W-O-L Patching

(imported topic written by jonh91)

This has probably been addressed somewhere, but I can’t find it.

I want to use w-o-l to turn ON any OFF pcs, then patch them, then turn them of again. The problem is, if a pc was already ON, how do I NOT turn it off. Some of my users compile data at night and I can’t just turn off their pc.

Is the solution for this already built in to BigFix or has someone written a script to solve this problem?

(imported comment written by jonh91)

No answers, so I’ll elaborate with my thoughts.

Use a series of actions:

  1. Create a script to generate a report of all MAC addresses currently OFF. Export or save that report somewhere it can be used by a later action script.

  2. Envoke W-O-L.

  3. Apply the patches.

  4. Create a script that will use the report previously generated to shutdown only the machines in that report.

  5. Delete the report.

Can someone help me with the scripts needed in 1 and 4?

(imported comment written by BenKus)

Hey jonh,

One of the fundamental issues you have is that the computer itself doesn’t know if it turned on by the power button or by using Wake-on-LAN and therefore it is hard to know which computers to turn off… You could try to script something and then control it with the BigFix API, but that is quite a bit of work and coordination to get something right…

Here is an idea for a process:

  1. Evoke Wake-on-LAN.

  2. Apply Patches.

  3. Restart all computers with uptimes of less than 1 hour (or whatever).

This has some nice benefits:

  • Straight-forward and simple.
  • If this is run at night (I am assuming it is), it is not likely someone would have their computer powered-off accidentally.
  • Easy to implement.

To implement #3, you should make a Task with the relevance of

(uptime of operating system < 1 * hour) and target it to the computers…

Be careful! Don’t turn on reapply behavior (it will constantly restart), make sure you constrain by time interval (to prevent people from turning on their computer in the morning and then having it restart immediately), and generally be cautious when you deploy this.

Ben

(imported comment written by dgibson91)

If you do choose Ben’s option, you may want to add the condition that no user is logged in for the shutdown. Any PC that was turned on via WOL, would most likely not have any one logged in. And any machine compiling data at night will most likely have a user logged on.