Does K1000 patch machines when they are logged out?
Seems like a ridiculous question, but support told us no, it does not.
However, when we read the documentation, we see:
Allow the user to run, cancel, or delay the action. This is especially important when reboots are required. If no user is logged in, the script runs immediately.
And on the option itself the gold question mark says:
Display an alert dialog to offer the console user a chance to delay or cancel the action before it executes.If no user is logged on to the console,schedule run immediately.
Support told me that what this means is that if the user is logged out, patches will not be applied, but when they log in they just don't get the alert, on the assumption they've got nothing going and doing need to snooze.
I'm just incredulous. Why wouldn't you patch when users are logged out, its the best time?
Anyway, our K1000 is NOT patching machines that are logged out. Does K1000 patch machines that are logged out (but powered on)?
Answers (4)
In my experience out K1000 does patch without anyone logged in. I'm not sure why support told you differently.
Comments:
-
It isn't working for us. Thanks for verifying that it works for you. Anyone else? Is there something we should look at that might be turning this off? - isopepper 11 years ago
-
Agreed! - GeekSoldier 11 years ago
-
I would first ensure that the server and agent are both at version 5.4 SP1 per the below blog post:
K1000 5.4 SP1 fails to patch machines with agent 5.4.5315
http://www.itninja.com/blog/view/k1000-5-4-sp1-fails-to-patch-machines-with-agent-5-4-5315 - Moncus 11 years ago
I can see how that can be about as clear as mud. If I were you I'd test it out on a workstation. Stay logged out and powered on, target it for a patching D&D, and see how it moves through the stages of detect, deploy, verify, and complete... I want to say it will work without a user being logged in. For the most part we deploy patches silently as not to interrupt our users (or give them reason to freak out).
Comments:
-
Thanks GeekSoldier for the reply. I was really hoping someone could say yes or no. What are you patching? We're starting with Java, Flash and Reader and find we have to have the browsers turned off for that to work. - isopepper 11 years ago
-
Adobe products work really well with patching. Java not so much. I find that when a user is logged in, they're likely using a web browser. This seems to cause the patch not to apply correctly. It'll show up in add/remove programs and your inventory as current, but when the user needs to use Java it will be broken. I recommend creating a Managed Install that runs at computer startup. Other than Oracle and Adobe updates we're also patching Mozilla, Apple, and starting to patch Microsoft. - GeekSoldier 11 years ago
-
This is why we use "Alert User Before Run" to ask users to close browsers before continuing (wish there was an option to force them to close upon hitting OK).
This is also the problem. K1000 (we are on 4.5 SP1) will try to alert even while logged out, and with snooze as a timeout it gets stuck in a loop until the user logs in to eventually hit OK. - erush 11 years ago
-
I understand that for Java this isn't the convenient way, but it will allow you to do two things the patching method won't. First, you'll be able to deploy your java update on your schedule, not Lumension's. Second, your deployment will have a much higher success rate performing the install before the user logs in. I've posted my current deployment method at the link below.
http://www.itninja.com/blog/view/java-7-update-17-deployment-settings-that-work-with-your-k1000
Try this and see how it works out for you. - GeekSoldier 11 years ago
5.4 has a new option that should resolve your issue but it should patch when no one is logged in.
| Automatically Reboot: | When no one is logged in |
It should be patching with no one logged in. Can you verify that the machines are not hibernating? In the schedule are you limiting it to specific operating systems? After you save a schedule there is a blue box at the bottom of the page. Above it is a link called show all which shows the systems that are targeted. What phase does the machine go to in this box?
