/build/static/layout/Breadcrumb_cap_w.png

Patching a new PC

I'm using a K2000 to build a simple Windows 7 scripted installation. The result is a completely unpatched copy of Windows 7. I now want my K1000 to fully patch the PC. I created a basic Detect and Deploy patch schedule to push all the patches available. I realize there are a lot of patches to install, but it seems to be taking FOREVER (I'm a couple of hours in). A forced inventory update seems to be completely locked up. If any of the patches force a reboot, will the patching automatically start up again after the reboot?

Are there any best practices for fully patching a new PC?

I'm tempted to manually run Windows Update to push most of the updates and let KACE take over from there, but I'd love for KACE to do all the work automatically.

Thanks,
Ben

0 Comments   [ + ] Show comments

Answers (10)

Posted by: kbnetadmin 13 years ago
Orange Belt
0
I have expierenced the same issue where I want it to handle all of it. But it does take it awhile and I wish there was a way to speed it up.
Posted by: nshah 13 years ago
Red Belt
0
Hi,

If you do a force reboot then yes the patching will continue forward on a detect and deploy system. If you do a no reboot you may be able to speed things up as they will all finish and then at the end you will have to do a reboot manually. As it is patching the forced inventory is locked up, that is normal function or from what we have seen.

another option you have is of course after patching it, it to capture it as your baseline image and move from there.
Posted by: cblake 13 years ago
Red Belt
0
I'd also set up the latest service pack as a post-install task on K2 as that would significantly lower the amount of work the K1 is being asked to do.
Posted by: benmills 13 years ago
Senior Yellow Belt
0
So here's a status update. The patching seemed to get completely stuck (it ran for over 4 hours) and I couldn't figure out if it was running in the background. I shut the PC down and Windows Update indicated it was about to install 105 updates. Now that's stuck.

cblake, installing SP1 in advance is a good idea, but it seems to be tough to run Windows 7 post installation tasks that require a reboot as the following post installation tasks won't continue to run.

I was expecting to be able to use the K1000 to patch a new PC and reboot as necessary until the machine is up to date. I would have guessed that it would take no longer than an hour to fully patch a PC.
Posted by: benmills 13 years ago
Senior Yellow Belt
0
I went ahead and ran Windows Update and now the PC isn't updating inventory in the K1000. I reinstalled the agent, but it makes no difference. Anyone know how I can get a PC out of the "Agent has been asked for updated inventory information. To refresh this page press [here]." state?
Posted by: dogfish182 13 years ago
Orange Belt
0
ORIGINAL: benmills

So here's a status update. The patching seemed to get completely stuck (it ran for over 4 hours) and I couldn't figure out if it was running in the background. I shut the PC down and Windows Update indicated it was about to install 105 updates. Now that's stuck.

cblake, installing SP1 in advance is a good idea, but it seems to be tough to run Windows 7 post installation tasks that require a reboot as the following post installation tasks won't continue to run.

I was expecting to be able to use the K1000 to patch a new PC and reboot as necessary until the machine is up to date. I would have guessed that it would take no longer than an hour to fully patch a PC.


try using 'run once' reg keys. Here is my reg key for domain join. after I join domain I want it to run a clean up batch file

powershell c:\source\joindomain.ps1
powershell Set-Executionpolicy restricted -force
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v V1 /t REG_SZ /d "CMD /C \"c:\source\checkinandcleanup.bat""
netsh advfirewall set domainprofile state off
shutdown -r -t 1

this is only the second part of the process, but this will occur after a reboot once the machine has its name changed. That batch file will call this one with a run once.

if I place a run once in the 'checkinandcleanup.bat' then I could keep doing this forever pretty much. The runonce key is deleted after it's run by windows.

As for the patching, I'm keeping our existing windows updates infrastructure for that, it's tested/working and not getting rid of it (sorry that probably doesn't help you with your issue).
Posted by: benmills 13 years ago
Senior Yellow Belt
0
ANOTHER UPDATE: I changed my scripted installation on my K2000 to include SP1. This does significantly reduce the number of patches, but there are still a lot of patches left to install. I tried to push through all the patches and just let it run overnight. It installed a lot of the patches, but I think the PC went in to sleep mode and the status of the patching run says "cancelled".

I have to say that I'm really confused. I would have thought that fully patching a new PC would be a common use case.

My next thought is to have a custom asset field called "last installation date" and a smart "New PC" label built around it that schedules nightly patch runs for a week. I'd really prefer to fully patch the PC before deploying, but maybe this is the best I can do.
Posted by: dchristian 13 years ago
Red Belt
0
benmills,

What i do is install win 7 on a machine and apply all the updates.

From there sysprep and create a wim file.

Rename the wim as install.wim and upload it to the k2.

Now you can use that FULL PATCHED source CD for all your scripted installs.

When the number of updated patches takes a while to install repeat the process.
Posted by: benmills 13 years ago
Senior Yellow Belt
0
I can see it would work, but I don't think that's an option for me dchristian.

I use the Dell OEM DVD for a scripted installation. The Dell OEM installation is pre-activated for Dell PCs, but I think as soon as you sysprep the image, then you lose the pre-activation.

Maybe we have to suck it up and buy volume licenses of Windows 7, but it's a tough sell when all out PCs already have a valid Windows 7 license.

Ben
Posted by: dchristian 13 years ago
Red Belt
0
I think this would still work, just place install.wim back in the OEM CD.

You may need to use the OEM key from the factory but you should be ok.
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