Patching on log-off/shutdown

(imported topic written by whanscom)

Is there a method to apply patches to workstations as they log-off or shutdown for the evening?

(imported comment written by brolly3391)

And hello again whanscom,

Grazing the surface of this topic:

I like using constraints to avoid bugging the end users. When you take your action use the constraint: “Run only when no user is present”. This will catch most of your userbase but some users never log so we have to be a bit more forceful with them.

You also set up a second action that will run starting the following week. This is your forced remediation phase. This action is set to run “Independantly of user presence”. The second action should hit all the remaining users that do not make themselves available for patching during off hours.

Cheers,

Brolly

(imported comment written by SystemAdmin)

Hi Whanscom,

I talked with a user that was interested in this operation at one point and we eventually determined that applying a patch at log-off or shutdown was not a good idea and there were better alternatives. If you try to do this you’ll end up annoying users because their computer won’t turn off for several minutes when they try to power down.

The user I talked with was trying to have BES do this because they were doing it with their previous patch management system. They had this policy before because they couldn’t run patches silently and users would complain. They eventually determined that BES could apply patches silently enough not to annoy their users and it was better policy not to apply the patch at log-off.

I’m not sure what your situation is but their may be better alternatives, such as outlined by Brolly, then applying patches at log-off.

Best,

Tyler

(imported comment written by whanscom)

many thanks for these suggestions, I was aware of the constraint “Run only when no user is present”, I also like the idea of two actions, to capture the stragglers.

(imported comment written by Bjowah91)

We use a property to detect if the screensaver is running. When the patching is done we let the user postpone the reboot up till 12 Hour, after that we force the reboot.

Works pretty well for us.

Björn

(imported comment written by brolly3391)

Nice one Bjowah,

Do you use

exists running application whose (name of it ends with “.scr”)

as your property to detect the screen saver running?

Cheers,

Brolly