Knowledge Base

We’re here to help if needed

Catalog Releases
Open Support Case

Right-Click Options Available for Updates and Applications

You can easily customize updates for third-party applications using our custom right-click selection menu, including custom scripts, command lines, and more.

This article details the custom right-click actions available within our publishing service. Right-click actions can be applied at the All Products, Vendor and Product level with the products list in the Updates Rules and Application Rules tab.

All the custom actions and based on customer feedback, and can be applied as needed to improve your software update or application installation experience. Any customizations applied will also be used for any future updates or applications published.

Topics covered in this article:

Publishing with full-content or metadata only

The right-click options for full content and metadata only can be used to configure how you want software updates to be published to WSUS.

right-click metadata vs full-content

  • Full Content: publishes the full content of the update to WSUS. Full content includes metadata and the update binaries and is required to download and deploy the update in WSUS/SCCM.
  • Metadata only: publish only the metadata; update binaries are not published. Metadata only allows you to view the compliance details in SCCM/WSUS for the update, but you will be unable to deploy unless it’s re-published with full-content.
  • Available At: All Products, Vendors, and Products
  • Applicable To: Software Updates

Show package info: title, command-line, download URL, etc.

This option will show information for the currently synchronized catalog.

Show package info

Included Information:

  • Title (Including version)
  • File Name
  • Command-line
  • Download URL
  • Digest

Columns can be added or removed by right clicking the column headers. Additionally, the list can be exported using the “Export…” button.

Package Details Column List

Package Details displayer

You can double-click an update to view the detection method for the software update.

View Update Detection Method Patch My PC

  • Available At: All Products, Vendors, and Products
  • Applicable To: Applications, Software Updates

Pause Product Updates

This option allows you to temporarily stop publishing, of an application or update for a particular product, until a given date configured by you.

For example, in the screenshot below, Adobe Acrobat Reader DC Continous (x64) is configured to not publish a new version until 01 September 2022. A new version (if available) will publish on this date.

If a product is paused and there is a new version available, you will be notified via the Alerts that the product is paused.

This feature requires the Enterprise Plus subscription. 

  • Available At: Products
  • Applicable To: Applications, Software Updates

Manage conflicting processes

When updating third-party applications, there may be cases where you need to close an application that is currently open by an end-user.

Read more about this option: Manage Conflicting Processes when Updating Third-Party Applications

  • Available At: All Products, Vendors, and Products
  • Applicable To: Applications, Software Updates

Set application requirements

Control whether applications created by the Publisher can only be installed on workstations, servers or 32bit operating systems.

This sets a requirement on the application in Intune or ConfigMgr (deployment type).

  • Available At: Products
  • Applicable To: Applications

Add custom pre/post scripts

This option allows you to insert custom scripts that can be set to run either before or after the product installation.

When enabled, you can choose custom scripts by browsing out and selecting files to insert as a pre-install script, post-install script, pre-uninstall script, or post-uninstall script.  Each script inserted includes a field for arguments if necessary.  You can also insert any additional files or folders that the script(s) may need access to.

Any scripts, files, or folders you choose from the below, will be included in the payload to the device. In other words, the script and any additional files and folders will be transferred locally to the device when the update or application is downloaded.

Additionally, there are two checkboxes that change the behavior of the scripts.

  • Don’t attempt the software update if the pre-script returns an exit code other than 0 or 3010.
    • If the provided pre-script exits with any exit other than 0 or 3010 then ScriptRunner will exit with code 32767
  • Run the pre-update script before performing any auto-close or skip process checks.
    • If you have a ‘Manage Conflicting Process‘ option set and this box is checked then the pre-script will run before the conflicting process check.

 

Choose Custom Pre/Post Scripts

The file types supported for custom scripts are:

  • .vbs
  • .bat
  • .ps1
  • .exe
  • .msi

Please note that if the product has already been published as an update, you will need to republish the update.

See the following two articles as examples on how to leverage scripts or additional files:

 

  • Available At: Products
  • Applicable To: Applications, Software Updates

More InformationNote: to include quotes in the arguments field for any of your pre/post scripts, wrap them in double quotes escaped with a backslash. For example:

Custom pre post script example with escaping quotes

More InformationNote: When specifying a PowerShell .ps1 script file for either a pre or post-update script, and you attempt to pass an argument which accepts an array, you cannot use traditional PowerShell syntax.

It helps to understand that powershell.exe is invoked from cmd.exe and therefore the syntax of -MyParameter "Item1","Item2","Item3" will not parse as you might intend when used in the Argument field. This is because cmd.exe cannot interpert PowerShell arrays, it attempts to parse the second item in the array as a command or parameter.

