Command line to run a patching schedule?
We deploy PCs using Microsoft Deployment Toolkit (MDT), one of the last tasks we would like the task sequence to do is Windows patching. I know that a script can be run via command line, runkbot.exe 123 0.
Is there any way to get a client to kick off a patching schedule, i.e., 'Post Build Detect and Deploy'?
Or, does anyone have a creative solution for kicking off patching immediately on newly built PCs? Please confine answers to MDT built devices, we do not have, do not plan to have the K2000.
Thank you!
3 Comments
[ + ] Show comments
Answers (0)
Please log in to answer
Be the first to answer this question
We use a smart label that identifies machines that have had an OS deployed to it within the last 4 hours (we didn't use the wizard to create this label, but use SQL for it). Because our inventorying runs once an hour, we set this label to OS's deployed in the last 4 hours, in case the machine takes a bit to inventory for the first time.
We have the patch schedule to detect all patches and to deploy all patches. This patch schedule is set to run once every hour, do forced reboots, and run on next connection if the agent is offline. - crodriguez 6 years ago
RegistryValueReturn(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine, Distinguished-Name, TEXT)
We then have a Smart Label called "Computers in KACE OU", which has
"Active Directory Distinguished Name (CIF)" "ends with" "OU=KACE,DC=Company,DC=Local"
Then we have a patch Detect and Deploy which runs every 4 hours on the computers with the Smart Label. This allows us to deploy new computers deployed using the K2000 and get them updated fairly quickly, but doesn't affect computers installed manually or added to a different OU (servers and VMs primarliy).
I also have a Smart Label "Computers Added in Last Day", which is set to
"Created" "is within last" "24 hours"
You could use that Smart Label with a patch detect and deploy, but it would affect ALL computers added to KACE, which we don't want to do. - PaulGibson 6 years ago
-Patch Schedules
-Custom Inventory Rules
-Device Smart Labels
-LDAP (to query the Active Directory for info.) - Channeler 6 years ago
select * from MACHINE where OS_INSTALLED_DATE >= (CURRENT_TIMESTAMP()-INTERVAL 1 DAY)
You can have a separate schedule that detects and deploys patches to this smart label, machines will automatically fall out of this label and hence will no longer be a target. - PortZero 6 years ago