18 Comments

  1. The detection method on the file version is a good idea in theory, however when Microsoft releases an update to this file in a future update ConfigMgr will try and remediate the machine by re-running the installation command which will fail as the update is already installed.

    Using powershell to detect the hotfix code like this as a script may be better
    Get-WmiObject -Class Win32_QuickFixEngineering -Property HotFixId -filter “HotFixID = ‘KBXXXXXXX'”

    • That is one method, although Win32_QuickFixEngineering only detects certain updates. I personally have never been caught out by this in the last 5 years – you could simply use supersedence on the updated hotfix which would also have an incremented version number to detect or use greater than or equal to in your detection method if you think it might be updated via Windows Updates, however if you want to be specific using powershell you could further simplify the wmi call you suggested to this: Get-Hotfix -Id “KBXXXXXXX” (Get-Hotfix is a wrapper for Win32_QuickFixEngineering) (Although as mentioned above you would need to test as not all updates are detected with this method)

  2. I followed this a best I could. The package showed up on my 2 test servers but DID NOT install. It stated that it was. Auditing the files that should have been updated verified that the Hotfix did not run. Where is the problem? I used wusa.exe to exploit the Hotfix as described.

  3. what does your appdiscovery log show? what does appenforce show? Do you have any maintenance windows that could have interfered? both of those logs should give you some direction as to what happened, either an error or maybe it thinks its installed already?

  4. I just wanted to let you know that this worked flawlessly for me! Thank you so much for all the work you put in to this and sharing it! 🙂

  5. Can you create this same package with multiple hotfixes, or do you have to create a package for each of the hotfixes? How do you create a package (or is it possible) to include several hotfixes at one time?

    • In step 20 – you could choose to create another deployment type at this stage. You don’t have to do it at this point though, you could choose to do it after you have finished the application. As for multiple msu’s you could use a powershell script or batch file I guess. Personally, I would separate them into their own apps.

      • I did end up creating separate apps for each of them. Time consuming, but I guess it makes more sense, if something “breaks” to narrow down the cause…

        Thanks for the input!

  6. Having some problems with this method. I can see the windows update stand alone installer running in the process details, but it doesn’t seem to actually be doing anything. This is ver 1607.
    Also, I could not find the name of the file that would be changed, or any identifying information on kb3189866. I did try using a powershell script that looked for that kb, it looked like this:
    get-hotfix -id KB974332

    However, I don’t think there is enough there. Any help would be appreciated.

    • Hi, I will use your example as a new post on deploying and detecting via Powershell in order to keep the whingers happy. I’ll try to post it this week depending on work commitments. As a side note, is your powershell detection looking for the correct KB as your post details two different ones: kb3189866 and KB974332

  7. The installation syntax is good but I would definitely use the “get-hotfix” command in a Powershell script for the presence of the KB. Then make that a “script-based” detection clause. Like This:

    get-hotfix | Where-Object {$_.HotFixID -match “KBNUMBER”}

    • Hi, You don’t need the where-object part of your powershell statement as detailed in a previous comment of mine. You can simply write: get-hotfix kbxxxxxxx Yes, you can use powershell as well. There are many ways to skin a cat as they say. If I have time I will update the post to include the alternative method as I get many posts banging on about it.

  8. Hi, Install works like a dream but removal fails almost immediately. It uninstalls if I run the uninstall command via CMD.

    error in SC – The software change returned error code 0x8000FFFF(-2147418113).

    Error in Appenforce.log Unmatched exit code (2147549183) is considered an execution failure.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.