Important note about System Center 2012 Configuration Manager and client machine restart notifications

Important note about System Center 2012 Configuration Manager and client machine restart notifications

  • Comments 8
  • Likes

WarningNOTE Second workaround added 1/23/2013. See Alternate Workaround section at the end of this article.

Consider the following scenario:

- You set System Center 2012 Configuration Manager (ConfigMgr) Client Agent\Computer Agent\Show notifications for new deployments to "False".

- You create a Software Updates Deployment in ConfigMgr.

- The Software Updates Deployment contains software updates that require a machine restart in order to complete installation.

- You configure the User Experience\User Notifications configuration setting for the deployment to "Hide in Software Center and all notifications".

- You configure the User Experience\Device Restart behavior configuration setting to “Suppress the system restart for both Servers and Workstations”.  

Expected behavior:

No user notifications are displayed before, during, or after the software updates installation processes run..

Actual behavior:

Machine restart notifications are displayed on the ConfigMgr client machine after the post-install software updates scan completes. The notifications are displayed on all supported client operating system versions.

First visible indication:

A yellow "Restart Required" balloon notification is displayed.

If you click within the boundary of this yellow balloon notification, a Software Center "Restart your computer" notification is displayed. If you do not click within the boundary of the yellow notification box, the Software Center notification is not created and the yellow balloon notification fades away after approximately 5 seconds.

If you make no selections in the Software Center notification, it remains onscreen indefinitely. If you click Cancel or if you click Snooze and then click “OK”, the Software Center notification closes and a green icon is displayed to the far left of the visible notification area. If you mouse over the icon, a small “restart required” dialogue opens up.

 

To date, only one method has been identified that will disable all visible machine restart notifications.

NOTE Second workaround added 1/23/2013. See Alternate Workaround section at the end of this article.

This method uses a combination of domain GPO Adm template settings and Local Policy Adm template settings with Windows 7 and Windows 2008 R2.  The specific Local Policy configuration settings are new with Windows 7 and Windows 2008 R2.  Thus these are the only client operating systems with which it is possible to achieve complete and total suppression of the restart notifications.  These policies are:

NOTE Best practice discourages unnecessary editing of the Default Domain Policy.

Domain  Policy
User Configuration
Policies
Admin templates
Start Menu and Taskbar
Set "Turn off all Balloon Notifications" to "Enabled"


Local policy on Win 7 (New setting for Windows 7):

Local Policy
User Configuration
Policies
Admin templates
Start Menu and Taskbar
Set  "Turn off automatic promotion of notifications to the taskbar" to Enabled.

References:

Agent Configuration

clip_image002

Deployment User Experience configuration

clip_image004

Yellow Balloon Notification

clip_image005

Software Center notification

image

Green notification area icon

clip_image008

 

Alternate Workaround

An additional workaround has been identified.  This new workaround uses a single Windows Software Restriction GPO configuration setting to prevent SCNotification.exe from running and generating pop-up notifications.  Note that this workaround will disable ALL ConfigMgr 2012 pop-up notifications.  The Software Restriction GPO is available in Local Security Policy configuration settings and in Domain Policy configuration settings.  These settings are common to Windows XP, Windows 7, Windows 8, Windows 2003, and Windows 2008.

To implement this workaround with a Local Security Policy:

Click Start, then Run.

Type secpol.msc, then click OK.

Navigate to Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Software Restriction Policies\

Right-Click “Software Restriction Policies”; select “New Software Restriction Policies” from the pop-up menu.

Right-Click “Additional Rules”; select “ New Path Rule” from the pop-up menu.

Select “Browse” and browse  to SCnotification.exe on the local machine or manually enter the path to ScNotification.exe.

Select “Disallowed”.

Click “OK” .

Right-Click “Additional Rules”; select “ New Hash Rule” from the pop-up menu.

Browse to and select SCnotification.exe on the local machine; hash values will be detected and added to the new rule.

Select “Disallowed”.

Click “OK”.

Close Local Security Policy Editor. It should look something like this:

clip_image001

To implement this workaround with a Domain Security Policy:

Open Group Policy Management Editor.

Select the Policy that you want to use to enable the Software Restriction Policies or create a new GPO.

Right-click the policy; select "edit" from the pop-up menu.

Navigate to policyname\\Computer Configuration\Policies\Windows Settings\Security Settings\Software Restriction Policies\

Right-Click “Software Restriction Policies”; select “New Software Restriction Policies” from the pop-up menu.

Right-Click “Additional Rules”; select “ New Path Rule” from the pop-up menu.

Select “Browse” and browse  to SCnotification.exe on the local machine or manually enter the path to ScNotification.exe.

Select “Disallowed”.

Click “OK”.

Right-Click “Additional Rules”; select “ New Hash Rule” from the pop-up menu.

Browse to and select SCnotification.exe on the local machine; hash values will be detected and added to the new rule.

Select “Disallowed”.

Click “OK”.

Close Group Policy Management Editor. It should look something like this:

clip_image001[6]

 

Thanks to Premier Field Engineer Volkan Coskun for identifying this alternate workaround.

Terry McKinney | Premier Field Engineer

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

App-V Team blog: http://blogs.technet.com/appv/
ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/
DPM Team blog: http://blogs.technet.com/dpm/
MED-V Team blog: http://blogs.technet.com/medv/
Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
Operations Manager Team blog: http://blogs.technet.com/momteam/
SCVMM Team blog: http://blogs.technet.com/scvmm
Server App-V Team blog: http://blogs.technet.com/b/serverappv
Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center Essentials Team blog: http://blogs.technet.com/b/systemcenteressentials
WSUS Support Team blog: http://blogs.technet.com/sus/

The Forefront Server Protection blog: http://blogs.technet.com/b/fss/
The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity- support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • <p>Thanks for posting this, I&#39;ve been running into this exact problem. &nbsp;Will there be a fix for it in SCCM 2012 SP1?</p>

  • <p>Yes, a fix would be nice. &nbsp;Rather not have to hack GPOs to solve this.</p>

  • <p>After considerable review we will not be able to take a product change to SP1 to alter the current notification behavior. &nbsp;We are committed to revisit this in the planning stages for our next release.</p>

  • <p>By &quot;next release&quot; do you mean SP2 or a CU?</p>

  • <p>I was unable to find any details about this behavior changing in SCCM 2012 R2. &nbsp;Are there still plans to fix this problem? &nbsp;It seems very confusing to offer the Administrator an option that states &quot;Hide in Software Center and all notifications&quot; and then have the client still pop notifications.</p> <p>At the very least it would be nice for the selection to read &quot;Hide in Software Center and all notifications, except a one time nag notification&quot;</p>

  • <p>If you use the first workaround, password expiration notfications no longer pop up. &nbsp;We had to turn balloon notifications back on. </p>

  • We need a pop-up notification to be able to prompt the user to restart thier machine that never goes away. This means we could deploy apps that require a re-start but allow the user to save their work and then click on a dialog to re-start. Please can this be added to SP2!!

  • Go find SCNotification and remove read and execute to the Interactive group.