To workaround this, you could pass a string to your parameter with a delimiter and within your script split the string on the delimiter. Here is an example:

Delete desktop shortcuts(s) created by this application

This option will automatically delete any public desktop shortcut(s) created by a product’s installer.

delete public desktop shortcuts

  • Available At: All Products, Vendors, and Products
  • Applicable To: Applications, Software Updates

Disable self-updater

This option will disable the product’s auto-update feature if it exists.

disable self-update icon

  • Available At: All Products, Vendors, and Products
  • Applicable To: Applications, Software Updates

Manage installation logging

This option enables logging during the installation of the update on the client device.

installation logging icon

When enabled, the publishing service will create a directory (default path: C:\windows\ccm\logs\PatchMyPCInstallLogs) that will store the vendor’s installation log for that product, providing greater detail if troubleshooting is necessary.  There are additional checkbox options to enable verbose logging, prefix the log with the computer name of the client device, and to designate a backup location to store log files for failed installations.

additional options for installation logging

  • Available At: All Products, Vendors, and Products
  • Applicable To: Applications, Software Updates

Modify command line

This allows you to modify the command line by inserting additional arguments.

modify command line

When enabled, a field will appear to insert additional arguments that will be appended to the existing silent command-line arguments for the product’s installation.

add custom command line patch my pc

  • Available At: Products
  • Applicable To: Applications, Software Updates

Add MST transformation file

For products that use an MSI based-installer, you can apply a Transforms file. A transform can modify information that is in any persistent table in the installer database.

Within the MST file dialog, you need to select the (.MST) file and optionally a (.CAB) file, if required.

insert mst transformation file

  • Available At: Products that use MSI Based Installers
  • Applicable To: Applications, Software Updates

More InformationNote: The MST and/or Cab file are added into the update/app in the relative path. For an Application it will be in the app’s content path, for an update the MST/Cab will be bundled in update cab file. MST/Cab file selections will persist through updates.

Manage assignments

  • Available At: All Products, Vendors, and Products
  • Applicable To: Intune Apps, Intune Updates

 

This option allows you to manage the assignments you would like created for your Win32 applications (Intune Apps, and Intune Updates).

Manage Assignments

See the bottom of the Manage assignments section for important notes regarding assignment management.

When you select to Manage assignments a UI is presented as shown below where you can Add

 assignment, Remove assignment, and configure Override manual assignment changes…

Selected Add assignment will present a window allowing the selection

of an Azure AD Group as shown below.

Select Azure Groups Wizard

This is a live query of our Azure AD tenant for groups. There are some filtering options to assist with finding the desired group to target with an assignment.

Once an assignment is created the Name, Availability, Deadline, or Restart grace period column content can be clicked to open the Assignment editor. This provides configuration options for these settings, as shown below.

Assignment Editor

These changes will be applied to the Intune application or update during the next Publisher synchronization.

Filter Mode & Filter Name columns can be clicked to configure AAD Filters to any assignment.

Filter Mode and Filter Name

This feature requires the Enterprise Plus subscription.

  • Available At: All Products
  • Applicable To: Intune Updates

More InformationNote: To Assign and manage filters you will require an Enterprise Plus license, however, If an assignment in Intune has filters applied to it, these will be copied across to new product versions regardless of license level.

Clicking on Filter Mode will cycle through the available modes – Include, Exclude & None.

Clicking on the Filter Name will bring up a filter selection window to allow you to select which filter to apply to the assignment.

More InformationNote: To assign and manage filters you will need to update your AAD application registration with the DeviceManagementConfiguration.Read.All application scoped API permission.

More InformationNote: Only one filter can be applied at one time to an assignment.

More InformationNote: Setting the filter mode to None will clear the filter association from the assignment.

Override manual assignment changes made in Intune during the synchronization of the Publisher

Intune Assignment Override

When this checkbox is checked for a product the Publisher will enforce the intent (required, available, uninstall), mode, notification, and restart grace period configuration for the assignments.

If this checkbox is checked and an assignment targeting a specific group changes intent (i.e. required to available) or mode (i.e. include to exclude) then the assignment will be deleted and recreated during the next sync. This would include a new available and deadline time based on your configured settings, as it is a newly created assignment.

If this checkbox is checked and the notification or restart grace period configuration is changed in the Publisher the settings will be applied during the next sync.

More InformationNote: Changes made in the Manage Assignments right-click option are not immediate. They are applied during the Publisher synchronization.

