6 Replies Latest reply on Dec 29, 2009 2:24 PM by CranePet

    Software Distribution using Security Patch Manager




      I need to deploy corporate Screensaver to about 6000 machines. Default method is using scheduler with PSP, I am encountering a strange problem while doing a mass deployment... few machines reboot / shutdown automatically within 5 sec without providing option to cancel. Can some one please guide me how to deploy a package (.exe) created by standard package builder using Security Patch Manager.


      I believe deploying a package through Security Patch Manager is safe during mass rollout as it guarantee the deployment to all the machines and no fear of machine reboot.


      Please can some one guide me with this?



      Many Thanks

      Praveen S.D

        • 1. Re: Software Distribution using Security Patch Manager



          As per your description the machine gets rebooted when you push the package.

          While deploying the package using Security and Patch Manager when we go to repair Tab there is an option for Scna and Repair settings.

          Here under the reboot option select the options that you wish to configure (like never reboot).

          An alternate way would be to use Landesk Software Distribution to achieve the deployment of the package and then create delivery methods to suite your enviornment.





          Robin Hood

          • 2. Re: Software Distribution using Security Patch Manager
            mrspike SSMMVPGroup



            In the delivery method you are using, look through it and click on the "reboot" item, you would want it set to "never reboot"



            As far as using Patch Manager, you will need to create a custom definition


            This link will give you some guidance





            If you need more help just ask

            1 of 1 people found this helpful
            • 3. Re: Software Distribution using Security Patch Manager

              Hi Robin


              Thanks for the reply, in the delivery method I have set the option 'Never Reboot' despite of this few machines reboot autometically. The worst part is the reboot prompt that appears on the end user machine starts with 5 sec countdown so by the time user notice it and save their work, system is rebootedand all their work is lost.

              • 4. Re: Software Distribution using Security Patch Manager

                You might want to check the agent settings and confirm the reboot options there. It might also be good to deploy an agent update just to be sure that all of the agents are set the same. If some machines are functioning different than others, it could be that the agent configuration is different on those machines.

                • 5. Re: Software Distribution using Security Patch Manager
                  zman Master

                  Some good advice about reboot options. We are assuming that (since you did not specify a lot of specifics - LANDesk version, etc...):

                  • You are using patch manager's Autofix option
                  • You are deploying a custom .scr file to all machines
                  • You are trying to set the screensaver as the default screensaver


                  Depending on how you have your agent settings an autofix custom definition may not offer you anything than a required policy or a Policy supported push.  Also if you are trying to set the screensaver in the registry, please keep in mind that it is a HKCU registry key and this will be very difficult to do with Autofix. If you have a custom definition make sure in your Detection Rules - Patch Information - Repair information that reboot is NO.


                  There should be no reason to use Package Builder if you are using a custom definition - simple copy of a file. If you provide us with more details/specifics we can help.

                  • 6. Re: Software Distribution using Security Patch Manager



                    Part of your reboot problem may have to do with pending file renames.  When you set your Delivery Method (in Software Distribution) or Scan And Repair Settings (in Patch Manager) to "Reboot only if needed", then the client checks to see if there is a reboot pending.  If there is, a reboot is initiated.


                    Many software packages don't clean up the pending file rename key after they install, leaving the device in a constant "reboot pending" state.


                    Here is the key the client checks...


                    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations


                    I created a custom definition to scan and delete this key. I run this custom definition before a start a big software rollout or patch cycle to clean up the machines.