Large scale shutdown of desktops?

This issue has been solved. See solution.
zchandran's picture
zchandran
May 29th, 2009

Yesterday, we had a few hundred desktops shut down in the middle of the work day. They all had similar messages in aclient.log:

[05/28/09 14:59:10.081] Shutting down computer...

But no more information. I'm not finding anything unusual in mm.log, axengine.log, etc. There were no shutdown jobs scheduled, no patches scheduled to go out, etc. etc. As far as I can tell from the server logs, everything was humming along smoothly, and then, splat.

The only answer I can come up with is that someone accidentally did a forced power down in DS console for the desktops. We're a small shop and everyone has to have access to control all desktops. Where would I get some useful information in the logs? Is there any way to lock down large operations like this?

We are using DS console 6.9 build 177.

Any ideas would be appreciated...

Filed under: ,
0 votes
George Wagner's picture
George Wagner
25 weeks 3 days ago

If you have security setup in

If you have security setup in the console you can change the permissions on the computer group objects. There you can deny everything such as Shutdown events, etc. On the rights of the security group itself you can also leave unchecked the box "Allow Scheduling on All Computers Group" to prevent people running an job on everything. You can also limit the number of computers that someone could run a job on to a specific number.

A long time ago we had somebody send a restart command to 2,500 computers... : /

-Geo

Don't forget to mark the solution to your forum post if it has been answered!

0 votes
ianatkin's picture
ianatkin
25 weeks 3 days ago

Use the History Log

Solution

 One of the lesser used  (but very handy) features of Deployment Solution is the History log. Each computer records in this log every action performed on it. To view it, simply right-click any computer, and the select the secondmost option 'History'

If someone restarted the computers with live restart option, it will be recorded here as a live event with a date stamp. The level of detail here is quite good -here is an extract from a History log from a machine which I just gave a restart command through the console,

30/05/2009 09:46:00:
 Job: Live Event (Reboot)
 Scheduled: 30/05/2009 09:46:00
 User: I. L. Atkin (iana)
 Windows User: iana
 Application: Altiris Deployment Solution
 Replay: False (task will not be replayed during rip and replace)

  Task: Live Event
  Completed: 30/05/2009 09:46:00
  Module: AClient
  Level: Information
  Status: Successful completion.
  Result: Success

The great thing about this too is that the history logs remain intact even after the job history in the console is deleted (or naturally expired).

Kind Regards,
Ian./

Ian Atkin
Senior Developer for the ICT Support Team,
Oxford University, UK

+3 (3 votes)
SOLUTION
zchandran's picture
zchandran
24 weeks 6 days ago

This confirmed that it was a live event

I got this in my logs:

5/28/2009 2:59:00 PM:

Job: Live Event (Shutdown)
Scheduled: 5/28/2009 2:59:00 PM
User:
Windows User: MOBOT\installer
Application: Altiris Deployment Solution

Task: Importing package: "%1"
Completed: 5/28/2009 2:59:00 PM
Module: AClient
Level: Information
Status: Successful completion.
Result: Success

Unfortunately, it doesn't give me which computer initiated the shutdown, but I hadn't thought of checking History, so thanks.

+1 (1 vote)