More InformationNote: Some settings will not apply until a new application is published unless the Override checkbox is checked, or it is a newly created assignment for a group without an existing assignment. See the Override section above for more details.

More InformationNote: The Publisher will never delete an assignment directly. If you remove an assignment from the list, it will not be recreated in the future, but it will not be deleted. It may also be copied from previous app versions depending on your Intune application creation options.

Manage dynamic assignments

This option allows you to publish application updates to Intune that will dynamically assign to security groups based on pre-defined search criteria.

Read more about this option: Manage Dynamic Assignments

This feature requires the Enterprise Plus subscription.

  • Available At: All Products
  • Applicable To: Intune Updates

Manage categories

This option allows you to set the categories that will be assigned to applications.

Manage Categories

The categories displayed will include existing categories. You can create new categories within this same UI using the + button to the right.

Managing Intune categories:

Managing SCCM categories:

More InformationNote: Categories will be added to existing applications and updates during the next publisher sync, but they will not be removed for existing applications and updates. Whenever a new application or update is created the Publisher will ensure the currently specified categories are in place.

  • Available At: All Products, Vendors, and Products
  • Applicable To: ConfigMgr Apps, Intune Apps, Intune Updates

Manage security scopes

This option allows you to set the Security Scopes an application in ConfigMgr should be associated with. The Publisher will set the Security Scopes for the applications during the sync.

The security scopes are pulled from your ConfigMgr environment. You can refresh the list with the button in the top right corner. Additionally, you can right-click the headers to add or remove columns.

Security Scopes Selection Window

More InformationNote: Security scopes will be added to existing applications during the next publisher sync, but they will not be removed for existing applications. Whenever a new application or update is created the Publisher will ensure the currently specified security scopes are in place.

More InformationNote: Security scopes will require new permission, specifically Application > Set Security Scope, and Security Scopes > Read, which you may not have in your Security Role created for Patch My PC. You can follow the instructions in this article to either re-import an updated role or set the new permissions manually. If you choose to re-import the role it will simply overwrite the permissions and retain your existing role assignments.

  • Available At: All Products, Vendors, and Products
  • Applicable To: ConfigMgr Apps

Manage ESP Profiles

This option allows you to manage the Enrollment Status Page profiles which any Win32 application can be associated with (Intune Apps).

 

The ESP are pulled from Microsoft Intune for your configured tenant. Note that the profile must have ‘Show app and profile configuration progress‘ set to ‘Yes‘ in order to appear in the list for selection. An example list is shown below. Also, this feature will require your Azure App Registration to have DeviceManagementServiceConfig.ReadWrite.All permissions set.

Any Win32 application created by the publisher will be added to the ESP which are selected for the respective application.

  • Available At: All Products, Vendors, and Products
  • Applicable To: Intune Apps

Manage Role Scope Tags

This option allows you to manage the role scope tags which a Win32 application is associated with in Intune.

Manage Role Scope Tag

The role scope tags are pulled from Microsoft Intune for your configured tenant. An example list is shown below. Also, this feature will require your Azure App Registration to have DeviceManagementRBAC.Read.All permissions set.

Manage Role Scope Tag Form

Any Win32 application created by the publisher will be assigned the role scope tags selected for the respective application.

More InformationNote: Role scope tags will be added to existing applications during the next publisher sync, but they will not be removed for existing applications. Whenever a new application is created the Publisher will ensure the currently specified role scope tag associations are in place.

  • Available At: All Products, Vendors, and Products
  • Applicable To: Intune Apps, Intune Updates

Override Win32 application options

This option allows you to override the relevant Win32 application options for the selected product. They can be configured globally in the Intune options and overridden per product or per vendor.

Override Win32 application options

It is not an option to override the code signing certificate. Applications and Updates each show the options that can be overridden. There is no ESP configuration option for Intune Updates, which is not shown when configuring an override for Intune Updates. Below is the override window for each product type.

Override Win32 Update Window

Updates

Override Win32 Application Window

Applications

 

  • Available At: Vendors, and Products
  • Applicable To: Intune Apps, Intune Updates

Manage naming convention

This option allows you to set a custom naming convention for the Win32 applications that are created by the publisher. (Intune Apps, and Intune Updates)

Manage Naming Convention

There are variables available for customizing the name that will be used for the Intune Win32 application as shown below.

You can click the links of the variable names to insert them into your naming convention. The resulting applications can be seen in Intune with the naming standard set.

Note: the %OriginalName% will be the default name that Patch My PC uses. It can be inserted as a variable if you want to build on the default name. If the pattern is empty, the default name is also used.

