Deployment Solution

 View Only

  • 1.  Large scale shutdown of desktops?

    Posted May 29, 2009 02:13 PM
    Yesterday, we had a few hundred desktops shut down in the middle of the work day. They all had similar messages in aclient.log:

    [05/28/09 14:59:10.081] Shutting down computer...

    But no more information. I'm not finding anything unusual in mm.log, axengine.log, etc. There were no shutdown jobs scheduled, no patches scheduled to go out, etc. etc. As far as I can tell from the server logs, everything was humming along smoothly, and then, splat.

    The only answer I can come up with is that someone accidentally did a forced power down in DS console for the desktops. We're a small shop and everyone has to have access to control all desktops. Where would I get some useful information in the logs? Is there any way to lock down large operations like this?

    We are using DS console 6.9 build 177.

    Any ideas would be appreciated...



  • 2.  RE: Large scale shutdown of desktops?

    Posted May 29, 2009 07:02 PM
    If you have security setup in the console you can change the permissions on the computer group objects. There you can deny everything such as Shutdown events, etc. On the rights of the security group itself you can also leave unchecked the box "Allow Scheduling on All Computers Group" to prevent people running an job on everything. You can also limit the number of computers that someone could run a job on to a specific number.

    A long time ago we had somebody send a restart command to 2,500 computers... : /


  • 3.  RE: Large scale shutdown of desktops?
    Best Answer

    Trusted Advisor
    Posted May 30, 2009 04:54 AM
     One of the lesser used  (but very handy) features of Deployment Solution is the History log. Each computer records in this log every action performed on it. To view it, simply right-click any computer, and the select the secondmost option 'History'

    If someone restarted the computers with live restart option, it will be recorded here as a live event with a date stamp. The level of detail here is quite good -here is an extract from a History log from a machine which I just gave a restart command through the console,
    30/05/2009 09:46:00:
 Job: Live Event (Reboot)
 Scheduled: 30/05/2009 09:46:00
 User: I. L. Atkin (iana)
 Windows User: iana
 Application: Altiris Deployment Solution
 Replay: False (task will not be replayed during rip and replace)

  Task: Live Event
  Completed: 30/05/2009 09:46:00
  Module: AClient
  Level: Information
  Status: Successful completion.
  Result: Success

    The great thing about this too is that the history logs remain intact even after the job history in the console is deleted (or naturally expired).

    Kind Regards,
    Ian./


  • 4.  RE: Large scale shutdown of desktops?

    Posted Jun 02, 2009 02:18 PM
    I got this in my logs:

    5/28/2009 2:59:00 PM:

    Job: Live Event (Shutdown)
    Scheduled: 5/28/2009 2:59:00 PM
    User:
    Windows User: MOBOT\installer
    Application: Altiris Deployment Solution

    Task: Importing package: "%1"
    Completed: 5/28/2009 2:59:00 PM
    Module: AClient
    Level: Information
    Status: Successful completion.
    Result: Success

    Unfortunately, it doesn't give me which computer initiated the shutdown, but I hadn't thought of checking History, so thanks.