Hi, I took action on a patch baseline for testing on my workstation and while I was logged on my machine spontaneously restarted. Any ideas? Let me know if more info is needed, this is my first post here… Thanks!
Action Behavior:
Messages
No user interface will be shown before running this action.
No message will be shown while running this action.
Users
This action will run independently of user presence.
User interface will be shown to all users.
Execution
This action will never expire.
It will run at any time of day, on any day of the week.
If the action becomes relevant after it has successfully executed, the action will not be reapplied.
If the action fails, it will not be retried.
If a member action fails, the action group will continue to run.
Post-Action
After the action completes, the user will be requested to restart the computer.
The restart request will have a deadline of 3 days after it is initially shown.
When the deadline is reached, the user will be forced to respond to the restart request.
The user will be allowed to cancel the reboot/shutdown.
The following message will be displayed as the reboot/shutdown request:
Please Restart
In an effort to reduce Spencer Stuart's Cyber Security Risk, the Information Security team has installed security updates on your computer. Please restart at your earliest convenience. If this time is not convenient for you, please click the Snooze button to perform the restart at a later time. There is a deadline of 3 days to perform the restart because not doing so may result in instability and data loss.
Log File:
At 09:45:51 -0500 - actionsite (http://bigfix.spencerstuart.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded parameter “PowerShellexe”=“C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” (action:93003)
Command succeeded delete __appendfile (action:93003)
Command succeeded delete script.ps1 (action:93003)
Command succeeded appendfile (new-object net.webclient).downloadfile(“https://api.ipify.org/","{pathname of parent folder of client}\mypublicaddress.txt”) (action:93003)
Command succeeded (file created) appendfile (new-object net.webclient).downloadfile(“https://api.ipify.org/","C:\Program Files (x86)\BigFix Enterprise\BES Client\mypublicaddress.txt”) (action:93003)
Command succeeded appendfile (new-object net.webclient).downloadfile(“https://api.ipify.org/","C:\Program Files (x86)\BigFix Enterprise\BES Client\mypublicaddress.txt”) (action:93003)
Command succeeded copy __appendfile script.ps1 (action:93003)
Wow64 redirection disabled. action uses wow64 redirection false (action:93003)
Command started - waithidden “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -file “C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\CustomSite_Windows_Settings\script.ps1” (action:93003)
Fixed - Spencer Stuart - Clients - Pending Restart and Nobody Logged On (fixlet:8678)
Event Viewer:
The process C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe (USWK4DQQ7Y1) has initiated the restart of computer USWK4DQQ7Y1 on behalf of user NT AUTHORITY\SYSTEM for the following reason: Other (Planned)
Reason Code: 0x80000000
Shutdown Type: restart
Comment: IBM BigFix Restart from ActionID 280752