BigFix WIndows Software Distribution Wizard

I am trying to setup a push of a DFSR hotfix from Microsoft. This is my action script:

prefetch 728b37b66626ce5031dee8700fb644402c8d5737 sha1:728b37b66626ce5031dee8700fb644402c8d5737 size:407196 http://BDOWSPBGFX:52311/Uploads/728b37b66626ce5031dee8700fb644402c8d5737/Windows8.1-KB3046481-x64.msu.tmp sha256:dc5ed549442076b39837006e078dc54117f1b98ef712e1dd65441f9732382444
extract 728b37b66626ce5031dee8700fb644402c8d5737
delete c:\temp\Windows8.1-KB3046481-x64.msu
move __Download\Windows8.1-KB3046481-x64.msu C:\temp\Windows8.1-KB3046481-x64.msu
waithidden wusa.exe c:\temp\Windows8.1-KB3046481-x64.msu /quite /norestart

The script copyies the file perfectly but the installation is stuck at running and never really completes. Is there something that I am missing in this script.

Hello,

Is there a reason you need to copy it to temp?

It also looks like you’re using /quite instead of /quiet for the command line:

Give this a shot:

prefetch 728b37b66626ce5031dee8700fb644402c8d5737 sha1:728b37b66626ce5031dee8700fb644402c8d5737 size:407196 http://BDOWSPBGFX:52311/Uploads/728b37b66626ce5031dee8700fb644402c8d5737/Windows8.1-KB3046481-x64.msu.tmp sha256:dc5ed549442076b39837006e078dc54117f1b98ef712e1dd65441f9732382444
extract 728b37b66626ce5031dee8700fb644402c8d5737
waithidden wusa.exe "__Download\Windows8.1-KB3046481-x64.msu" /quiet /norestart
1 Like

Fat fingers :(. i have this issue alot

Ok, it states that it completed but I do not see it in the “Installed Updates”. I would assume that it would show up there even though the reboot has not occurred. The reboot will happen the next day when production patching takes place this is why I did not have the patch restart the server.

if it runs through it will always say complete because you’re using a task – it doesn’t check the relevance after execution it just sees if it made it through all of the lines of the action.

Can you confirm the patch installs correctly on a normal system?

You could also try the full path to the msu like this (i have no idea if this matters):

waithidden "{pathname of system folder & "\wusa.exe"}" "{pathname of client folder of current site & "\__Download\Windows8.1-KB3046481-x64.msu"}" /quiet /norestart

I executed the hotfix via command line and it indicates that it is already installed. I went and looked at the installed updates and it is in there but no date so this is how I missed. In BigFix it still indicates that it is need and I am sure it is because I do not have anything in the script to check to see if has been applied. Now I will have to figure out how to look at the installed updates so it will not show up in the list of servers that need the hotfix.

Hi – if there is a registry key for the installed hotfix then that should be pretty easy to pull.

If you haven’t written registry relevance before let me know the key and value and I can help – if you have written registry relevance before make sure to share what you end up with :slight_smile:

Bill

I have never gotten this involved in actions so I am lost when it comes to this. I did find a registry setting in the server that was patched with the Hotfix. The registry entry is:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3046481~31bf3856ad364e35~amd64~~6.3.1.0]
“ApplicabilityState”=dword:00000070
“CurrentState”=dword:00000060

OK!

So I have no idea if this is the right way to do it but if that key only exists on systems with the hotfix installed then we can do this:

exists keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3046481~31bf3856ad364e35~amd64~~6.3.1.0" of (x32 registries;x64 registries)

Now keep in mind – relevance isn’t magic. This doesn’t tell if the hotfix is installed it just returns true if that key is there.

As long as that key is only there when the hotfix is installed then the relevance works. If the key is sometimes there when the hotfix is installed (or if the hotfix fails) then our relevance may return true after a failed install.

So i found this page: https://blogs.technet.microsoft.com/tip_of_the_day/2015/10/12/tip-of-the-day-cbs-servicing-states-chart-refresher/

Which tells us the meanings of applicability and current states. It looks like a value of 112 (70 in hex) means its installed. So we can change our relevance:

exists values "CurrentState" whose (it = 112) of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3046481~31bf3856ad364e35~amd64~~6.3.1.0" of (x32 registries;x64 registries)

It looks like the machine you are looking at is in a, “Install Pending” state which means it will install on reboot.

If you run the fixlet with the above relevance it will show as failed because after running the install, the hotfix is pending, it’s not installed. So we need to tell BigFix to not check for success until after a reboot has occured.

We can do that by adding, “action requires restart” at the end of our actionscript.

So our relevance is:

(windows of operating system) and (exists values "CurrentState" whose (it = 112) of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3046481~31bf3856ad364e35~amd64~~6.3.1.0" of (x32 registries;x64 registries))

and our actionscript is

prefetch 728b37b66626ce5031dee8700fb644402c8d5737 sha1:728b37b66626ce5031dee8700fb644402c8d5737 size:407196 http://BDOWSPBGFX:52311/Uploads/728b37b66626ce5031dee8700fb644402c8d5737/Windows8.1-KB3046481-x64.msu.tmp sha256:dc5ed549442076b39837006e078dc54117f1b98ef712e1dd65441f9732382444

extract 728b37b66626ce5031dee8700fb644402c8d5737

waithidden wusa.exe "__Download\Windows8.1-KB3046481-x64.msu" /quiet /norestart

action requires restart

This itself will not restart the computer (unless you’re pushing out restarts to pending restart machines).

I have not tested any of this but let me know if you have issues or questions

Sorry it took so long to get back to this. Upon trying the “exists values” I will get an 'Unable to Parse" error on Line nine: This is totally foreign to me as I have never written an action script. I copied and pasted this into the action script after the “Requires Restart” of the current action script.

This should be in the relevance tab of the fixlet

(windows of operating system) and (exists values "CurrentState" whose (it = 112) of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3046481~31bf3856ad364e35~amd64~~6.3.1.0" of (x32 registries;x64 registries))

This is what goes in the actionscript page of the fixlet:

prefetch 728b37b66626ce5031dee8700fb644402c8d5737 sha1:728b37b66626ce5031dee8700fb644402c8d5737 size:407196 http://BDOWSPBGFX:52311/Uploads/728b37b66626ce5031dee8700fb644402c8d5737/Windows8.1-KB3046481-x64.msu.tmp sha256:dc5ed549442076b39837006e078dc54117f1b98ef712e1dd65441f9732382444

extract 728b37b66626ce5031dee8700fb644402c8d5737

waithidden wusa.exe "__Download\Windows8.1-KB3046481-x64.msu" /quiet /norestart

action requires restart