Seems like a ridiculous question, but support told us no, it does not. 

However, when we read the documentation, we see:

Allow the user to run, cancel, or delay the action. This is especially important when reboots are required. If no user is logged in, the script runs immediately.

And on the option itself the gold question mark says:

Display an alert dialog to offer the console user a chance to delay or cancel the action before it executes.If no user is logged on to the console,schedule run immediately. 

Support told me that what this means is that if the user is logged out, patches will not be applied, but when they log in they just don't get the alert, on the assumption they've got nothing going and doing need to snooze.

I'm just incredulous. Why wouldn't you patch when users are logged out, its the best time? 

Anyway, our K1000 is NOT patching machines that are logged out. Does K1000 patch machines that are logged out (but powered on)?

 

0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Community Chosen Answer

2

In my experience out K1000 does patch without anyone logged in. I'm not sure why support told you differently.

Answered 03/21/2013 by: chucksteel
Red Belt

  • It isn't working for us. Thanks for verifying that it works for you. Anyone else? Is there something we should look at that might be turning this off?
  • Agreed!
  • I would first ensure that the server and agent are both at version 5.4 SP1 per the below blog post:
    K1000 5.4 SP1 fails to patch machines with agent 5.4.5315
    http://www.itninja.com/blog/view/k1000-5-4-sp1-fails-to-patch-machines-with-agent-5-4-5315
Please log in to comment

Answers

1

I can see how that can be about as clear as mud. If I were you I'd test it out on a workstation. Stay logged out and powered on, target it for a patching D&D, and see how it moves through the stages of detect, deploy, verify, and complete... I want to say it will work without a user being logged in. For the most part we deploy patches silently as not to interrupt our users (or give them reason to freak out).

Answered 03/21/2013 by: GeekSoldier
Red Belt

  • Thanks GeekSoldier for the reply. I was really hoping someone could say yes or no. What are you patching? We're starting with Java, Flash and Reader and find we have to have the browsers turned off for that to work.
    • Adobe products work really well with patching. Java not so much. I find that when a user is logged in, they're likely using a web browser. This seems to cause the patch not to apply correctly. It'll show up in add/remove programs and your inventory as current, but when the user needs to use Java it will be broken. I recommend creating a Managed Install that runs at computer startup. Other than Oracle and Adobe updates we're also patching Mozilla, Apple, and starting to patch Microsoft.
      • This is why we use "Alert User Before Run" to ask users to close browsers before continuing (wish there was an option to force them to close upon hitting OK).

        This is also the problem. K1000 (we are on 4.5 SP1) will try to alert even while logged out, and with snooze as a timeout it gets stuck in a loop until the user logs in to eventually hit OK.
  • I understand that for Java this isn't the convenient way, but it will allow you to do two things the patching method won't. First, you'll be able to deploy your java update on your schedule, not Lumension's. Second, your deployment will have a much higher success rate performing the install before the user logs in. I've posted my current deployment method at the link below.

    http://www.itninja.com/blog/view/java-7-update-17-deployment-settings-that-work-with-your-k1000

    Try this and see how it works out for you.
Please log in to comment
0

5.4 has a new option that should resolve your issue but it should patch when no one is logged in. 

Automatically Reboot:  When no one is logged in
Answered 03/21/2013 by: nshah
Red Belt

Please log in to comment
0

It should be patching with no one logged in. Can you verify that the machines are not hibernating?  In the schedule are you limiting it to specific operating systems?  After you save a schedule there is a blue box at the bottom of the page. Above it is a link called show all which shows the systems that are targeted.  What phase does the machine go to in this box?

Answered 03/21/2013 by: Timi
Seventh Degree Black Belt

Please log in to comment
Answer this question or Comment on this question for clarity