Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Large scale shutdown of desktops?

Updated: 21 May 2010 | 3 comments
zchandran's picture
zchandran
0 0 Votes
Login to vote
This issue has been solved. See solution.

Yesterday, we had a few hundred desktops shut down in the middle of the work day. They all had similar messages in aclient.log:

[05/28/09 14:59:10.081] Shutting down computer...

But no more information. I'm not finding anything unusual in mm.log, axengine.log, etc. There were no shutdown jobs scheduled, no patches scheduled to go out, etc. etc. As far as I can tell from the server logs, everything was humming along smoothly, and then, splat.

The only answer I can come up with is that someone accidentally did a forced power down in DS console for the desktops. We're a small shop and everyone has to have access to control all desktops. Where would I get some useful information in the logs? Is there any way to lock down large operations like this?

We are using DS console 6.9 build 177.

Any ideas would be appreciated...

discussion Filed Under:
,

Comments

Tenacious Geo's picture
29
May
2009
0 Votes 0
Login to vote
Tenacious Geo

If you have security setup in

If you have security setup in the console you can change the permissions on the computer group objects. There you can deny everything such as Shutdown events, etc. On the rights of the security group itself you can also leave unchecked the box "Allow Scheduling on All Computers Group" to prevent people running an job on everything. You can also limit the number of computers that someone could run a job on to a specific number.

A long time ago we had somebody send a restart command to 2,500 computers... : /

-Geo

ianatkin's picture
30
May
2009
3 Votes +3
Login to vote
ianatkin
Trusted Advisor

Use the History Log

 One of the lesser used  (but very handy) features of Deployment Solution is the History log. Each computer records in this log every action performed on it. To view it, simply right-click any computer, and the select the secondmost option 'History'

If someone restarted the computers with live restart option, it will be recorded here as a live event with a date stamp. The level of detail here is quite good -here is an extract from a History log from a machine which I just gave a restart command through the console,

30/05/2009 09:46:00:
 Job: Live Event (Reboot)
 Scheduled: 30/05/2009 09:46:00
 User: I. L. Atkin (iana)
 Windows User: iana
 Application: Altiris Deployment Solution
 Replay: False (task will not be replayed during rip and replace)

  Task: Live Event
  Completed: 30/05/2009 09:46:00
  Module: AClient
  Level: Information
  Status: Successful completion.
  Result: Success

The great thing about this too is that the history logs remain intact even after the job history in the console is deleted (or naturally expired).

Kind Regards,
Ian./

Ian Atkin, Senior Developer for the ICT Support Team, Oxford University, UK

Connect Etiquette: "Mark as Solution" those posts which resolve your problem, and give a thumbs up to useful comments, articles and downloads&

SOLUTION
zchandran's picture
02
Jun
2009
1 Vote +1
Login to vote
zchandran

This confirmed that it was a live event

I got this in my logs:

5/28/2009 2:59:00 PM:

Job: Live Event (Shutdown)
Scheduled: 5/28/2009 2:59:00 PM
User:
Windows User: MOBOT\installer
Application: Altiris Deployment Solution

Task: Importing package: "%1"
Completed: 5/28/2009 2:59:00 PM
Module: AClient
Level: Information
Status: Successful completion.
Result: Success

Unfortunately, it doesn't give me which computer initiated the shutdown, but I hadn't thought of checking History, so thanks.

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
259,054