is clean, others not so clean... so while this is not by any means a 'final result'... they should give you enough basis to work from.

 

Enjoy & Thanks again to all of you for making the community AWESOME!!

 

These are AWESOME Martyn.

 

Cubert, any chance of getting these into the plugin?

 

Steve.

Share this post


Link to post
Share on other sites

Anyone seen a list of which versions of WU should be installed on each version of windows?

 

This is the list I have myself, but its manually maintained and I'm not sure of the accuracy

 

Win XP - 7.6.7600.256

Win 2003 - 7.6.7600.256

Win Vista - 7.6.7600.256

Win 2008 - 7.6.7600.320 (not sure on this one)

Win 7 - 7.6.7601.19046

Win 2008 R2 - 7.6.7601.19016

Win 8 - 7.9.9600.18094

Win 8.1 - 7.9.9600.18094

win 2012 - 7.9.9200.17185

Win 2012 R2 - 7.9.9600.17489

Win 10 - 10.0.10240.16397

 

However I'm finding that win 7 running versions 7.6.7601.18917, 7.6.7601.18937, etc will not upgrade to 7.6.7601.19046 (KB3102810)

Same goes for 2008 R2 - KB3102810 should upgrade to 7.6.7601.19016 but I'm finding agents with 7.6.7601.18917 will not upgrade

There are plenty of other examples I've come across, so its a bit of a minefield.

 

Ian

Share this post


Link to post
Share on other sites

First I just want to thank everyone for their input. We have been fighting with LT updates for about a year on and off in little tidbits ... I was reading the original Bgags post and its very informative as to how we may want to look at our stuff. I also dropped the Squidworks plugin on the other day and thats really nice too!

 

I wasnt sure where the 'overlap' is . I grabbed the 2 scripts from Bgags and imported them, it created folders but no scripts , but also looks like its doing basically what the Patch Remedy plugin is doing. So Im wondering if that part is handled (updating LUA, push resets etc) and now I can focus on grouping and intra-daily updates..

Share this post


Link to post
Share on other sites
Cubert, awesome plugin.

 

One problem I've noticed is the on/off switch for updating the WU agent. This worries me on servers. For workstations I'd say, go for it and update whatever you can. On servers I can't risk reboots or odd behaviour unless its planned. Maybe it could be divided?

 

I have a similar request! We have around 1000 agents and some of them are not on a managed contract. So we only care about certain machines however the plugin obviously looks at everything. Being able to configure the plugin to use a custom search or having some way to filter out machines that we don't want to "Patch Remedy" would be AWESOME.

Share this post


Link to post
Share on other sites
Anyone seen a list of which versions of WU should be installed on each version of windows?

 

This is the list I have myself, but its manually maintained and I'm not sure of the accuracy

 

Win XP - 7.6.7600.256

Win 2003 - 7.6.7600.256

Win Vista - 7.6.7600.256

Win 2008 - 7.6.7600.320 (not sure on this one)

Win 7 - 7.6.7601.19046

Win 2008 R2 - 7.6.7601.19016

Win 8 - 7.9.9600.18094

Win 8.1 - 7.9.9600.18094

win 2012 - 7.9.9200.17185

Win 2012 R2 - 7.9.9600.17489

Win 10 - 10.0.10240.16397

 

However I'm finding that win 7 running versions 7.6.7601.18917, 7.6.7601.18937, etc will not upgrade to 7.6.7601.19046 (KB3102810)

Same goes for 2008 R2 - KB3102810 should upgrade to 7.6.7601.19016 but I'm finding agents with 7.6.7601.18917 will not upgrade

There are plenty of other examples I've come across, so its a bit of a minefield.

 

Ian

 

I started checking from the bottom actually, and found that the version for 2012 R2 you gave is wrong, I got newer version 7.9.9600.18094

 

Any way I was checking this info and versions when i was creating script to check and update WUA on:

https://support.microsoft.com/en-gb/kb/3102810

https://support.microsoft.com/en-us/kb/3102812

Share this post


Link to post
Share on other sites
I would be great if Labtech could do all of this for us since one of the big selling points is patch management. Just saying :P

 

+1

 

 

Sent from my iPhone using Tapatalk

Share this post


Link to post
Share on other sites
I would be great if Labtech could do all of this for us since one of the big selling points is patch management. Just saying :P

 

+1

 

 

Sent from my iPhone using Tapatalk

Share this post


Link to post
Share on other sites

Wanted to post again saying how awesome everyone in this thread has been in sharing info. ESPECIALLY big props to bgags for getting this all started.

