Installing Windows Updates for Windows Embedded POSReady 2009 machines
The Situation:
I was recently put in charge of managing a few hundred POSReady machines that haven't recieved any windows updates in ~12 months. All the machines I've been put in charge of were built using a base image that has Automatic Updates turned off.
Figuring out how to use KACE to find and install all critical windows updates (so far, on my own) has been rather difficult. I'm very tempted to write a batch file that the KACE agent can run to install all the updates for me. But my manager (and me too) would really like to be able to use KACE to install the last year's worth of windows updates.
Here is a quick little flow chart of what I'd like KACE to do:
Find out what updates are needed for the OS > download the updates > check to make sure that all the updates were successfully downloaded > install the updates /q /norestart > reboot the machine > check to make sure the updates were successfully installed
The Question:
I don't know where to start this task. I've been using KACE for ~1 month now to deploy our product and update it, but for some reason getting KACE to install windows updates is proving itself really really difficult. How does one go about installing windows updates using KACE?
Thank you for any support you have or advice from your own experiance doing this.
-Jobla
Answers (3)
You have 2 problems.
1. The agent isn't supported on any embedded OS currently.
2. Patching is not supported on any embedded OS.
If you can get the agent to work properly on that OS, you can download the .msu files for updates and deploy them through wusa.exe through the KBOX using a script: http://support.microsoft.com/kb/934307
You might also be able to patch through the KBOX, but that would involve creating a machine label for the embedded OS. There wouldn't be any specific embedded patches, but any general Windows patches should be able to be deployed. You would have to test them out in your environment before deploying however.
Comments:
-
Those seem like pretty serious problems that I might need to bring up some time in the near future heh. We can get the agent to work properly on the OS, Windows POSReady 2009 is basically a slightly trimmed down and less rescource intensive Windows XP, at least that's how it has been explained to me and based on my research that's basically correct. here's a cool pdf with the main differences laid out if you are curious:
http://go.microsoft.com/fwlink/?LinkId=159099
it sounds like the only route to go when it comes to the Embedded specific patches is scripting.
So how about the general windows patches? the majority of the updates for the machines are general windows updates for XP... I can pretty easily create a machine label for the embedded OS but once I've done that where do I start to install the Windows updates? - jobla 12 years ago -
these may just be VAR pc's, with software on top, when I support the POS for the Reno Air Race we used old PC's with citrix tin client to run intenet based POS, they never patched the machines even thought they have os's like 2000, xp and vista on them. Our local super market uses a windows 7 POS and they patch it with Kace. - SMal.tmcc 12 years ago
-
Not sure what a VAR PC's are. The machines I'm managing are all built by us, they are made to run digital signage and nothing else. But they are still computers that are connected to the internet and so we want to make sure they have the security updates they need to stay safe.
What is a VAR pc? Our POS Ready machines do have a basically fully functional copy of windows on them, they just can't run Office and are less rescource intensive. - jobla 12 years ago -
Value added reseller - SMal.tmcc 12 years ago
-
Ahh, alright. I don't think that our machines are VAR PCs
It looks like I need to go into security > Detect what critical and/or security patches are needed > Deploy the patches > reboot the targeted machines.
Is that basically accurate? My biggest concern is that the KACE agent will not know that we are running POS Ready machines and will think that they are Windows XP Proffessional instead... Is that a likely thing to happen? - jobla 12 years ago-
Detect/Deploy probably won't work because the KBOX won't recognize the OS.
You would need to test it, but you would need a label to identify the Embedded OS machines. From there, you would need to manually identify/test which patches are needed and then available to deploy out of the KBOX.
From there, you would create a label for the patches that you want to deploy to the machine label you created earlier. Any missing patches that are needed would have to be deployed manually from a MI/script. - jknox 12 years ago -
it sounds like you have the client on these. look at one of the machines on the k1000 under Operating Sytem, what does it think it is, that is the os version it will get patches for. - SMal.tmcc 12 years ago
-
I should clarify: The KBOX will probably recognize the operating system, but patching is not supported in an embedded OS as the patches are not available in the patch feed. - jknox 12 years ago
you can detect and apply the windows updates via patching
http://www.kace.com/~/media/Files/Support/Documentation/K1000-Patching-Guide-v53.ashx
Jobla,
Is this still an issue? r2
Ron Colson
KACE Koach
Comments:
-
It's been a couple of months, I had another project I had to work on but I'm back to KACE and I'm looking again for a way to Patch POSReady 2009 machines.
I'm looking right now for a way to use Windows updater to detect available patches for the POSReady OS. I was thinking maybe I could run windows update on a local machine identical to the POSReady ones I have out in the field.
Once I have all the updates I was thinking I could download each individual update package and use File Synchronization to place the packages on all my computers. Then, I was thinking I could write a custom script that installs all those packages.
-Josiah - jobla 11 years ago -
Has any progress been made on this? We have windows POS Ready 7 and can't patch as it shows the OS is unsupported. It is basically a stripped down version of Windows 7 - nhidalgo 11 years ago
-
Just got an email about someone commenting on my post :)
This is still an issue for us, it is really unfortunate that Dell continues to not support Microsoft Embedded OS's on the K1000. Considering that embedded devices are usually the devices that really need a systems management appliance like KACE I would say that their (Dell's) continued lack of support is in direct opposition to where the market is heading. I don't see that fairing well for anyone.
To keep our POSReady 7 devices up to date what I do is the following:
1. Using an image that is representative of the population of POSReady 7 systems I run windows update and get a list of all the required patches.
2. I grab the msp's for the patches that I want
3. Throw the msp's up in our cloud service
4. Deploy the msp's to all of our systems using file sync/alternate location.
5. Install the updates using a script
Dell should really fix this though, it's embarrassing. I should be able to patch my systems (embedded or not) how I want to patch them, when I want to patch them. That means that I should be able to use ANY cloud service (*any of them, not just azure*) as a replication share, I should be able to use the patch detect on any Microsoft OS, and I should be able to get support for those from Dell on demand.
It is unbelievable to me that we are currently in 2013 and Dell still doesn't make an effort to keep up with technology despite their size and talent.
Sorry /rant :) - jobla 11 years ago
-
Agreed. We have just started rolling out POS ready 7 on a new platform and cannot patch. I would think standard app patches would still apply, but neither do. It's odd as we have some Windows POS Ready 2009 machines and they detect as windows xp sp3 and patch just fine. I wonder if there is a way to over ride the detection and make it think they are windows 7 standard an allow patching. - nhidalgo 11 years ago
-
it's wmic, you might be able to but msft is releasing separate patches for posready 7/windows embedded 7 :( so basically even if you did get kace to think it was Windows 7 you would then be downloading the wrong patches. wusa on POSReady 09 will detect windows xp patches so I feel ok with using the xp patch list from kace... but i am extremely skeptical for win7. - jobla 11 years ago
-
I don't suppose you are with NCR or use their solutions? - jobla 11 years ago
-
Not with NCR, but using new NCR 7606-1507-8801 - nhidalgo 11 years ago
-
You should do the same thing I am doing. I recommend Windows Azure to deploy the updates (http://www.windowsazure.com/en-us/), if you need more assistance with endpoint management you might try contacting your NCR rep. I recommend getting windows azure because I've heard that you can use the replication share features with it which could be useful for you. - jobla 11 years ago