Idea ID: 2781016

Mechanism to avoid reboots during user sessions.

Status: Waiting for Votes

Waiting for Votes

See status update history

Currently the method for rebooting a device following patch installation has the potential to disrupt a users session with the chance of data loss. For instance a user may leave their workstation for an extended period during which a patch is installed that requires a reboot, the system will prompt them that this will occur in, say, 10 minutes whilst they are still away. The machine reboots as designed and the user has lost their very important work. OH NO!

This could be resolved if there were an option in the Patch Policy Reboot Behaviour section to reboot the workstation when no user is logged in or upon user logout if there is a user session in progress at the time of patching.


  • This is a genuine requirement and I personally feel it would be a great enhancement if approved. One of my clients had also raised similar reqhirements.
  • Great enhancement request! By chance, I recently had a customer ask me for a way to do this and one of my engineers came up with an approach the customer was able to implement. You can read about it in a Cool Solutons article at Darrin VandenBos ZENworks Product Manager
  • This is an enhancement that certainly makes a lot of sense. At the moment, there is a workflow that allows you to get "patch on user logout" behavior. The basic approach is to use a bundle to flag when a reboot is required after a Patch policy is applied, then use another bundle to initiate a reboot after logout if that flag is present. Use of bundles, of course, requires ZENworks Configuration Management. Here is how to implement it: 1.First of all, make sure that reboot is set to no with no user prompts.2.Create a bundle that writes a file to disk. This file is the "flag" that will initiate a reboot on user logout: 1.First, create a simple text file and name it "Reboot Required.txt". It doesn't need to include any text.2.Create a Windows "Install File(s)" bundle. I named mine "Install Reboot File".3.When creating the bundle, upload the "Reboot Required.txt" file, set the Destination Directory to "c:\" (or another location if preferred by the customer), and set the Copy Option to "Copy If Does Not Exist".4.After creating the bundle, go in and assign it to all of the devices that you want rebooted. I simply assigned my bundle to the Windows 10 Workstations dynamic group so it would apply to all of my Windows 10 workstations.5.Publish the bundle.3.Create another bundle that initiates a reboot of the device after a user logs out:1.Create a Windows "Empty Bundle". I named mine "Initiate Reboot."2.After creating the bundle, add a "File Exists" system requirement and specify "c:\Reboot Required.txt" as the file (if you used a different name or path, use that name and path.)3.Add a "File Removal" Launch action that removes the "c:\Reboot Required.txt" file. Run the action as System. This causes the file to be removed when the user initiates a log out, which we need in order to reset the process for the next time a Patch policy is applied.4.Add a "Reboot/Shutdown" Launch action and set the "Time to wait before Reboot/Shutdown" to 0 seconds so that it happens immediately after logout.5.Assign the bundle to the same devices as the "Install Reboot File" bundle. When doing so, deselect all of the "Shortcut Locations" so that it is not displayed to the user. Configure a Launch Schedule with a Schedule Type of Event = "User Logout".6.Publish the bundle4.Edit each Patch policy to add a "Launch Bundle" Post-Enforcement action that launches the "Install Reboot File" bundle. Republish the policies after editing them. IMPORTANT: Make sure to do this in ALL policies.5.On an assigned device, do a refresh. In the Z-icon bundles list you should see the Patch policy bundles, the "Install Reboot File" bundle, and the "Initiate Reboot" bundle. If not, check the assignments on the Patch policy and two bundles.6.To test, use "zac pap" at the command line to apply the Patch policies. When a Patch policy runs on a device, the following will happen:1.Patches included in the policy will be installed.2.The "Install Reboot File" bundle will be launched at the end of the policy and the "Reboot Required.txt" file will be copied to the device if it does not already exist. This is the "flag" that indicates a reboot is required.3.When the user logs out, the "Initiate Reboot" bundle is launched. If the "Reboot Required.txt" file exists, the bundle instructs the device to reboot after logout. The bundle also deletes the "Reboot Required.txt" file. This ensures that a reboot doesn't happen every logout - only those logouts after which a Patch policy has been applied.4.After the logout, the reboot happens.
  • An option to "Update and Shutdown" as seen with the Windows system updates would be very useful.
  • I've noticed this with competitors' projects and lost data (virtual machines) because they would do exactly this. The amount of frustration I feel when this happens is hard to describe, and I at least understand the need and risks associated with not patching, where many end users do not.