 

Now a question for bgags or others: How are you calculating your patch effectiveness across the board. I noticed bgags said this:

 

When it comes to numbers, my servers are 98.7% patched, my workstations 96.6%, and my laptops 89.9% (DAMMIT) for all agents that have checked in within the last 30 days. I think that's pretty good.

 

So how is/are he/you getting those percentage calculations? I'd love to quickly view that per client as well as for all clients on the whole. The only place I've found percentages for patching is inside of some reports and running reports is slow going!

Share this post


Link to post
Share on other sites
Wanted to post again saying how awesome everyone in this thread has been in sharing info. ESPECIALLY big props to bgags for getting this all started.

 

Now a question for bgags or others: How are you calculating your patch effectiveness across the board. I noticed bgags said this:

 

When it comes to numbers, my servers are 98.7% patched, my workstations 96.6%, and my laptops 89.9% (DAMMIT) for all agents that have checked in within the last 30 days. I think that's pretty good.

 

So how is/are he/you getting those percentage calculations? I'd love to quickly view that per client as well as for all clients on the whole. The only place I've found percentages for patching is inside of some reports and running reports is slow going!

 

I use CFAR at my office and created rules to try and narrow it down as an entire company. I do not have it branched out by device type however. I think I will be looking into that in CFAR as well. It is a very powerful tool for reporting in general.

Share this post


Link to post
Share on other sites

remi,

the above list is the version numbers of the installers which I can find, so thanks. I hadn't managed to find KB3102812, only 3102810. There are so many postings for older versions of WU updates and MS doesn't take down any of them, or mark them as obsolete. nor is there a master list of Kbs indicating the latest which should be installed for each platform.

To make matters worse, the same KB will sometimes install a slightly different version for x86 and x64 and it can also be different between, say, win 8 x64 and win2012 x64.... but the download is the same for each of the last... or at least is seems to be the same .msu.

 

My list is a work in progress and its a lot more up to date now, but I'm still working on it.

 

Whats really killing me at the moment is that I don't seem to be able to just install the latest agent on a particular version of windows. Some releases will just refuse to install over a slightly older installed version, despite the KB saying its specifically for that version of windows.

 

Totally inconsistent....

Share this post


Link to post
Share on other sites
So how is/are he/you getting those percentage calculations? I'd love to quickly view that per client as well as for all clients on the whole. The only place I've found percentages for patching is inside of some reports and running reports is slow going!

 

I'm really fortunate to have a partner in crime who not only handles our ConnectWise deployment, but also does a lot of our internal reporting. Over a period of a couple years, he's developed and added to an internal web portal we call CAMRA (stands for something, I don't know) that taps both CW and LT databases for a tech-friendly series of dashboards with commonly accessed information. He has also been collecting our patch efficacy information with my input. I'm telling you all this because I'm not using the LT mechanisms for generating our reports, though queries are certainly available.

 

Here's where I'd really love the thread's feedback on this.

 

We do a bunch of different reports.

 

The numbers are calculated against the membership of the "Under Patch Contract - Do Not Approve Patches Here" group, minus any agents that have the per-agent "Disable Automatic Patch Install" Ignite EDF checkbox checked. We also include the membership of an additional group pair for our homegrown BDR solution, which does a custom evening patch schedule due to the fact that they replicate overnight. This is our target pool.

 

One report we run takes all the systems missing any updates at one particular client, takes the "patch health" of each agent (number of missing patches versus total # of approved patches for that agent) as a percentage, and then averages all those percentages together. This helps us identify problem clients, where Wake-On-LAN may not work (suck it, Dell), caching isn't configured correctly, really crappy bandwidth, etc.

 

The percentage of missing patches to installed patches is useful for trending and troubleshooting, but not necessarily for overall health, especially as Windows 8 and 8.1 have far fewer updates available as a whole than Windows 7. So, 20 missing updates on a Windows 7 system is only missing 5% of its available patches (depending on if you count the Updates category), whereas it's more like 10% of Windows 8.1 patches.

 

Another report we run that we send to right the client is agents missing any patches versus those fully patched. We actually do a pie chart, where green = fully patched, yellow = 1-5 updates missing, orange = 5-10 updates missing, and red = 11+ missing. When I reported my overall patch efficacy, I run this report at the beginning of each month for all clients, and these are the numbers I get. In my initial post, when I mentioned my own numbers, they were for the previous month prior to the post, and the percentages were reflective of my systems that were fully patched versus the total number I'm delivering patches to. I guess my dirty little secret is that we do not patch all our LabTech agents, because we do have clients that prefer to manage their own patching. We... strongly advise against this. ;)

 

Obviously, you don't want to do your reporting the day after you approve your updates after Patch Tuesday. You'll see red! We've got it set up that automatic reports get generated and sent to any client who requests them; we run these on the 27th of every month.

