Client Management Suite

 View Only

  • 1.  Post image tasks conflicting with software updates installing

    Trusted Advisor
    Posted Oct 04, 2017 12:17 PM

    We have labs with a lot of autodesk titles, and I don't want to create a monolithic image with those titles anymore.  To be more modular, I want to install the necessary titles via post image tasks.  These titles are large and can take 10+ minutes each to install and some labs need several titles.

    The problem I'm running into is the installs are taking long enough to install that software updates are also installing in the background on freshly imaged machines while the post image tasks are installing.  Autocad (and possibly some of the other Autodesk titles) will not install properly if it sees the machine is in a pending restart state from the software updates.

    Are there any plans for symantec to allow customers to better control software updates on freshly imaged machines?  It seems like if I could either delay software updates from happening until my image job is complete, we'd be great.  Or, if I could use an imaging task to force software updates to happen and restart the machine and then move on to Autodesk installs, we'd be ok.  I understand the latter is more complicated because an assessment scan needs to run, as well as update client config, etc.

    Anyone have suggestions?  I really want to be able to install software as part of imaging jobs with no technican interaction, and I don't think that's asking too much.  Thanks!



  • 2.  RE: Post image tasks conflicting with software updates installing

    Trusted Advisor
    Posted Oct 04, 2017 02:24 PM

    Maybe another solution would be if X patches install at 1:30pm, instead of having them install at next hour (2pm) push it out further.  Is there a way to control that, even if it effects all clients?

    I need to be able to guarantee a machine just imaged will have ~60 minutes where patches won't install, possibly longer if more titles are requested down the line.  



  • 3.  RE: Post image tasks conflicting with software updates installing

    Posted Oct 04, 2017 07:03 PM

    How about not putting the Software Update Agent in the image but have a post image job to install it after a 60 minute delay?



  • 4.  RE: Post image tasks conflicting with software updates installing

    Posted Oct 05, 2017 03:43 AM

    You just shouldn't target your machines before the post image tasks are done.



  • 5.  RE: Post image tasks conflicting with software updates installing

    Trusted Advisor
    Posted Oct 05, 2017 08:33 AM

    @andy - interesting idea.  I might go forward with testing that, but I hate to strip it out for all imaged machines.  My goal is to use our standard hardware independent image for these labs.  Maybe I'm remembering wrong, but I seem to think I have trouble having the agent install that plugin automatically (at least in VMs I've deployed recently)... and I had to manually install for some reason.  It was the only plugin I had that issue with, of course.

    @mistral - How?



  • 6.  RE: Post image tasks conflicting with software updates installing

    Posted Oct 05, 2017 11:54 AM

    e.g. send some custom inventory to some custom dataclass (InstallStatus?) at the end of the deployment (after post image tasks are done).

    Use this dataclass in your target.

    You can even use different "phases" (e.g. post image - base - fully installed) and target them.



  • 7.  RE: Post image tasks conflicting with software updates installing

    Trusted Advisor
    Posted Oct 05, 2017 12:54 PM

    @mistral - that makes sense.  I wish I had implemented some custom 'image complete' flag years ago when we adopted Symantec patch and then scoped all patches to scope based on that flag.  Now I'd be worried about populating that on already imaged computers and not missing one.

    The last step of all of our image jobs is adding to domain.  Maybe I can build something off of that flag and only stage patches to computers that have that flag set, I assume that's in the db somewhere. 

    Hate to think about modifying scope on all of our patches, but it's an idea assuming a re-imaged computer would pick up that it's temporarily off domain until software is complete.  



  • 8.  RE: Post image tasks conflicting with software updates installing

    Posted Oct 06, 2017 04:21 AM

    Don't know your patch target.

    But it hopefully might use some filter.

    Just edit this filter and exclude computers not in domain?

     

    (Well ... or add an "include only" domain computers filter to your target)



  • 9.  RE: Post image tasks conflicting with software updates installing

    Posted Oct 06, 2017 04:29 AM

    "Picking up re-imaging computers".

    You main problem might be that patch targets (in default) only update every 30 minutes.

    If re-imaging is faster they might still be target.

     

    Solution:

    Add an Task (run script on Server) to your job running

    "C:\Program Files\Altiris\Notification Server\bin\ScheduleProcessor.exe" {1bf89561-394a-42e1-88b2-bae5f42874cc}

    Thats the half hourly NS.Windows Patch Remediation Settings.{1bf89561-394a-42e1-88b2-bae5f42874cc} task

    to update the patch targets immediately

     

    In short:

    Set the imaging flag (custom inventory/leave domain)

    update patch targets (server task)

    image

    post-image

    Set the done flag (custom inventory/join domain)

    wait or update target

    enjoy