Posts

Windows Update Task Sequence (Patching) – SCCM 2012 R2

With monthly server patching, the process is currently manual due to the number of clusters and very application specific servers that is patched – including an issue with failed updates caused by Trend Officescan – and an issue that has been done manually for months.

It was time to automate this process – and without Orchestrator or SMA I had to use what I already had – a SCCM 2012 R2 Infrastructure, and the use of the Task Sequence and PowerShell.

WinUpdate TS TS (Patching)

The Windows Update Task Sequence process goes like this (updates are deployed to the servers as Available): Disables Trend OfficeScan Start-up type to: Disabled, run a Scheduled Task on the server (this could be emailing a business user notifying their server is going down for patching or shutting down an application – this is intended to be Server SPECIFIC so the task sequence doesn’t need to be modified for every new server getting patched), Restart the computer (this is done to make sure OfficeScan is not running and make sure the server is in a clean state for patching), and begin the patching process (see more information on the steps below).

Task Sequence Patching Steps are as follows:

Disable – Trend Office scan Services

This calls a PowerShell script which changes the Startup Type of: Office Scan NT Real-time Scan and Office Scan NT Listener services to Disable. This is changed to prevent the Trend Antivirus solution from interfering with the download and installation of Software Updates. Note: Some servers encountered issues stopping the Trend service, the restart step after this stops the Trend service from starting

Run SCHTask

This step starts a Scheduled Task “PreShutdown” that has been setup on the deployed server. This scheduled task allows for server based automation (application shutdown, business communication etc) and is specific to the server. This is a Command Line Step.

Restart Computer

This step counts down for 60 seconds and notifies the user “This server is undergoing Windows patching. Please save your work and log off” before then Restarting the computer

Scan for Updates |

This step does a WMI call to do a Software Update re-evaluation to determine if there are any new Windows Updates that are required by the system

Wait for the Scan to Finish |

This step is a PowerShell command to sleep the system for 30 seconds. This step is set to allow the Software Update re-evaluation cycle from the previous step to complete

Install Software Updates

Installs all required and available Windows Updates on the Windows server

Restart Computer

This step Restarts the computer after the first batch of patches have been installed

Scan for Updates ||

This step does a WMI call to do a Software Update re-evaluation to determine if there are any new Windows Updates that are required by the system

Wait for the Scan to Finish ||

This step is a PowerShell command to sleep the system for 30 seconds. This step is set to allow the Software Update re-evaluation cycle from the previous step to complete

Install Software Updates

Installs all required and available Windows Updates on the Windows server

Restart Computer

This step Restarts the computer after the first batch of patches have been installed

Scan for Updates |||

This step does a WMI call to do a Software Update re-evaluation to determine if there are any new Windows Updates that are required by the system

Wait for the Scan to Finish |||

This step is a PowerShell command to sleep the system for 30 seconds. This step is set to allow the Software Update re-evaluation cycle from the previous step to complete

Install Software Updates

Installs all required and available Windows Updates on the Windows server

Restart Computer

This step Restarts the computer after the first batch of patches have been installed

Scan for Updates |V

This step does a WMI call to do a Software Update re-evaluation to determine if there are any new Windows Updates that are required by the system

Wait for the Scan to Finish |V

This step is a PowerShell command to sleep the system for 30 seconds. This step is set to allow the Software Update re-evaluation cycle from the previous step to complete

Install Software Updates

Installs all required and available Windows Updates on the Windows server

Restart Computer

This step Restarts the computer after the first batch of patches have been installed

Software Update Deployment Re-Eval

This step forces the SCCM agent to “check in” and run a Compliance check on the Software Update deployment allowing for SCCM have accurate Compliance data at the end of the Task Sequence

Enable – Trend Office scan Services

This calls a PowerShell script which changes the Startup Type of: Office Scan NT Real-time Scan and Office Scan NT Listener services to Enable. This PowerShell script also Starts the services.

A couple of useful DISM commands for WIM management for the IT Pro

As part of being an IT Engineer at my place of employment – I work with operating system deployment and management – part of this is using the Windows DISM toolset for adding packages or drivers directly into a Windows OS WIM or boot WIM.

Here are a few useful DISM commands I have gathered and use on a monthly basis with WIM management and updates.

Read more

Windows Vista continuous restarts installing updates

One of the common causes of Windows Vista problems is due to Windows Updates; especially when it forces the computer to continuously restart follow the prompts below to repair.

  1. First off, you need a Windows Vista DVD or related CD/DVD you can access the files on the Windows installed partition.
  2. Using the Windows Vista DVD as an example you need to Boot from the DVD
  3. Once the Windows Vista DVD displays the first dialog Window giving you the options to install click Repair My Computer (below the Install).
  4. Select the Windows Vista installation you would like to edit (you would usually only have one).
  5. You should now have the Windows System Recovery dialog window, click Command Prompt.
  6. Once you are greeted with a blinking cursor type: del c:WindowsSoftwareDistribution > Press Enter
  7. This will delete the folder that contains all the temp files for Windows Updates (it will regenerate itself, so safe to delete).
  8. Now typecd Windows
  9. Typecd winsxs
  10. Typedel pending.xml > Press Enter
  11. Now restart your computer, it should now load Windows properly.

Error 80072F8F when trying to update Windows Vista/Windows 7 using Windows Updates

Getting the annoying 80072F8F error? When all  you want to do is download & install the latest Windows Updates? Luckily for you the fix is simple. Make sure the Time & Date is correct.

  1. Click Start
  2. Click Control Panel
  3. Click Time & Date
  4. Adjust Time & Date, you can also set the computer to download the latest Time/Date from Microsoft servers.
  5. Restart & run Windows Update.

Another issue is the Windows root certificate, which you need to update. If you have made sure both your time and date are correct, then try downloading:

https://www.microsoft.com/download/en/details.aspx?displaylang=en&id=5397