Kaseya Community

Patching and offline machines

  • How does everyone else deal with offline machines and patching. So for example, I have a ton of machines going to sleep or clients are used to turning them off. I have an XP and Vista script that sets the power options to Always Stay On but this does not seem to be helping much. We talk to clients about leaving machines on to update but I know it will never be perfect.

    Legacy Forum Name: Patching and offline machines,
    Legacy Posted By Username: stephen.mccollum
  • If I see machines that have not been patched for a while, or are missing a ton of patches, I will start a patch cycle during the day and notify the user with a message stating such. If they are turning off the computers instead of leaving them on to patch, they really don't have much to complain about.

    Check out the Scripts section of ths forum for Wake on LAN scripts. There are a bunch there that I have played around with to mild success and may implement in the near future. That may also help.

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: CCDave
  • We run a simple "Reminder" script every 6 days, to try to brainwash them into leaving their computers on.

    If they insist on ignoring us, we will either change the Automatic Updates to apply patches at lunch time, or Un-check the "Skip if machine offline" to apply the patches when they boot up!

    Patch scans are run without the "Skip.. " checkbox, so they get run no matter what.

    Good luck!
    Chris

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: chris@networkdepot.com
  • For most of our clients I use a WOL script to get things started, although there are a few types of machines that dont wake...
    Edit: this works for most of our clients, I have big issues when tring to traverse lan segments.

    I used to use the nag screen on patch days, you know "Please do not blah blah blah"... Then I found out that some users would turn them off out of spite...

    Please post your power change settings script in the scripts section of the forums, it may not be working correctly, I've got issues with mine, I think it's because users manually set this. I'd like to find a way to take the option away from them. It may have to be a GP thing though.

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: thirteentwenty
  • For desktops and laptops, we do not Skip If Offline. If they turn their machine off, then it will be patched whenever they turn it on.

    I figure... this keeps the machines patched (without us having to manually deal with things), and also acts as a deterent for them to turn their machines off, as they have to deal with the slowness of background patch installs and reboot prompts, should they choose to turn off their machines.

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: lwolf
  • I've been tinkering with removing the "Shutdown" option from some workstations... I wonder how that will go.

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: thirteentwenty
  • I wrote this little script to remove the shutdown options from all the normal spots in windows. You can still use the shutdown command after this is run.

    Script Name: Remove Shudown options from windows
    Script Description: Removes all shutdown options from all versions of windows.

    IF True
    THEN
    Set Registry Value
    Parameter 1 : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose
    Parameter 2 : 1
    Parameter 3 : REG_DWORD
    OS Type : 0
    Execute Shell Command
    Parameter 1 : shutdown -f -r -t 300 -c "Your computer will restart for system service in five minutes"
    Parameter 2 : 1
    OS Type : 0
    ELSE

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: michaelgooch
  • You could also make a batch script what makes a power scheme :

    @echo off
    echo.
    echo Power Options Script
    echo Made by CMPJeffrey
    echo.
    echo Creating new profile
    powercfg /create xppower
    echo.
    echo Creating active power
    powercfg /setactive xppower
    echo.
    echo Setting time at 0
    POWERCFG /CHANGE xppower /monitor-timeout-ac 15
    POWERCFG /CHANGE xppower /disk-timeout-ac 0
    POWERCFG /CHANGE xppower /hibernate-timeout-ac 0
    POWERCFG /CHANGE xppower /standby-timeout-ac 0

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: CMPJeffrey
  • we have this problem too.

    We setup a script that sends users a message twice on the day of the patching. They get it at 1pm and 4pm.

    Also I have played with locking the shutdown command so after 4pm the script runs which locks the ability to shut down until after 7pm.

    also I am working on modifying power schemes. Tricky one this as I cannot really do it for laptops unless I can put them back afterwards.

    For the messages also I created a message using Visual Studio which pops up on their machine and has a status bar that takes 5 seconds to complete. Idea being that they have to read it and after 5 seconds the close button becomes available.

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: mmartin
  • I've been running into this problem a lot lately, noticing that a majority of my groups are turning off their workstations. I want to turn off the "Skip if offline..." so it starts to patch when the machines turn on in the morning. Any one know how much of a performance hit a machine would take? Not worried about it rebooting afterwards cause I know the users are just going to turn their machines off again that night.

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: rchiocchio
  • If you can't get your customer to agree to leave the computer on, then why not just schedule it to run at lunch time? I think that would have less of an impact than running when they first boot up.

    You still have to solve the problem of when to run the patch scan, audit, defrags, etc. etc. It is really an educational conversation that you must have with the customer, reminding them that they are paying you to do a job, but not allowing you do to it efficiently.

    Good luck!

    Chris Amori
    Virtual Administrator

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: chris@networkdepot.com
  • chris@networkdepot.com
    If you can't get your customer to agree to leave the computer on, then why not just schedule it to run at lunch time? I think that would have less of an impact than running when they first boot up.


    I WOL when ever possible. Only if I want to punish a user would I run patches etc on boot...

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: thirteentwenty