Patching "run now" is just the most dangerous thing I have seen
There is zero validation dialog on "run now" for both windows and dell patches. AND it is right next to the edit button.. that being said.. has anyone come up with a way to not inadvertently restart all your servers in the middle of the day? I guess I could do a 1 hr notification with a cancel option on it. Id have to scramble to all my servers and cancel manually.. But then my schedule would be weird because Id need to take that into consideration.. Is this what people are doing to avoid being fired for one errand click? Anyone have a script to abort a patch?
Im not even going to think of recommending a validation dialog.. kace has been around for years and they have just left the run now as is. How completely insane.
Answers (2)
well, "Run Now" just starts the task.
If you have "wrong" reboot option for you it is a config setting.
And tbh in the last >10 years I never accidentally clicked this button. (in other tools this happens more often that I click the wrong one by accident I need to confess)
Comments:
-
Wrong reboot option? We restart automatically. Is this a wrong reboot option? If it is "wrong" what do you suggest? Log into each server and restart it manually? Sorry but Im confused by your response. - barchetta 2 years ago
-
well if the system restart automaticly but you don't like that, it _IS_ the wrong reboot option (I assumed something like that)
I personally have my servers put into different labels (M_SL_Server_1 and M_SL_Server_2 to be precise), so all network services are always avaiable because only ONE of TWO systems for the major services is rebooting during the patch schedule (for me ithe auto reboot if no one is logged in is the correct setting, since I love that) - Nico_K 2 years ago-
No, I DO want them to restart automatically. I do have them split into labels. However, Perhaps I need to be a little more strategic in terms of what I consider just utter insanity. I too have not pushed the run now in error.. but for crying out loud, it is right next to the edit button. I appreciate your comments though and as a workaround to this Im going to split things up a little differently. We need to get out of on prem servers.. that is the REAL problem.. in this day and age no reason to maintain hardware. - barchetta 2 years ago
Hi,
I definitely agree with your statement. It could be really great to add a step to confirm the run now (with eventually a resume of targeted computers).
If you launch it by mistake, you can try to applly the following KB :
How to stop KACE Agent tasks on the SMA appliance (114135) (quest.com)
Something similar happened to me last year after SMA upgrade : A Dell patch schedule was set but with no targetted device. Despite of this, it started to patch all of my computers and servers. Indeed, there was the OS filter set on "All OS" and if it is set like this it will target every computer and server matching this OS filter with no regards that you didn't explicitely define a device as target. In other module of KACE, there is a complementary button that you can check to select "All Devices" and which prevent this to happen if it is unchecked.
Regards,
Nioky
Comments:
-
Thanks for this. I need to keep this article somewhere handy just in case. When I have servers set to auto restart on a schedule it is just unnerving to even click on the edit button when the run now is mm's away. Just completely unnecessary. This would be the equivalent of microsoft having no confirmation on a server restart or shutdown option. It is amazing to me that anyone would defend kace on this. I think in fact I had better run a "fire drill". I'll set up a schedule to do this on my own laptop and see if I can use the KB you referenced to see if I can stop the process. - barchetta 2 years ago