Jump to content
Cubert

Patch Remedy Plugin for LabTech

Recommended Posts

Geeks,

 

Patching your Patch Engine,

Microsoft’s Windows Update Agent (WUA) is an agent program that works in conjunction with Windows Server Update Services to support automated patch delivery and installation. Labtech uses this agent to help determine what patches are needed by each Windows system and deploys them. Microsoft often updates the WUA which increases the detection of missing patches more current then the installed version of WUA. This can cause you to get a perception that your patching is up to date when in actuality your massively behind.

 

There is more to patching then just letting the approvals happen. Windows regularly updates the agent (engine) they use to manage and seek for patches. By making sure this agent stays up to date you are making sure your users PCs stay current with the latest in system and office patches.

 

We wanted to help the fellow LabTech geeks out there with a tool to help identify and rectify systems that are falling behind with the current WUA version. So we created Patch Remedy to assist LabTech MSPs with managing WUA. The tool is very simple to use and is mostly automated. Just turn on the master switch and wait for the data to start streaming in. We also added several manual tools inside the plugin that will allow for quick remediation of several common issues with WUA.

This plugin is based on this post - http://www.labtechgeek.com/forum/viewtopic.php?f=7&t=2123

https://www.plugins4labtech.com/products/patch-remedy

 

Overview1.thumb.png.377fbd313d1b1f033c20a5f2e2eb3d7c.png

 

 

Enjoy

 

Cubert :ugeek:

Edited by Cubert

Share this post


Link to post
Share on other sites

Hi Cubert - I have it installed and it looks like a great start. I am only getting a reading on the "Installs Today" gauge. The Systems Scanned is 0 - is there something I need to do to kick off the scan?

 

 

Thanks Terry

Share this post


Link to post
Share on other sites

Hi Cubert,

 

This looks great. Can't wait for the functionality to be added.

 

One thing - can you make the screen resizable? It doesn't all fit on my monitor...

 

Steve.

Share this post


Link to post
Share on other sites
Hi Cubert - I have it installed and it looks like a great start. I am only getting a reading on the "Installs Today" gauge. The Systems Scanned is 0 - is there something I need to do to kick off the scan?

 

 

Thanks Terry

 

The scanner piece runs ever 4 hours from 7 am to 7 pm (4 times a day) When you install it you will need to turn it on then allow it time to schedule the first scans. Could take several hours before showing up..

Share this post


Link to post
Share on other sites
Hi Cubert,

 

This looks great. Can't wait for the functionality to be added.

 

One thing - can you make the screen resizable? It doesn't all fit on my monitor...

 

Steve.

 

Hard to giveup all the real-estate I have on a 27" monitor at 1920X1080..

 

Let me see what I can do for ya.

Share this post


Link to post
Share on other sites

Hey Cubert,

 

Thanks for adding the window resizing. Can I also ask for a scroll bar so I can see all the pretty dials?

 

Please?

 

Steve.

Share this post


Link to post
Share on other sites
Hey Cubert,

 

Thanks for adding the window resizing. Can I also ask for a scroll bar so I can see all the pretty dials?

 

Please?

 

Steve.

 

Would it also be too much to ask for the ability to activate on a client and/or location basis?

Share this post


Link to post
Share on other sites

I turned auto update on. That was definitely a big mistake as it fired the windows update with a /forcereboot and hit a ton of machines during the day.

Share this post


Link to post
Share on other sites
Guest Aiydee

You and me both Vkent.

 

That was a pucker factor right there.

 

Have not been able to find where it does scheduling.

 

Cubert: Can you please put a time window in there? Until I can guarantee it's not going to mess with our customers during business hours, I've got to keep this turned off.

 

Dave

Share this post


Link to post
Share on other sites

I think we just need to make this change to the script.

 

wusa c:\windows\ltsvc\PatchRemedy\Windows6.1-KB3083324.msu /quiet /forcerestart to /noforcerestart. I have changed it but not enabled it again to update. I still have it scanning though.

Share this post


Link to post
Share on other sites

Hi Cubert,

 

On my install, gauges are all reading 0 which I know is not right. Earlier in the day (like first thing this morning) these gauges were showing 0 successful patch installs (incorrect), 13 systems missing critical patches (incorrect - should be much higher), and 15 systems missing 3+ critical patches (also should be a lot higher), and then reduced through the day.

 

I'm also not seeing systems listed that have had errors INSTALLING updates - only ones that have had errors scanning hotfixes.

 

Can the check for systems that need remediation also check in the h_commands table for Command = 100 and Output like '%error%" and include them? From fiddling a bit with SQLyog I've discovered this filter will pick up systems that have started to install patches which have returned an error message for whatever reason.

 

Looking forward to the next release!

 

Steve.

