I'm using a K2000 to build a simple Windows 7 scripted installation. The result is a completely unpatched copy of Windows 7. I now want my K1000 to fully patch the PC. I created a basic Detect and Deploy patch schedule to push all the patches available. I realize there are a lot of patches to install, but it seems to be taking FOREVER (I'm a couple of hours in). A forced inventory update seems to be completely locked up. If any of the patches force a reboot, will the patching automatically start up again after the reboot?

Are there any best practices for fully patching a new PC?

I'm tempted to manually run Windows Update to push most of the updates and let KACE take over from there, but I'd love for KACE to do all the work automatically.

Thanks,
Ben
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
I have expierenced the same issue where I want it to handle all of it. But it does take it awhile and I wish there was a way to speed it up.
Answered 09/23/2011 by: kbnetadmin
Orange Belt

Please log in to comment
0
Hi,

If you do a force reboot then yes the patching will continue forward on a detect and deploy system. If you do a no reboot you may be able to speed things up as they will all finish and then at the end you will have to do a reboot manually. As it is patching the forced inventory is locked up, that is normal function or from what we have seen.

another option you have is of course after patching it, it to capture it as your baseline image and move from there.
Answered 09/23/2011 by: nshah
Red Belt

Please log in to comment
0
I'd also set up the latest service pack as a post-install task on K2 as that would significantly lower the amount of work the K1 is being asked to do.
Answered 09/25/2011 by: cblake
Red Belt

Please log in to comment
0
So here's a status update. The patching seemed to get completely stuck (it ran for over 4 hours) and I couldn't figure out if it was running in the background. I shut the PC down and Windows Update indicated it was about to install 105 updates. Now that's stuck.

cblake, installing SP1 in advance is a good idea, but it seems to be tough to run Windows 7 post installation tasks that require a reboot as the following post installation tasks won't continue to run.

I was expecting to be able to use the K1000 to patch a new PC and reboot as necessary until the machine is up to date. I would have guessed that it would take no longer than an hour to fully patch a PC.
Answered 09/26/2011 by: benmills
Senior Yellow Belt

Please log in to comment
0
I went ahead and ran Windows Update and now the PC isn't updating inventory in the K1000. I reinstalled the agent, but it makes no difference. Anyone know how I can get a PC out of the "Agent has been asked for updated inventory information. To refresh this page press [here]." state?
Answered 09/26/2011 by: benmills
Senior Yellow Belt

Please log in to comment
0
ORIGINAL: benmills

So here's a status update. The patching seemed to get completely stuck (it ran for over 4 hours) and I couldn't figure out if it was running in the background. I shut the PC down and Windows Update indicated it was about to install 105 updates. Now that's stuck.

cblake, installing SP1 in advance is a good idea, but it seems to be tough to run Windows 7 post installation tasks that require a reboot as the following post installation tasks won't continue to run.

I was expecting to be able to use the K1000 to patch a new PC and reboot as necessary until the machine is up to date. I would have guessed that it would take no longer than an hour to fully patch a PC.


try using 'run once' reg keys. Here is my reg key for domain join. after I join domain I want it to run a clean up batch file

powershell c:\source\joindomain.ps1
powershell Set-Executionpolicy restricted -force
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v V1 /t REG_SZ /d "CMD /C \"c:\source\checkinandcleanup.bat""
netsh advfirewall set domainprofile state off
shutdown -r -t 1

this is only the second part of the process, but this will occur after a reboot once the machine has its name changed. That batch file will call this one with a run once.

if I place a run once in the 'checkinandcleanup.bat' then I could keep doing this forever pretty much. The runonce key is deleted after it's run by windows.

As for the patching, I'm keeping our existing windows updates infrastructure for that, it's tested/working and not getting rid of it (sorry that probably doesn't help you with your issue).
Answered 09/28/2011 by: dogfish182
Orange Belt

Please log in to comment
0
ANOTHER UPDATE: I changed my scripted installation on my K2000 to include SP1. This does significantly reduce the number of patches, but there are still a lot of patches left to install. I tried to push through all the patches and just let it run overnight. It installed a lot of the patches, but I think the PC went in to sleep mode and the status of the patching run says "cancelled".

I have to say that I'm really confused. I would have thought that fully patching a new PC would be a common use case.

My next thought is to have a custom asset field called "last installation date" and a smart "New PC" label built around it that schedules nightly patch runs for a week. I'd really prefer to fully patch the PC before deploying, but maybe this is the best I can do.
Answered 10/03/2011 by: benmills
Senior Yellow Belt

Please log in to comment
0
benmills,

What i do is install win 7 on a machine and apply all the updates.

From there sysprep and create a wim file.

Rename the wim as install.wim and upload it to the k2.

Now you can use that FULL PATCHED source CD for all your scripted installs.

When the number of updated patches takes a while to install repeat the process.
Answered 10/05/2011 by: dchristian
Red Belt

Please log in to comment
0
I can see it would work, but I don't think that's an option for me dchristian.

I use the Dell OEM DVD for a scripted installation. The Dell OEM installation is pre-activated for Dell PCs, but I think as soon as you sysprep the image, then you lose the pre-activation.

Maybe we have to suck it up and buy volume licenses of Windows 7, but it's a tough sell when all out PCs already have a valid Windows 7 license.

Ben
Answered 10/05/2011 by: benmills
Senior Yellow Belt

Please log in to comment
0
I think this would still work, just place install.wim back in the OEM CD.

You may need to use the OEM key from the factory but you should be ok.
Answered 10/05/2011 by: dchristian
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity