When patches are delivered to systems that cannot be rebooted automatically then typically the NO Reboot option is used from within the KACE console.  If nobody is logged into the system at the time of patching, then the default notifications cannot pop up on the screen.  Those are only done when someone is logged into the system.  In order to get a notification when you log in, we have to first discover how to tag systems that are pending a reboot and then be able to target them with messages as a user logs into the system.  This can be accomplished by using Custom Inventory records, labels and scripts in the K1000.

Custom Inventory Rules

This is the primary part of the exercise.  There are a few different ways we can do using the registry, and once these work, we can use these to build labels to group the machines within the K1000.

Method #1

Create custom inventory record (New Software Item) with the following Custom Inventory Rule (Here we use Pending Reboot #1):

32 or 64 bit systems: RegistryValueReturn(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager, PendingFileRenameOperations,REG_MULTI_SZ)

Using this method, there will be a custom inventory record returned for the machine.  There will also be an entry in the Installed Programs as well.



Method #2

Create custom inventory record (New Software Item) with the following Custom Inventory Rule(Here we will use Pending Reboot #2):

32-bit systems:

RegistryKeyExists(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired)

64 bit Systems:

RegistryKeyExists(HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired)

When using this method since there is not a value to return as a custom inventory record, the presence of this key will ONLY be recorded as a software title in Installed Programs.  Here you see both methods producing a software record.



Once you have these rules created, you can force inventory on machines to see if they are pending reboots, or you can also force just a custom inventory from the PC by going to a command prompt, and navigating to the C:\Program Files\Dell\KACE directory (or C:\Program Files (x86)\Dell\KACE on 64 bit systems) and running the command Kdeploy.exe -CI


 

Smart Labels

Once we have defined the inventory rules and machines are checking in, we can define smart labels to automatically group these machines within the K1000. 

NOTE:  You MUST have at least one machine checking in and reporting these custom inventory fields so that they can be used when creating labels.

In the devices section, create a smart label.  When using method #1 above, you would look for the presence of the CI record.

 

When using Method #2 we would need to use the Software Title.

 

Once the Smart labels have been created, force the check in on the machines to validate the labels are being applied correctly.


Using the labels

Now that machines have labels applied, we can use these for targeting purposes.  We can use reboot scripts to force a reboot at a specified time if needed but we can also use these for notifications on systems that are pending reboots.  Here we will show how we can setup notifications via email to notify the system administrator when we have machines that are pending reboots.  We will also show how we can use a script to pop up a dialog box to the user if they login to a system that is pending a reboot. 


 

Creating a Notification Alert

On the devices page, click on Notification in the upper right of the page

 

Create the notification based on the label names created above.  In this case we will look for labels that contain the words Pending Reboot.  Make sure you test your notification to validate you have correctly discovered machines that fit this label.

 

This will send out an email Daily to the recipient to let them know the machines that are currently pending a reboot.

 

Creating Pop Up notifications on the client machines

If the client machines are not being forcibly rebooted with the patching mechanism, we might want to be notified when the client is pending a reboot.  Using the patching notifications will work but only if the computers are logged in.  In the case of servers that are typically not logged into during patching, this will be useful to let the next person to login know that the system was patched recently and needs to complete a reboot to finish the patch installation.  To be notified on next login, we need to have scripts pop up message windows at the time someone logs into the machine. 

Script to prompt user that Reboots are pending

In the K1000 Create a new Offline Script (this will allow us to set the options to run at user login).


Select Windows systems, and also select the labels from above so we are targeting machines that are pending reboot only.


In the options for schedule, select “Also Execute after Login (before desktop loads)”



You may want to schedule this to run at a specific interval as well, you can set to run as low as every 15 minutes if needed but be careful as this can add a bit of a load on the K1000.


Add a new task to pop up a dialog box with the message that you want to display.


You should see the following pop up message on machines that are marked as pending reboot.

 

 

Note that this will NOT reboot the system, just simply let the user know that the system needs a reboot.