Share this post


Link to post
Share on other sites

http://www.squidworks.net/2015/11/patch-remedy-wua-manager-plugin-for-labtech/

 

Version 1.0.0.4 now available for download.. Has several new features including a new repair tool for WUA that does normal and aggressive repair based on Microsoft KB process. We updated several of the graphs and tables and added a level of permissions to the tool. You now need to be super admin or have the User Class "Patch Remedy" added to the user to access the management console.

 

We rearranged things to make it a bit more compact.

 

Overview1.png

Enjoy,

 

Cubert

Share this post


Link to post
Share on other sites

Hi Cubert,

 

Loving the latest changes to this plugin.

 

Couple of things I've noticed...

1. Plugin appears to be scanning ALL systems, not just those under MSP contract. Perhaps a toggle switch for all agents / patching agents?

2. Successful installs today = 0... I know this is incorrect

3. No systems being listed in the System Issues tab. (Thanks for adding my suggested search as well)

 

Steve.

Share this post


Link to post
Share on other sites

I love where this is headed!

Another idea for this plugin: allow us to force systems to use 'Microsoft update' so machines will get office, etc patches in addition to Windiws updates.

Share this post


Link to post
Share on other sites

Cubert,

 

I am getting >

Patch Remedy Maintenance Information 11/9/2015 2:07 PM Install Command result -> @RESULTS@

 

within the ELSE section of the script. it seems that you save the result to @RESULT@ and Log the @RESULTS@

 

to simplify it you could put the whole logging portion at the bottom, reducing the number of lines and keeping the overall result in one location.

 

:LOGGING - Label

LOG: Install Command result -> @RESULT@

 

 

Another issue that I see is that you have 2 Windows7 and 2 Windows 2008 labels, which confuses the script and causes the updateKB section to jump all the way down to the second section of updatecurrent rather than keeping it in the first of updatekb.

Share this post


Link to post
Share on other sites
I love where this is headed!

Another idea for this plugin: allow us to force systems to use 'Microsoft update' so machines will get office, etc patches in addition to Windiws updates.

 

You can run this Powershell command as part of your maintenance.... this sets the Update mode to "Windows and other products from Microsoft"

 

$ServiceManager = New-Object -ComObject "Microsoft.Update.ServiceManager"; $ServiceManager.ClientApplicationID = "My App"; $ServiceManager.AddService2( "7971f918-a847-4430-9279-4a52d1efe18d",7,"")

 

Steve.

Share this post


Link to post
Share on other sites

HI Cubert,

 

Great plugin as usual :)

 

would it be possible to add to the plugin a filter by client or Location .

 

it will be handy if you only support patching for specific Clients or you want to enable/disable for a specific location !!!

 

Thanks

Share this post


Link to post
Share on other sites
I love where this is headed!

Another idea for this plugin: allow us to force systems to use 'Microsoft update' so machines will get office, etc patches in addition to Windiws updates.

 

You can run this Powershell command as part of your maintenance.... this sets the Update mode to "Windows and other products from Microsoft"

 

$ServiceManager = New-Object -ComObject "Microsoft.Update.ServiceManager"; $ServiceManager.ClientApplicationID = "My App"; $ServiceManager.AddService2( "7971f918-a847-4430-9279-4a52d1efe18d",7,"")

 

Steve.

 

Steve, how would we go about running a powershell script of this nature in LabTech for those of us who are not familiar with scripting in that manner?

Share this post


Link to post
Share on other sites
HI Cubert,

 

Great plugin as usual :)

 

would it be possible to add to the plugin a filter by client or Location .

 

it will be handy if you only support patching for specific Clients or you want to enable/disable for a specific location !!!

 

Thanks

 

+1 for this suggestion

Share this post


Link to post
Share on other sites

Great plugin & amazing effort of some awesome minds.

 

One question on the plugin v 1.0.0.4 - We are seeing successful installs today as 0. The plugin has been running a few days & definately some patching is taking place. Any suggestions on where to look to get this aspect going.

 

Also, just curious what days / times most people are using for their patch & reboot windows? just the standard ignite 2hour patch / 3hour reboot?

Share this post


Link to post
Share on other sites
I love where this is headed!

Another idea for this plugin: allow us to force systems to use 'Microsoft update' so machines will get office, etc patches in addition to Windiws updates.

 

You can run this Powershell command as part of your maintenance.... this sets the Update mode to "Windows and other products from Microsoft"

 

$ServiceManager = New-Object -ComObject "Microsoft.Update.ServiceManager"; $ServiceManager.ClientApplicationID = "My App"; $ServiceManager.AddService2( "7971f918-a847-4430-9279-4a52d1efe18d",7,"")

 

Steve.

 

Steve, how would we go about running a powershell script of this nature in LabTech for those of us who are not familiar with scripting in that manner?

 

WJPTech,

 

How about I just post the script...

 

Set WUA to update other products from MS.zip

Share this post


Link to post
Share on other sites

Any idea if this works on 10.5? I'm getting "There was an error uploading the new plugin" and just wondering if it is because of 10.5 or otherwise.

 

Thanks!

 

Never mind. Something on my end. It worked installing from the server.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×