How to target a Patch Schedule to computers that cancelled a prior Patch Schedule job
So, the 5 hour deployment window just isn't big enough for the users in my company.
It seems that they want the option to run the patch schedule job in the morning or in the afternoon with the forced reboot associated with the Windows Updates if necessary able to be pushed off until the end of the work day.
In their eyes, the behavior they are seeking is something along the lines of
9am - Option to start patching update job appear, if ok, click yes, if not ok, delay until the afternoon.
1pm - Option to start patching update job appear, if ok, click yes, if not ok, delay until the end of the day.
5pm - Updates install and computer reboots with a 15min warning to make sure the user saves their work.
I am thinking that I can make something that sort of replicates this behavior by using 2 or 3 Patch Schedules.
Job 1: 9am - Target all computers - Notify with options OK/Cancel
Job 2: 1pm - Target computers that cancelled the previous job - Notify with options OK/Cancel
Job 3: 5pm - Target computers that cancelled the previous job - Notify with options OK/Snooze
The question is, can I target the computers that cancelled the previous job?
I tried to create a Device Smart Label that catches devices with "Deploy Status" = "cancelled"
I got a computer to cancel a job, but then did not see the computer appear in the new smart label. I didn't wait for the PC to complete an inventory job, so that might have been the cause.
Any advice?
Any suggestions on your own patch schedules?
It seems that they want the option to run the patch schedule job in the morning or in the afternoon with the forced reboot associated with the Windows Updates if necessary able to be pushed off until the end of the work day.
In their eyes, the behavior they are seeking is something along the lines of
9am - Option to start patching update job appear, if ok, click yes, if not ok, delay until the afternoon.
1pm - Option to start patching update job appear, if ok, click yes, if not ok, delay until the end of the day.
5pm - Updates install and computer reboots with a 15min warning to make sure the user saves their work.
I am thinking that I can make something that sort of replicates this behavior by using 2 or 3 Patch Schedules.
Job 1: 9am - Target all computers - Notify with options OK/Cancel
Job 2: 1pm - Target computers that cancelled the previous job - Notify with options OK/Cancel
Job 3: 5pm - Target computers that cancelled the previous job - Notify with options OK/Snooze
The question is, can I target the computers that cancelled the previous job?
I tried to create a Device Smart Label that catches devices with "Deploy Status" = "cancelled"
I got a computer to cancel a job, but then did not see the computer appear in the new smart label. I didn't wait for the PC to complete an inventory job, so that might have been the cause.
Any advice?
Any suggestions on your own patch schedules?
0 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
chucksteel
6 years ago
Smart Labels are applied during the inventory process, so the label would not apply until then.
You should be able to do this with just one patch schedule:
Set the schedule to run at 9am
Set the notify option to allow snooze with a duration of four hours (240 minutes)
Set the snooze until option to allow 2 snoozes
Set the reboot option appropriately
We run our main patch schedule on Thursday nights and have computers set to power on for patching automatically (using Dell Command Configure and Apple power schedules). If a machine is not on for some reason they will receive the updates the next time their computer connects.
Comments:
-
if you have 2 snooze cycles with 4 hour delays then that will push the total time over 5 hours and error out. - Vivalo 6 years ago
-
Well, yes, but you are already agreeing to change your "deployment window" so you will need to adjust the End After time. It might be worth testing when it starts counting for that value. I know that if you have it set to run on next connection, it will end after it starts the deployment. Perhaps the countdown doesn't start until the user allows patching to begin. - chucksteel 6 years ago
-
I do not know what you mean by "Well, yes, but you are already agreeing to change your "deployment window" so you will need to adjust the End After time."
I have not seen that terminology on the Patch Schedule configuration. - Vivalo 6 years ago -
I thought that you were referring to the function when you can suspend patching after a certain number of minutes. Otherwise I'm not sure why your machines will "error out" after five hours. The first line of your question refers to a deployment window of five hours not being long enough. - chucksteel 6 years ago
-
"I thought that you were referring to the function when you can suspend patching after a certain number of minutes. Otherwise I'm not sure why your machines will "error out" after five hours. The first line of your question refers to a deployment window of five hours not being long enough."
So what you are saying is that I can make the job as you say and it will work perfectly? If so, awesome! - Vivalo 6 years ago -
I'm not saying it will work perfectly, but I believe it will meet your criteria. As with anything I would recommend that you test first by creating a schedule and targeting a small set of computers. Try the different options at each stage to cover the possible things a user might do, and proceed from there. - chucksteel 6 years ago
