On some workstations, patches are staged and ready to deploy but the user does not deploy them and they do not deploy automatically after the timeout period? Is there a way to start the deployment from the workstation on these computers?

Our Windows patches are set to "detect, stage and on-demand deploy". I'm finding that some users are not deploying patches and the "Automatically deploy after x time" setting isn't triggering the deployment either. 

Is there a way to trigger the deployment remotely via the KACE console, something similar to using the 'runkbot' command for inventory?

0 Comments   [ + ] Show comments

Answers (2)

Posted by: barchetta 3 months ago
Brown Belt

So you dont deploy?   I would think you'd need to set up a deploy schedule to require your users to restart. Most users in my experience will not do a restart until forced.

We do a daily detect and then schedule the deployments. We give users the install notification as well as restart notification.

This is interesting, I never paid much attention to the stage option. Was just looking at the kace info on this and there is an interesting note

Detect and Stage: Scans for compatible patches, and downloads the applicable files to the agent device for later deployment.

Detect, Stage and On-demand Deploy: Scans for compatible patches, and downloads the applicable files to the agent device for later deployment pending user initiation.

It is important to note that whenever a Patch Action does both a Detect pass and something else (as is the case with Detect and Deploy and Detect and Rollback), the action is repeated cyclically until the Detection process finds no further patches to deploy or rollback. This may result in multiple Reboot Actions for a single scheduled run.

Ive had an issue with servers/workstations where if multiple patches are needed and one requires a restart first then I need to schedule another install.  Wondering if I use a detect with deploy rather than just a detect if that means the devices will restart however many times is needed to complete.

Sorry to go off subject here but this is interesting.  

  • We use "Detect, Stage and On-Demand Deploy". We have lots of engineers and this gives them more control of when it runs so it doesn't interfere with tests etc they are running. My understanding is that this does go through the cycle until everything has been updated. In theory. :) For most of our users, this has worked well but some don't deploy the patches after they are staged in a timely manner. These are the ones I'd like to be able to send some command to so the deployment will take place and then they'll be prompted to reboot. - ScottAday 3 months ago
    • Well, you could do a label for missing patches and then do a deploy to all X days after your on demand. those without missing patches should see nothing. - barchetta 3 months ago
      • This is what I do. End users get annoyed, but it trains them to deploy patches when requested. I did a custom SQL that does any device with a "failed" critical patch in the past week, with critical patches missing as of the last patch schedule, and reporting one or more patches as having "failed" installation. - RD94 3 months ago
Posted by: Nico_K 3 months ago
Red Belt

open a SR with KACE support. I replicated it and were not able to replicate this. Probably there is something badly setup or you ran into a misled feature, I did not see.

This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