A few days ago one of my peers ask me a very interesting question, how can I get a report that show reboot pending machines. I told him this was not an easy task to be performed in ConfigMgr 2012 due to the many parameters that makes a machine in need of a reboot. So during my research I found one article that talk about getting this information using PowerShell, I found this very interesting and start thinking on the best way for me to accomplish this using ConfigMgr. For my benefit the article was writing by one of my peers, so I reach out to him and ask him a few questions about the script and how I could use it inside ConfigMgr. Let's see how I was able to accomplish it.
Getting a report that will display the reboot pending status of machines.
Use a PowerShell script that was already wrote to accomplish this.
Copy of the PowerShell script created by Brian Wilhite
To know more about this PowerShell script you can read it on the Scripting Guy:
Find the best way to implement the script with ConfigMgr.
To be able to implement this challenge we try to use a Configuration Item to run it against each machine.
We created a new Configuration Item that will use a PowerShell script for the compliance check.
Note: The GetPendingReboot PowerShell script was modified to fit the needs of this configuration item, its suggested to use the provided CI instead of creating a new one.
The CI will identify if the reboot is needed from the machines or not and if it’s required will be listed as non-compliant.
Once the configuration item is completed, lets create a configuration baseline to deploy it to all the configuration manager desktop clients.
During the deployment of the baseline you will specify how often you want it to check against the system, here you can set it to everyday or once a week it depends on your environment.
One of the options is to create a new collection based on the compliance status, you just need to right click on it and create the collection that you need. For this case, create a Non-Complaint collection.
We will use this collection later on to perform a manual remediation of those clients.
Reporting of those clients pending reboot, here is one of the interesting information.
Create reports that will show how those machines that have a reboot pending.
For this we have created a series of reports to help you get this information.
The first report is call Dashboard - Reboot Pending Check PFE V1
In this dashboard, you find general information about the reboot pending check baseline and how your environment is reporting against it.
If you want to view those machines that are not in compliance you can click on Non-Compliant and it take you to another report that provide you with a list of those machines.
The report is call List of Non-Compliant Reboot Pending Machines PFE V1.
The report display information about those machines that need a reboot, with this you be able to tell what your next step is.
We also have included a report called List of Compliant Reboot Pending Machines, this list those machines that don’t need a reboot. Also those where the script is not able to run, the report is call List of Error Configuration Items Reboot Pending Machines PFE v1. This last report will give you information of those machines that were not able to run the Compliance Item due to a script error or a PowerShell execution policy.
To remediate those machines that have a reboot pending I suggest creating a package/program that perform a restart once the command ran, here is a screenshot of my program.
With this program I will make sure the machine gets a notification for the restart like the following:
Give the user time to close all the windows before the restart, they can hide this and it be on the task bar waiting until the time pass.
To where you will deploy this, to the collection we created for those that are not complaint
Note* The results may be different from customer to customer, so is very important to make the right call for remediation. Currently I’m researching another option for the remediation step as well. A Remediation script as part of your CI can have non desired restart behavior, also if you don’t perform the reboot within the 24 hours where the baseline check against the machine, there is a chance that machine no longer need a reboot. So its recommended to deploy the baseline and check the compliance on the machine on a daily basis.
Sorry you received the error. More than likely you will need to modify the client agent setting to allow PowerShell Execution policy script to be run, my recommendation is to set this policy to bypass so the script can run. Here is a screen shot of this configuration on my Lab.
Special Thanks to my peers:
Brian Wilhite – PFE Platforms
Steven Hernandez – PFE/DSE ConfigMgr
Santos Martinez – Sr. PFE – ConfigMgr and Databases