• Welcome to Support Forum: Get Support for Patch My PC Products and Services.
 
Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Ben Reader (Patch My PC)

#1
Great to hear that the issue was resolved!
#2
Hey there,

If the WSUS code-signing certificate is indeed self-signed, there should be no supporting certificates required, as there should be no certificate chain to follow.

As a first step, I would suggest reviewing our KB article that covers this specific scenario.

https://patchmypc.com/third-party-updates-fail-to-install-with-error-0x800b0109-in-sccm#:~:text=The%20most%20common%20reason%20error,and%20Trusted%20Publishers%20certificate%20store.

If after following the guide you still have no resolution, let us know - we will need pmpc (and wsus) server-side logs &  pmpc logs from one  of the affected client devices

Thanks,

Ben
#3
Hi,

The deferral policy is stored system-wide - thus, the deferral limit is global and not scoped to a particular user.

In the scenario of shared user devices, it may be best to take a more aggressive approach to updating software - schedule the deployments to a specific update window and force the software to shut down if it is running.
#4
I'm not aware of any way to set priorities of updates - they would just be applied in a "first come, first served" model.
#5
Unsure what you are referring to by "window" in this context, but the short answer is there is no way to structure or schedule the precise order of package or policy deployments in Intune.
#6
Hi,

Adobe Acrobat Reader is still in the catalog. Search for "Acrobat Reader" and you should be able to find it.
#7
Hi Joe,

Just make sure to only deploy the full client to specific users/devices that need it, and then with the host deployment, make sure to exclude that group.

As an example, imagine this scenario for Intune:


  • TeamViewer Full Client is packaged and deployed as REQUIRED to security group "A" - this group contains your key IT staff members (or their devices).
  • TeamViewer Host is packaged and deployed as REQUIRED to security group "B" - this group contains ALL users (or their devices). We will also add an EXCLUDE assignment and set it to security group "A".

This way, everyone gets exactly what they need and the IT staff are excluded from incorrect update deployments.

Pretty common issue - depending on which management tool you are using will change HOW you implement the fix, but functionally it's the same for both ConfigMgr / Intune.
#8
Hey Louis,

You will continue to have this issue until the catalog is updated.

Please check out the catalog release notifications and potentially look into subscribing to it to be notified once this new version is included in the catalog.

https://patchmypc.com/scup-catalog-newsletter-signup
#9
Hi Louis,

Looks like Tenable has released a new version of the app and isn't maintaining a public link for the version that is in our catalog.

We will need to reach out to the vendor to find out if there is a way to access previous versions to help with the gap between releases and updating our catalog.

In the interim, I've advised our catalog team and we will endeavor to get an updated catalog released ASAP.
#10
Hi misia,

This is being rectified as we speak. Apologies for the delay in response.

Cheers,

Ben
#11
Hi,

If you modify the install / uninstall strings outside of the publisher (aka, in the CM console) then the next time the publisher finds an update it will be overwritten with the defaults.

Currently there is no way to customize the uninstall string in the manner you are looking for, as our packages are built with our own wrapper tools which do not share the same commandline arguments as the standard installers.

If this is something you would like to see in a future release of the product, please raise it as an idea @ ideas.patchmypc.com

Thanks,

Ben
#12
Also a good follow up question!
So, yes - set your updates to required, there really isn't any reason not to. However, if you have an update you need to roll back, meaning you already have it deployed and installed on a device. To uninstall or roll back the update, you need to remove the assignments on the update package and add a "required uninstall" assignment on the version of the application package.

This is because the update package contains a requirement script that will not let the package "run" if the app and version is detected on the machine.

Cheers,

Ben
#13
Hey Steven - good question!

The short answer is Updates can be assigned to EVERYONE / EVERYTHING, as they check to see if they are required to run on the device before they actually attempt to install.

The longer answer is - Applications as well as updates get new packages in your Intune environment whenever a new version is published. Applications can be made available OR required depending on business requirements.

Updates are entirely safe to set to required for all devices / users.

The key different between applications and updates is the custom "requirement" script that is packaged with the update package - the script validates whether or not the device it's running on has an old version of the application - if it doesn't nothing happens and the device is flagged as "not required".

The point here is the updates are not meant to be "interactive" - the end users shouldn't be aware of the updates. They are simply a mechanism to enforce version compliance.

Hope this helps out!

-- Ben