1 Reply Latest reply on Oct 21, 2016 6:50 AM by cwinning

    Manually Execute A Deployment Protect 9.2 issues

    alexwu Rookie

      Hi all,


      So : we have some servers that we are only copying patches and the client is installing them.

      After the upgrade to 9.2 , it seems that the .bat file used for manually installation has moved, according to this document : https://community.shavlik.com/docs/DOC-24100


      Using the infos provided in the document , i have some issues :


      1-after i deploy the patches with a no reboot template (before/after) and only copy patches, the customer shoud run the bat file InstallPatches-###" from C:\Windows\ProPatches\Staged folder. The problem is that after running the file, the server will restart, even if i deploy with no reboot option and i don.t want that. Any ideas here ?

      2-can we follow up on screen the patch installtion ? after running the bat file the only way to track KB installtion is to check event viewer

      3-is there any config file that says which patches will be installed after running the bat file ? i need this because the customer might need to skip some patches, and maybe remove the KB line from the config file, this way that patch will not be applied. I guess is can also be done by deleting the KB from ProPatches folder.



        • 1. Re: Manually Execute A Deployment Protect 9.2 issues
          cwinning CommunityTeam



          The setting Never reboot after deployment is honored whether the a Shavlik\MS Scheduler starts the deployment or you start it by hand in the Staged folder.  I ran through the steps moments ago and the machine I tested with did not reboot after the patches were installed.  It's possible Windows Update is causing the reboots.  Please verify these settings on the target machine:  Best Practice: Windows Automatic Updates


          Running these deployment by hand isn't a true workflow process so we don't have a easy method of monitoring the deployment on the client. This method is normal reserved for servers with special needs or troubleshooting.  Deployments vary, but you could look for this line in the STDeploy.log:

          STDeploy.cpp:249 Current remediation phase completed. Process exit code: 0.


          You control which patches are installed by filtering from the scan.  You can do this numerous ways through a Scan Template, the best method is to use a custom Scan Template and a Patch Group together to exclude specific patches.  How To:  Include or Exclude Specific Patches in Scan Results in Ivanti Patch for Windows Servers


          Apologies for late reply,