Run script at check in like a software install
I have the KACE client auto deploy via GPO to any computer that is on the domain. I setup a smart label to check for computers with my old AV protection installed. I then created a KACE script to remove the old AV, install the new one, run an inventory update, then tell the user to reboot.
The only drawback of this was I could not just let the script loose on 1000+ computers because the script calls the AV protection install from a central IT server on our global WAN and KACE does not recommend having more than 50 computers called for a checkin at any one time. I don't have to do this everytime I want to mass run something that takes a while and I don't want to bog down both KACE and the WAN deploying things to 1000 computers globally.
The managed installs have an option to deploy to a label and run at next checking but because of how I need to remove and then install I cannot use a managed install. Is there a way to setup a script to run automatically for my label at check in without having to "Run Now" and fire off to the thousands of computers that can be online at any given time"
Answers (1)
Is the purpose of the inventory update only to give it the new label? If so I do this a couple of ways. After running my install I go to Inventory and change the "View By" to the label that is detecting my old software. I then check mark all on the first page (150 machines), and force an update. I know Kace recommends only 50, but I've done this many times before, and have never had a problem. Every 30 minutes or so I select another 150 and do the same.
Another way is to duplicate the force check in script. Add your "old software" label, and schedule them to check in more frequent. Since the update should remove the old label this should only happen once per machine.
Comments:
-
The force update at the end is to remove it from the label. Here is the full process:
Smartlabel setup to detect process "OldAVProcess.exe" Label called "OldAV". This gives me about 300 or so computer remaining with the old AV.
Created a script to run for compters labeled "OldAV"
On Verify
- Check for process "OldAVProcess.exe"
On Success
- Run program (msiexec /x {GUID of my old AV} /qn /norestart} with wait
- Run program (msiexec /i \\MyAVServer\Distribution\NewAV.msi /qn /norestart) with wait
- Run program $(KACE_APP_DIR)\runkbot.exe 4 0 with wait
- Create a message ("Hey you have new AV so reboot")
As you can see this will dynamically add computers to the label and when the script runs against the label it will remove the old app, add the new one, force an inventory which pulls it out of the label, then tell the user to reboot and be done with it.
The problem is if I set this up to run every hour or 4 hours or whatever, I am going to get up to 300 computers hitting the new AV server on the WAN which I don't want. A few here and there at checkin would be perfect. I want them to do it at checking. - JordanNolan 10 years ago-
Is there any way you can create separate labels based on IP or machine name? In my environment we all of our machines start with two letters. You could branch it out like that depending on your environment. - dugullett 10 years ago
-
I am not sure where you are going with that? - JordanNolan 10 years ago
-
Our main machines start with either CW, MW, or UW. So I created separate labels for the three where
System Name starts with CW and Software Titles Contain "Old AV". Then another for MWs, and another for UWs. Run them one at a time. You can also do the same with the IP addresses.
IP address begins with 192.168.10. and Software Titles contain "Old AV". Depending on how much you want to break it out. - dugullett 10 years ago
-
OK, I see where you are going. Setup multiple labels and just deploy a few at a time. The problem with that is I would have to have 40 labels to hit 2000 computers at 50 per label.
What I am hoping to make work is something like the automatic KACE agent update. When I download a new agent and set it to deploy I don't see all 2000 computers checking in at once to grab it. The all get it when they check in and this is the same concept I am trying to recreate.
1 Check in
2 See you have an update
3 uninstall
4 install new package - JordanNolan 10 years ago