  • Available At: All Products, Vendors, and Products
  • Applicable To: Intune Applications*, Intune Updates

* For Intune Applications at the product level, you will be able to manage naming convention in the Set custom application icon and properties right click option.

Manage application user experience

This option allows you to set custom user experience options for the application. The ability to set Installation behavior is limited due to not all applications supporting a user based install. User-based installations will be a possibility for Applications in the catalog with this option going forward.

If the ‘Installation behavior’ option is grayed out this means the application does not support a user based installation. The UI should prevent you from creating an unsupported Application User Experience.

App User Experience SCCM

When enabled, the deployment type for any application created for the product will have the user experience tab populated according to the configuration set in the wizard above.

Note that you are able to select which options are inherited when you set this option at the Vendor or All Products level. See below for an example.

App User Experience Vendor Level

  • Available At: All Products, Vendors, and Products
  • Applicable To: ConfigMgr Apps

Add the executable name(s) in the deployment type’s install behavior

This option, when enabled, allows the publishing service to define the executable files in the install behavior tab that must be closed by the user for available deployments, or close automatically for required deployments for the application installation to succeed.

set deployment type install behavior sccm

These file names will be set in SCCM under the Install Behavior tab in the application’s deployment type properties.

chrome executable name in SCCM

  • Available At: All Products, Vendors, and Products
  • Applicable To: ConfigMgr Apps

Move the application to a custom folder

By default, all applications created will end up in the root of your applications folder within Configuration Manager. This option lets you choose a custom folder to move the published applications to.

Move application to folder

It is also possible to create a new folder using the button or refresh the list with the refresh button.

Console Folder Browser

  • Available At: All Products, Vendors, and Products
  • Applicable To: ConfigMgr Apps

Set custom application icon and properties

By default, the application metadata and icon’s will be based on the software vendor.

This option allows you to customize the properties of the application, as it would be seen in the SCCM console and Software Center.

Set custom application properties

You can customize the application name, localized application name, localized description, and even set a custom icon for the application. When enabled, the publishing service will use the defined properties during initial application creation or when an application is updated for the product.

This option may be helpful if you need the application name and other settings to be static for certain task sequence installation scenarios.

For ConfigMgr Apps, your options look like this:

options for customizing app properties

For Intune Apps, your options look like this:

  • Available At: Products
  • Applicable To: ConfigMgr Apps, Intune Apps

Display as a featured application in the company portal

This option allows you to set an application as featured for the company portal or software center application.

Set as a Featured Application in Company Portal

The following checkbox in the Software Center tab of an application will be automatically enabled.

Set as a featured application checkbox in UI

And for Intune, it will set the below-highlighted feature to ‘Yes’

Intune Featured App

  • Available At: Products
  • Applicable To: ConfigMgr Apps, Intune Apps

Exclude from auto-publishing rules

Selecting this option will block the product from being enabled, even if the option to auto-enable products based on SCCM inventory scans is active, or the equivalent Intune option, and the product meets or exceeds the device count threshold for automatic publishing.

Exclude from auto-publishing rules

Excluded products will be visually crossed out in the Update/Application Rules tab(s).

product crossed out

  • Available At: Vendors, and Products
  • Applicable To: Applications, Software Updates

More InformationNote: Marking a vendor for exclusion is a point-in-time operation. If a new product is added to the catalog for this vendor it will not be automatically excluded.

Republish during next sync schedule

This option will enable the product to be republished during the next publishing service sync. 

More info on when, why, and how to republish third-party updates can be found here.

  • Available At: All Products, Vendors, and Products
  • Applicable To: Software Updates, ConfigMgr Apps, Intune Apps, Intune Updates

Recreate detection script

This option will force the Publisher to recreate the PowerShell detection script for the selected application(s).

 Use Cases:

  • New code signing certificate
    • If you have a new code signing certificate for your WSUS server, this option lets you recreate and resign all the detection scripts used by the applications published by Patch My PC
  • Detection script changes
    • Occasionally we will make changes to the detection method script. This can be to improve logging, resolve bugs, or improve the accuracy of detection. Recreating the script will ensure the latest detection method script is used.

 

Recreate Detection Script

  • Available At: All Products, Vendors, and Products
  • Applicable To: ConfigMgr Apps

Manage application update and retention…

This option allows you to define how to update a specific product when a new application update is released. This feature will take precedence over the options defined on the global level.

  • Available At: Products
  • Applicable To: ConfigMgr Apps

Open local content repository

The option will open your configured local content repository.

Open local content repository

  • Available At: All Products, Vendors, and Products
  • Applicable To: Applications, Software Updates