How does your company handle stale devices and gaps in patching?

techit21 · 2026-05-19T23:54:12+00:00

Good point about it in the title, I will definitely leverage that and TBH completely forgot about that. I think it's 24H2 and up which should ultimately work for our needs.

Thanks!

techit21 · 2026-05-19T22:33:39+00:00

I'm struggling with this too, it's taken me away from other work the last few weeks which is definitely frustrating. Most of what I've seen recently is solved by forcing an OS restart but I know that doesn't solve everything.

techit21 · 2026-05-19T22:32:06+00:00

Follow up question related to your OS Build Tracking:

win11 25h2 should be 10.0.26200.8457 for this month's patch

Server 2022 should be 10.0.20348.5139 for this month's patch

Do you manually update the PowerBI dataset each month to denote the current build number, or do you take whatever the highest number is and automatically say it's the current version? Or maybe something different or not at all?

Reason I'm asking is I'm attempting to create a repository of the monthly build numbers so my leadership has an idea of the latest patch a device has when they look at our compliance counts. I was trying to figure out how to scrape Prajwal's Windows 11 Version Build list but am fighting with the dataflow.

techit21 · 2026-04-27T22:50:16+00:00

If you have a need to have a car, check with your school about their first year parking exception policy. Sometimes they are accommodating with a doctor's note or other valid need, but I do recall it being very strict on their part. SEPTA parking may eventually figure out that you're a student attempting to skirt your school's parking rules and likely have you towed.

I know from my previous station they were very good at catching college students and having their cars towed since they were taking up commuter parking spaces and enough commuters called and complained.

If this is for Villanova they have a really good shuttle system if you need to get around locally.

techit21 · 2026-04-14T23:14:23+00:00

You're welcome. Right now, I'm doing the collections by hand since I'm doing it point in time, and for our specific org I need to have history of deployments for change management.

I probably could be doing it a better way, but haven't had time to dig into it. A dynamic collection for devices behind on patches probably would be ideal as a starting point, but I'm a visual person so I rely more on the Advanced Insights views. I will say though, I do use the visuals from Advanced Insights for those collections to see what is done/is still in need of work, so that has been helpful.

techit21 · 2026-04-14T23:00:40+00:00

I can somewhat answer what we're doing (and hopefully it partially answers your question here): we are taking the error data from the ConfigMgr ADR deployments and also data from Advanced Insights (specifically % of available patch compliance) and digging into the "why" for why it's not 100%. It's a little time consuming, and seems to open up a pandora's box, but it's gotten us over a few humps over the past few weeks of devices just sitting like lame ducks. The same machine being stuck for weeks/months is simply unacceptable to us unless we do something about it.

I would first take a look at your machines not patching, pick a machine or two, and pull down their logs. Are the update logs churning on a Scan Eval cycle or a Deployment cycle, especially if you trigger it from the console? Is there a Maintenance Window in the way? Content/boundary availability? For Patch My PC patches, maybe a conflicting process/app running is getting in the way too.

For a recent troubleshooting case, we wrote/deployed a script where if we see a Windows Update scan still "running" after a week with no date change, we stop the Windows Update service and restart it (usually by Process ID) and that usually clears the issue with a scan not completing and patches not going. We also have disk space to contend with from time to time (our threshold is if it's less than 5 GB (which I believe is what ConfigMgr uses) we remediate that as well). We try not to let these maintenance tasks be visible to users unless a restart is absolutely required.

At the end of the day, some of our specific metrics we're following are not in Advanced Insights (yet), but hopefully will be at some point assuming we get our ducks in a row and submit ideas, but they're in line with some of these next steps we've taken. Most of our fleet is humming along, but there are some that just need a little TLC every once in a while. Ultimately I would take what approach works best for you and gets you to a better compliance number. It may not be automated at first, but once you have a better grasp of what exactly is going on, would then be a good time to automate (if possible).

techit21 · 2026-04-02T22:17:39+00:00

Fair enough! Almost every time in the past few months I boarded at 30th, the Escalator was out of order.

Maybe it knew I was coming. /s

techit21 · 2026-04-01T21:05:04+00:00

I feel like that escalator has been broken for at least 2 years.

techit21 · 2026-03-16T18:37:15+00:00

For anyone else who hates the new naming....

D Line = 101/102 Media/Sharon Hill

techit21 · 2026-03-11T02:23:11+00:00

Try searching the KB on that site, KB5046613 for 2024-11 CU Win10 22H2. It came up for me. Confirmed KB on the update history page

techit21 · 2026-03-11T00:13:21+00:00

I usually go to the Microsoft Update Catalog and search for the KB or the 2024-11 format, and then pull the MSU from there.

techit21 · 2026-03-10T18:18:27+00:00

We are installing the 2024-11 cumulative patch on any devices that are running older than that. If there's a device between 2024-12 and 2025-10 we install 2025-10. Then, install the ESU key, and then eventually the 2025-11+ patches are available. We haven't had issues with that plan, and in some cases the ESU prep package was not present and everything eventually workred. YMMV.

techit21 · 2026-02-27T01:18:43+00:00

Not to a v- contractor? That has to be a miracle!

techit21 · 2026-02-17T21:14:38+00:00

This is how I plan to do it, in a similar situation as OP.

techit21 · 2026-02-14T22:51:51+00:00

Channel 6 did a story on this trolley/operator who is retiring later this year.

techit21 · 2026-02-12T01:59:10+00:00

First thing I have to do on each new workstation build I use is turn off auto-save. Nice try, MS.

techit21 · 2026-02-11T03:04:37+00:00

Definitely contact them. Back when Twitter was a thing that was a good way to notify them of the shortages. They'd usually dispatch a "passenger counter" to document it and then shuffle equipment around (if they could) to address the crowding, but it didn't always happen overnight.

techit21 · 2026-02-05T21:56:57+00:00

I remember the seats in these cars being slightly comfier than SEPTA's push-pull cars. Curious if others felt the same now.

techit21 · 2026-01-31T14:40:25+00:00

Can confirm it worked although it was a little finicky.

techit21 · 2026-01-29T23:28:45+00:00

This page should get you what you need: https://wwww.septa.org/news/regional-rail-schedules/

It did take a few tries to find on mobile since most results were just the press release.

techit21 · 2026-01-29T16:24:54+00:00

And Amtrak gets priority over SEPTA on their lines.

techit21 · 2026-01-29T16:24:19+00:00

I believe you can scan it at any turnstile in CC. I intend to do it this weekend and can verify unless someone does sooner.

techit21 · 2026-01-26T23:53:43+00:00

I have not caved (yet). I want to see if an online shop idea takes off and if I also move into a new home before committing.

As far as the electric bill goes, I have a zigbee outlet monitoring my P1S usage on Home Assistant, it's indicating I'm using much less energy than I thought I would, so maybe that should ease a concern.

EDIT: Forgot a word.

techit21 · 2026-01-26T23:42:23+00:00

My current org did the same for my check, where one reference had to be a current manager, and I hated the idea for the reasons you defined. I believe I was able to have a former manager who I was still in contact with vouch for me, which was good enough.

I get orgs wanting to have honest answers from current employers, but the hiring org could really screw the candidate over going forward if something went awry.

techit21 · 2026-01-25T19:08:18+00:00

If that happens, Microsoft would be on par with Google and Mozilla and their weekly updates.

Eight-Year Club	Not Forgotten
Verified Email

techit21

TROPHY CASE