I automatically apply Avast program updates on a weekly basis. Last night the deployment on the new ADNM client brought up and interesting problem. We had someone working very late and the automatic 30 second reboot caught him by surprise.
That got me to thinking… We also use a popular automated patch management package here. It gives us a very fine granular control over the reboot process. The options it gives are:
Pre - Install reboot or not
Post - Install Reboot or not
For reboot parameters it offers:
How long to allow before forcing a reboot.
Allow users to extend the reboot by xx minutes or not.
How long to wait before a reboot if a user doesn’t intervene.
Display (or not) a count down timer to reboot.
It also allows an option to install upon reboot.
It would be nice if some of these options/features could be build into the next release of ADNM.
Do you switch your machines off over night? Or do you leave them running?
Also, wouldn’t the “ask for reboot” option do? It tends to be quite effective because it’s actually not a one-time prompt - it keeps bugging the user quite annoyingly, so it’s just a matter of time before the his/her nerves break down and he/she just reboots…
Yes I do leave them on 7x24. Between backups, MS updates, full virus scans each night and other stuff I can’t let the users turn them off.
As for ask the user option. I like things to be as automatic as possible. I don’t mind giving the users the ability to extend the reboot by some set period of time but I want to know that the machine has been updated and rebooted. I don’t want to have to deal with depending on my users.
Quick question: How are you automatically applying Program Updates via ADNM?
If I look at the Properties of my Computer Catalog, I only see the following options under the “Update” section:
VPS Update: Auto, Ask, or Manual
Program Update: Ask or Manual
If instead, I look at those same options directly on a client machine, there is indeed an “Auto” option for Program Updates. Is there a reason this is not included in ADNM? I’d love to simply check the box there and have it propogate to all machines.
The reason is because it’s not really common to have programmatic updates pushed to all machines on the network. It’s sort of dangerous – should there be a problem in the new update (a situation we’re trying to avoid – but which can happen), all machines on the network will be affected at once.
Anyway, if you want this functionality, you can simply create an updating task (for program update) and schedule it to run periodically (e.g. every week or even every day).