Patch Management Solution

I am trying to see if I can come up with a way to do the following.

Send out patches at the beginning of the work day and provide end user a notification that updates are ready to install. Most users will go home at the end of the day and shut down their computers and the patches will be applied upon start up the next morning. For those users who DO NOT shut down the day the patches are applied the next morning a deferred reboot of up to 6 hours will be applied. The rational is don't force a reboot for 80% of the users who normally shutdown at the end of the day but for those who don't force the reboot the next day. Any help would be greatly appreciated! 

Please review the following in a test lab:

1. Create the Software Update Policies for needed updates in the environment as outlined in KM: HOWTO56242 - Section 6, and target all clients to be updated prior to desired time to allow for the following:

• The Clients run Update Configuration as defined by Agent Settings and receive the Software Update Policy
   
• The Client's targeted download location, e.g. Site Server, to be able to download the physical Software Update package 
   
• The Client’s will download the Software Update package and sit in ‘Scheduled’ status
   
• Refrain from configuring the Schedule or ASAP on the individual Software Update Policies
   

2. Configure the Default Software Update Plug-in Policy to execute the Software Update Cycle, but only after the previous step has fully completed:

• Configure the Daily Schedule to run at the beginning of the work day and configure the Reboot to be ‘Never’ to ensure the reboots are handled by the User
   
  • This policy location and schedule details are outlined on KM: HOWTO56242 - Section 5.
     
• Configure the Notifications for clients to receive as needed, but keep in mind that these notifications are only sent to the client at time of the Software Update Cycle Schedule
   
  • These notification settings are outlined on KM: TECH127404
     

Advisories:

• The timing needed between Steps 1 & 2 is around 4 hours, for the client will need to Update Configuration, recieve the policies, download the packages and return confirmation to the SMP to be in a 'Scheduled' status.
   
• As per the Knowledge Management article referenced above; only one DSUP Policy can be targeted to a client, for multiple policies will cause conflicts. 

This configuration will allow for end users to know that the Software Update Cycle is taking place at the start of the work day, with or without their approval, and they are responsible for the reboot to solidify the installation of all updates. This is a repeating daily schedule to eventually make all clients compliant.

Ensure you test these settings first and follow up if there are any questions. Other helpful articles to be aware of regarding Patch 7.5 are found on KM: HOWTO95496.

Hope this helps,

Joshua

Josh, what can be done to force a reboot after a day or so goes by?

Patch Management Solution - reboot schedule will only reboot if the client is needing one per KM: TECH127365. If this registry key is not in order with 'Reboot Required = 1' then Patch Management cannot reboot the client. This registry key is set when the Software Update Cycle runs and any of the installed Software Updates throw a 3010 Exit Code.

If you need to reboot the client that is not returning that 'reboot required' to the SMP Server: A custom Task Job, or Deployment Solution Job, will need to be utilized to target the client and execute the reboot CMD.

Hope this helps,

Joshua