Patch Management

Simon · October 26, 2020, 4:18pm

Has anyone got anything they use with Simple help to provide some kind of patch management. mainly for Windows.? If not with SH what other apps are you using?

Anthony · October 27, 2020, 3:47pm

For 3rd party applications I use Chocolatey and very rarely have issues.

For Windows patching I’m testing abc-update (https://abc-deploy.com/abc-update/) but like I say I haven’t yet deployed it.

I believe there are a few Windows Update tooboxes posted on this forum, so maybe worth checking out. It’s also been suggested for patch management to be added to SH, and I hope one day it will. It’s not the patch deployment that’s tricky, but the reporting that would be a real time-saver.

Jayjayuk · February 22, 2021, 11:19pm

Just wanted to add, I have been using the command line version of ABC-Update.

Today I added the commands for it to email me the result of each computer and automated it with toolbox. All I can say is, WOW!!! It works really well and you get a great little email at the end.

realmx2 · March 3, 2021, 7:36pm

Are you doing it through chocolatey, or pushing as a resource every run? Do you find that you need to enable .net2/3 first? Once you get things dialed in feel free to share your toolbox here for others.

Jayjayuk · March 3, 2021, 8:04pm

Well.

I install Choco + the apps clients use + .net3.5 via choco.

Then I run ABC-Update every week automatically via toolbox and alerts.

Stephen_Foord · March 9, 2021, 9:10pm

I have only been using simplehelp for a few months now. Choco for installing client apps in windows, ABC-Update for updating. I have sort out a XOS update script, but still trying to sort out homebrew for client app installs, but script not running as root user.

I’m still looking for a ticketing system, looking at osticket, but can’t close a ticket by email as I would really like to log stuff, i.e email at start of ABC-Update to create a ticket then email at end of script that closed the ticket. Anybody can suggested ticketing system that could do that?

Steven · March 29, 2021, 10:25pm

I believe Spiceworks Helpdesk can do that for you. I’ve not used it in a few years so can’t say with certainty that functionality still exists, but would assume it does. In addition to the helpdesk, Spiceworks Community is a great IT resource.

Jason_Passow · March 30, 2021, 2:08pm

We use Request Tracker and manage tickets almost exclusively with email. https://bestpractical.com/request-tracker

Rob_Nicholson · March 30, 2021, 10:37pm

I still use Spiceworks for my helpdesk - there is only me. Never bothered with the device management side. Sadly development of Spiceworks has hit a bit of a hiatus. They’ve been working on a new web version for years but it’s not feature rich yet.

Drew_Helgeson · April 3, 2021, 10:21pm

Does Request Tracker put an icon by the clock so they can click on it and open a ticket? And it auto-populates the machine info? I’m using osTicket and my users hate opening tickets because it’s too many clicks and you have to login, then they don’t provide the machine info. I’m thinking of switching to Syncromsp for all of my machine management, but it’s $1,200/yr per tech.

Jason_Passow · April 5, 2021, 1:55pm

I don’t personally use it that way. I know there is a REST api where you could likely accomplish that. Our users just literally send an email with their issue. Depending on your email program you could potentially create a macro to start a new email with the required info. Or even a simple mailTo program with prefilled info.

Ryan_C_Smith · April 23, 2021, 3:44am

Can I get the command line you use? When I run it on my test computer it never seems to finish.

What email do you send?

Thanks!

Jason_Passow · April 26, 2021, 6:10pm

Were you asking what mail command to use? If so something like the following:

start “” "mailto:requesttracker@YOURDOMAIN.com?subject=computer:%computername%&body=%computername% is broken and needs fixing%0D%0A%0D%0ARegards,%0D%0A%0D%0A%username% "

I am not sure what computer info you want transmit but you could easily create a windows shortcut on the desktop that runs this if you leave off the start and “” at the beginning.

Jayjayuk · May 11, 2021, 6:56am

Here is one of our ABC-Update scripts with email reports.

ABC Update - List and install all missing Security Updates from WSUS with reboot.

You can modify it for other required options from ABC-Update

ABC-Update.exe /S:WSUS /A:Install /R:3 /C:SecurityUpdates /Q: IsInstalled=0 AND isAssigned=1 /Log:C:\Support\ABC-Update.Log /MailTo:you@yourdomain.com /MailFrom:abcupdate@yourdomain.com /MailServ:mail.yourdomian.com:25 /MailUser:abcupdate@yourdomain.com /MailPwd:Passwordhere

Roy_Williams · May 28, 2021, 5:28pm

I use the PSWindowsUpdate module, to update via the tool box.
You can use “Install-Module PSWindowsUpdate” to actually install it.

You can use this command to get applicable updates:
Get-WUList -MicrosoftUpdate

You can use this command to apply the updates:
Get-WUInstall -AcceptAll -Install -MicrosoftUpdate -IgnoreReboot

You’ll probably want to schedule a reboot with Task Scheduler.
It works extremely well, there is more information on: http://woshub.com/pswindowsupdate-module/

Alternatively you can use “Get-Command -Module PSWindowsUpdate” within Powershell, then use:
Get-Help <Get-WUInstall, etc.>

It has a suite of functions that help with scheduling as well, also determining if you need to reboot the system with Get-WURebootStatus

Roy_Williams · December 15, 2021, 9:44am

I’m going to add a script for folks to use PSWindowsUpdate more effectively.

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process -Confirm:$False -Force
If(-not(Get-InstalledModule PSWindowsUpdate -ErrorAction SilentlyContinue)){
    Install-PackageProvider NuGet -Confirm:$false -Force
    Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted
    Install-Module PSWindowsUpdate -Confirm:$False -Force
}
Import-Module PSWindowsUpdate

Get-WUInstall -Install -AcceptAll -AutoReboot -MicrosoftUpdate

This script for the toolbox detects if PSWindowsUpdate module is installed, and handles the install of the PowerShell module, then installs all the updates. This is just an example, please modify this to your needs. I have a few variations of this with more complex logic to deal with bad updates.

Simon · December 15, 2021, 10:17am

Hi Roy,

Sorry im terrible with scripting. What would need changed to prompt for a restart rather than autoreboot? Also, will this script run without displaying anything to the end user? Will it also install build updates or just normal windows updates?

Roy_Williams · January 20, 2022, 10:56pm

Simon,

Sorry for the delayed response, I have mine set to do a monthly digest when it notifies me.

You would change “-AutoReboot” to “-IgnoreReboot”

That has the net effect of ignoring the reboot request, and not asking you because this power shell module will ask questions if you are not explicitly providing inputs at the command line.

Roy

Mark_Andrews · February 19, 2022, 10:25am

How are you getting on ? Do you still use ABC ?

Does it stop auto updates so that they can only update when I want them to? Even if the user clicks 'check for updates in Windows settings ?

Thanks.

Mike_Tills · February 19, 2022, 2:55pm

Following this. I really do not want to go full RMM and would love to use this functionality. By the way does anyone else use SH (perhaps for the remote access component) AND an RMM for everything else?