 

Let me know if you'd like to see some SQL in here.

Share this post


Link to post
Share on other sites

BGags, Cubert, All!

 

I just thought I'd chime in here... As a very recent convert to Labtech (Not even implemented yet, we signed Sunday) I am absolutely blown away that you have a solution for this. We have been fighting the problems outlined herein on N-Able for at least the last year or more.

 

I am very excited at just the thought if being able to be rid of these headaches.

 

Well Done!

 

I'll be installing this promptly after our implementation is complete!

Share this post


Link to post
Share on other sites

I'm trying to play with cubert's plugin (thank you!) but I can't get it to turn on. I flip the switch and nothing happens. If I close the window and reopen, it's still turned off. Tried from a local client as well as on the LT server. I also let it sit for a minute with the switch flipped on.

 

Am I missing something stupidly obvious?

 

Thanks!

 

- Paul

Share this post


Link to post
Share on other sites

I'm just curious... While trouble shooting this in LT10 ...

Our templates were set to "Ask then Allow" in for Patching Reboot and Normal under Access in the template. I created a script that just ran the LT reboot command. In the script log , it showed that the user rejected even though this was a machine right next to me. So I changed the patch reboot mode to "now", updated configs on all agents. Next day our system went from 1300 machines missing 6+ patches to 556. A few days later and now I'm at 460 something. I just thought I'd share to care and also see if anyone else with LT10 100.36 had this issue.

Thx

Share this post


Link to post
Share on other sites
I'm trying to play with cubert's plugin (thank you!) but I can't get it to turn on. I flip the switch and nothing happens. If I close the window and reopen, it's still turned off. Tried from a local client as well as on the LT server. I also let it sit for a minute with the switch flipped on.

 

Am I missing something stupidly obvious?

 

Thanks!

 

- Paul

 

Turns out I was missing something stupidly obvious. I forgot to restart the db agent. All is well in the world now.

Share this post


Link to post
Share on other sites

@Ian

I'm Rami not Remi :)

 

I know Cuber's plugin and BGags's scripts may do all things that i'm attaching now, and more (unfortunately I haven't tried them yet). But anyways, I would like to share my simple script that I've created couple weeks ago for all who need these kind of scrips to simply silently download and apply KB3102810 and KB3102812

for 32 bit & 64 bit OS in order to upgrade the WUA as the following:

Windows 7 7.6.7601.19046

Windows 8.1 7.9.9600.18094

Windows SBS 7.6.7601.19046

Server 2008 R2 7.6.7601.19046

Server 2012 R2 7.6.7601.19046

Based on MS KB:

https://support.microsoft.com/en-gb/kb/3102810

https://support.microsoft.com/en-us/kb/3102812

 

Script Notes:

- I have LT 10 which detects Win10 agents as XP and Windows 8 Class, so you will see in my script 1-st step to detect Win10 using:

SELECT OS,computers.ComputerID FROM computers WHERE computers.OS LIKE 'Microsoft Windows 10%' AND (computers.ComputerID = '%ComputerId%')

 

- WUA supports Win 8.1 not Win 8, so you will see win 8.1 excluding in the next step in my script using:

SELECT OS, Computers.ComputerID FROM computers WHERE os NOT LIKE 'Microsoft Windows 8.1%' AND os LIKE 'Microsoft Windows 8%' AND (computers.ComputerID = '%ComputerId%')

 

- As we already know this update requires reboot, so the script will exit if it detects 1024 flag reboot needed. using:

SELECT (computers.flags & 1024) FROM computers WHERE computers.computerid=%computerid%

NOT = 1024

 

- After the script detects the OS Architectures and Version, it will download the WUA, then will install it using:

wusa.exe Windows-KBID.msu /quiet /norestart

for silent and norestart mode.

 

- If the newest WUA version is already installed there is a log message in scripts tab.

 

The script calls: "Check and Update WUA" , please find it attached.

Edited by Guest

Share this post


Link to post
Share on other sites

I uploaded it to free upload site because I think it is too big to be attached here (24 MB)

the download link is in attached txt file

 

Edit*: Sorry the link is expired, I re-uploaded it in next post.

Edited by Guest

Share this post


Link to post
Share on other sites
I'm sorry I uploaded it to free upload site because I think it is too big to be attached here (24 MB)

the download link is in attached txt file

 

Hi Rami, is it possible to re-upload this? I think the link's expired.

 

Thanks!

 

Also, is anyone interested in a script that pushes the update for Windows 7 32-bit machines that fixes the issue with "Out of Memory Errors"? I had to put one together because the LT KB's suggested method (https://docs.labtechsoftware.com/knowledgebase/article/10097) wasn't working.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×