A few days ago one of my peers ask me a very interesting question, how can I get a report that show reboot pending machines. I told him this was not an easy task to be performed in ConfigMgr 2012 due to the many parameters that makes a machine in need of a reboot. So during my research I found one article that talk about getting this information using PowerShell, I found this very interesting and start thinking on the best way for me to accomplish this using ConfigMgr. For my benefit the article was writing by one of my peers, so I reach out to him and ask him a few questions about the script and how I could use it inside ConfigMgr. Let's see how I was able to accomplish it.

Reboot Pending Workflow

The Problem:

Getting a report that will display the reboot pending status of machines.

The solutions:

Use a PowerShell script that was already wrote to accomplish this.

Copy of the PowerShell script created by Brian Wilhite

http://gallery.technet.microsoft.com/scriptcenter/Get-PendingReboot-Query-bdb79542

To know more about this PowerShell script you can read it on the Scripting Guy:

http://blogs.technet.com/b/heyscriptingguy/archive/2013/06/10/determine-pending-reboot-status-powershell-style-part-1.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/06/11/determine-pending-reboot-status-powershell-style-part-2.aspx

The Challenge:

Find the best way to implement the script with ConfigMgr.

To be able to implement this challenge we try to use a Configuration Item to run it against each machine.

We created a new Configuration Item that will use a PowerShell script for the compliance check.

image

Note: The GetPendingReboot PowerShell script was modified to fit the needs of this configuration item, its suggested to use the provided CI instead of creating a new one.

The CI will identify if the reboot is needed from the machines or not and if it’s required will be listed as non-compliant.

Once the configuration item is completed, lets create a configuration baseline to deploy it to all the configuration manager desktop clients.

image

During the deployment of the baseline you will specify how often you want it to check against the system, here you can set it to everyday or once a week it depends on your environment.

One of the options is to create a new collection based on the compliance status, you just need to right click on it and create the collection that you need. For this case, create a Non-Complaint collection.

image

We will use this collection later on to perform a manual remediation of those clients.

Reporting of those clients pending reboot, here is one of the interesting information.

Create reports that will show how those machines that have a reboot pending.

For this we have created a series of reports to help you get this information.

The first report is call Dashboard - Reboot Pending Check PFE V1

image

In this dashboard, you find general information about the reboot pending check baseline and how your environment is reporting against it.

If you want to view those machines that are not in compliance you can click on Non-Compliant and it take you to another report that provide you with a list of those machines.

The report is call List of Non-Compliant Reboot Pending Machines PFE V1.

image

The report display information about those machines that need a reboot, with this you be able to tell what your next step is.

We also have included a report called List of Compliant Reboot Pending Machines, this list those machines that don’t need a reboot. Also those where the script is not able to run, the report is call List of Error Configuration Items Reboot Pending Machines PFE v1. This last report will give you information of those machines that were not able to run the Compliance Item due to a script error or a PowerShell execution policy.

Remediation:

To remediate those machines that have a reboot pending I suggest creating a package/program that perform a restart once the command ran, here is a screenshot of my program.

image

With this program I will make sure the machine gets a notification for the restart like the following:

clip_image002

Give the user time to close all the windows before the restart, they can hide this and it be on the task bar waiting until the time pass.

clip_image004

To where you will deploy this, to the collection we created for those that are not complaint

clip_image006

Note* The results may be different from customer to customer, so is very important to make the right call for remediation. Currently I’m researching another option for the remediation step as well. A Remediation script as part of your CI can have non desired restart behavior, also if you don’t perform the reboot within the 24 hours where the baseline check against the machine, there is a chance that machine no longer need a reboot. So its recommended to deploy the baseline and check the compliance on the machine on a daily basis.

I got a Script Error message on my baseline:

Sorry you received the error. More than likely you will need to modify the client agent setting to allow PowerShell Execution policy script to be run, my recommendation is to set this policy to bypass so the script can run. Here is a screen shot of this configuration on my Lab.

Get the Compliance Baseline and Reports in the following link:

http://gallery.technet.microsoft.com/Reboot-Pending-Check-b943d901

Here is a video on how to implement the solution:

http://channel9.msdn.com/Blogs/ConfigNinja/RebootPendingSCCM2012

Note: The video will play better if you go directly to the link, I tried to embedded to this blog post but was cutting some part of the screen.
Also check this solution for Orchestrator:

http://blogs.technet.com/b/neilp/archive/2013/02/12/system-center-2012-configuration-manager-determine-reboot-pending-state-using-wmi-powershell-orchestrator-runbook.aspx

Do this article help you? Leave a comment.

Special Thanks to my peers:

Brian Wilhite – PFE Platforms

Steven Hernandez – PFE/DSE ConfigMgr

 

Santos Martinez – Sr. PFE – ConfigMgr and Databases

Disclaimer: The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of any included script samples are subject to the terms specified in the Terms of Use