We have some systems which act as OCR scanners and need to have a set maintenace window for patches. We want the clients to determine the time (local time) and either lock or unlock themselves accordingly.
We have come up with the following fixlet code but want to run it past some other eyes to make sure that what we see in testing is accurate.
the relevance is true if you belong to a certain subnet and the action code is below. The maintenance window for this set of systems is 8AM - 12 PM Tuesday - Friday.
action lock until {concatenation of (( concatenation of ((day_of_month of current date as string ) & " " & (current month as three letters as string) & " " & (current year as string) ) as date + day) as string) & " 08:00:00 -0500"} {concatenation of (( concatenation of ((day_of_month of current date as string ) & " " & (current month as three letters as string) & " " & (current year as string) ) as date ) as string) & " 12:00:00 -0500"}
The idea is that the box will lock itself at noon today and will unlock tomorrow at 8 am. We would apply it as a policy to run at 12:00 PM every T-F and not to run on Sat, Sun or Monday. Thus on friday at noon, it will lock and not unlock until Tuesday at 8 AM.
Actually, we have a very sophisticated mechanism for setting and maintaining maintenance windows in BES… We developed it for some specific customers and I meant to publish it before, but I didn’t get around to it until now…
Attached are some Tasks and properties that are to create a “Maintenance Window” property. Several customers have been using a maintenance window system based on these properties for a couple years.
When you import these, you will get 2 properties which will tell you whether your computers are in maintenance windows and tell you what maintenance window is set (true/false). Also, there will be 4 Tasks to enable/disable and set the maintenance windows.
With a simple modification, we would take the steps of directly tying the “LockState” to the “true/false” value of “In Maintenance Window”. These attached properties don’t do that, but it isn’t very hard to modify the properties to be tied to lock state.
Hopefully everything is self-explanatory. Let me know if these work for you.
If I am reading the tasks right, it creates a maintenance window every week for one night. Is there a way to do it for X days a week without heavy modifications?
This looks like a great feature but if I need to exclude certain groups of machines from different patches is there any way to do this without splitting the task up?
the most recent thread on this subject is nearly 2 years old. Has there been any notable updates to this process?
We are currently in the process of going from WSUS to BigFix for our server patching. The problem is that our servers can be in any one of 16 different maintenance windows.
Also, the windows could be daily, weekly, or monthly. Also, some allow reboots and others don’t.