A few days ago one of my peers ask me a very interesting question, how can I get a report that show reboot pending machines. I told him this was not an easy task to be performed in ConfigMgr 2012 due to the many parameters that makes a machine in need of a reboot. So during my research I found one article that talk about getting this information using PowerShell, I found this very interesting and start thinking on the best way for me to accomplish this using ConfigMgr. For my benefit the article was writing by one of my peers, so I reach out to him and ask him a few questions about the script and how I could use it inside ConfigMgr. Let's see how I was able to accomplish it.
Getting a report that will display the reboot pending status of machines.
Use a PowerShell script that was already wrote to accomplish this.
Copy of the PowerShell script created by Brian Wilhite
To know more about this PowerShell script you can read it on the Scripting Guy:
Find the best way to implement the script with ConfigMgr.
To be able to implement this challenge we try to use a Configuration Item to run it against each machine.
We created a new Configuration Item that will use a PowerShell script for the compliance check.
Note: The GetPendingReboot PowerShell script was modified to fit the needs of this configuration item, its suggested to use the provided CI instead of creating a new one.
The CI will identify if the reboot is needed from the machines or not and if it’s required will be listed as non-compliant.
Once the configuration item is completed, lets create a configuration baseline to deploy it to all the configuration manager desktop clients.
During the deployment of the baseline you will specify how often you want it to check against the system, here you can set it to everyday or once a week it depends on your environment.
One of the options is to create a new collection based on the compliance status, you just need to right click on it and create the collection that you need. For this case, create a Non-Complaint collection.
We will use this collection later on to perform a manual remediation of those clients.
Reporting of those clients pending reboot, here is one of the interesting information.
Create reports that will show how those machines that have a reboot pending.
For this we have created a series of reports to help you get this information.
The first report is call Dashboard - Reboot Pending Check PFE V1
In this dashboard, you find general information about the reboot pending check baseline and how your environment is reporting against it.
If you want to view those machines that are not in compliance you can click on Non-Compliant and it take you to another report that provide you with a list of those machines.
The report is call List of Non-Compliant Reboot Pending Machines PFE V1.
The report display information about those machines that need a reboot, with this you be able to tell what your next step is.
We also have included a report called List of Compliant Reboot Pending Machines, this list those machines that don’t need a reboot. Also those where the script is not able to run, the report is call List of Error Configuration Items Reboot Pending Machines PFE v1. This last report will give you information of those machines that were not able to run the Compliance Item due to a script error or a PowerShell execution policy.
To remediate those machines that have a reboot pending I suggest creating a package/program that perform a restart once the command ran, here is a screenshot of my program.
With this program I will make sure the machine gets a notification for the restart like the following:
Give the user time to close all the windows before the restart, they can hide this and it be on the task bar waiting until the time pass.
To where you will deploy this, to the collection we created for those that are not complaint
Note* The results may be different from customer to customer, so is very important to make the right call for remediation. Currently I’m researching another option for the remediation step as well. A Remediation script as part of your CI can have non desired restart behavior, also if you don’t perform the reboot within the 24 hours where the baseline check against the machine, there is a chance that machine no longer need a reboot. So its recommended to deploy the baseline and check the compliance on the machine on a daily basis.
Sorry you received the error. More than likely you will need to modify the client agent setting to allow PowerShell Execution policy script to be run, my recommendation is to set this policy to bypass so the script can run. Here is a screen shot of this configuration on my Lab.
Special Thanks to my peers:
Brian Wilhite – PFE Platforms
Steven Hernandez – PFE/DSE ConfigMgr
Santos Martinez – Sr. PFE – ConfigMgr and Databases
Thanks for posting this. Would you have any recommendations for utilising this process to reboot servers pending a reboot prior to updates being installed? Ideally I'd like any servers that are pending a reboot to be rebooted 30 mins prior to updates being
installed during the maintenance windows we set. Also, I was wondering if you're aware if the script is capable of detecting pending reboots generated by new device installations.
@Daniel, There is always the it depends on the reboot before the updates are going to install. I guess is all about timing right, making sure the machines reboot at specific time and the updates start at a later time. I'm not aware of a script to detect
a pending reboot by new installation, but it should be no different than what Brian created.
I'm having problems with the Dashboard. It's reporting too many systems.
I think the problem is in the dataset : Tot = COUNT(*) over()
'Count()' does not apply 'distinct' when you try to calculate totals, as it is applied when you use 'select distinct' at the begining of the dataset.
So, 'Count()' reports you a number of systems that is not real.
I have tried to fix it, but I am not an SQL guru.... I am stuck....
Your development could be of an inmense help for us....
Could you help me ?
Nice solution Santos, and reports look familiar to me..
Thanks for posting
Hi Santos ,
Nice solution , but I struggle with machines in the collections compliant / non compliant.
I found the same machines in different collection (compliant and non-compliant).
these collections are based on SMS_G_System_DCMDeploymentState.ComplianceState ; and I see that this field is not always unique . Seems that it is not replaced when a compliance state change, but only a new entry is added there. Is there a way to have only
the latest Compliancestate in the collection ? I seen the same issue with the reports.
@EricBelgacom, Interesting I suggest you send me an email or a DM in Twitter with a few more details. Remember this report is a working sample and you may need to customize it and tweak it for your own environment.
hello , ok but I didn't have your mail .
Enven in your book , I didn't find (I just realize you were one of the writers for Mastering SCCM 2012R2 :-)
@Andres and @Santos: I'm having the same symptoms as Andres: Dashboard shows a total of over 500 systems, even though I have fewer than 250. Any resolution? I have 2012 R2 CU2.
Hello All, Change the Expresion in Total Affected Systems to this =Sum(Fields!CountNoncompliant.Value, "ComplianceStateperCI")