Recently I was helping a customer who was having a challenge with software updates in that some of their endpoints were installing software updates the day that updates were made available and not waiting until the deadline was set.
After verifying that the software update deployment was setup correctly as shown below:
We confirmed that the clients were in fact deploying software updates the evening of November 27th, 2019 and not waiting until the deadline of December 6th, 2019 by reviewing the client logs on a Machine that did install the updates.
Upon reviewing UpdatesDeployment.log on we discovered the following entries:
- Automatic required software installation during non-business hours is selected UpdatesDeploymentAgent 11/27/2019 11:00:00 PM 23472 (0x5BB0)
- Auto install during non-business hours is enabled, selecting all required updates. UpdatesDeploymentAgent 11/27/2019 11:00:00 PM 23472 (0x5BB0)
This caused us to review the Software Center on the Client and confirmed that “Automatically install or uninstall required software and restart the computer only outside of the specified business hours” was checked in Software Center.
This is what was causing the software updates to automatically install outside of business hours in this customers case 11:00pm.
The customer had a Configuration Baseline that set this on the majority of clients without fully realizing what the ramifications were to deadlines.
The customer updated the CI’s to uncheck this so that the SCCM Admins would have better control over when deployments install on the Clients.
#Detection Script for "Automatically install or uninstall required software and restart the computer only outside of the specified business hours"
$Results = (Invoke-CimMethod -Namespace "ROOT\ccm\ClientSDK" -ClassName "CCM_ClientUXSettings" -MethodName "GetAutoInstallRequiredSoftwaretoNonBusinessHours").AutomaticallyInstallSoftware
If ($Results -eq $false){ #$true = Checked $False = Unchecked
Write-Host "Compliant"
} Else {
Write-Host "Non-Compliant"
}
#Remediation Script for "Automatically install or uninstall required software and restart the computer only outside of the specified business hours"
#$true = Checked $False = Unchecked
Invoke-CimMethod -Namespace "ROOT\ccm\ClientSDK" -ClassName "CCM_ClientUXSettings" -MethodName "SetAutoInstallRequiredSoftwaretoNonBusinessHours" -Arguments @{ AutomaticallyInstallSoftware = $false } | Out-Null
After this Baseline is run on the Clients “Automatically install or uninstall required software and restart the computer only outside of the specified business hours” is no longer selected, and the deployments will wait until the deadline before attempting to install.
You must log in to post a comment.