I have a question. It says for this to work I have to disable the Notifications settings in a Policy. If I set this to “Do Not Notify Users”, how will the user then know when patching is about to start (with an option to defer it)? Patching can cause an endpoint to slow down, and I would like the user to be notified about this.

The scenario I would like to achieve is:

1. Notify user that patching is about to start and provide options to defer this.



2. Once patching has completed, notify the user about pending reboots with options to defer this.



3. Once deferred options are used up, the computer will be forcefully rebooted.

If automox is used to install a patch that requires a reboot, does this trigger Windows 10’s built-in automatic reboot notification (the one built into the OS by Microsoft)?

No, we suppress that and send our own notifications. Right now we do send a notification before reboot of our own, but it doesn’t yet have any deferral options on the reboot, like it does for the patch. We’re working on that for the next phase of improvements, so that the reboot itself can be deferred just like the patch installations.

Alright. I was actually thinking of using what Microsoft has built because it has quite a complete list of capabilities that I can control using registry entries. I don’t suppose there is a way to unsuppress the reboot notification?

Not that I know of. One thing I did write from a worklet standpoint is this one:

that pops up a message and then doesn’t reboot until the user dismisses it.

Hopefully the second phase of the reboot notification project will give you more flexibility and customization once it launches.

For the next version of Automox, can you please include the following for reboot notifications:

1. IdleTime detection. Allow Automox admins to determine a xxx mins of idle time to trigger the reboot. This trigger only happens if it is within the time window specified in #2 below.



2. RebootTimeWindowStart and RebootTimeWindowEnd. These define the start and end times of when automatic reboot can be executed. For example, start time is 1am, and end time is 5am. Automatic reboot will only kick in between these times.



3. Periodic reminder. Outside of any time between RebootTimeWindowStart and RebootTimeWindowEnd, Automox agent will pop up a reminder notification to users that a pending reboot will occur between RebootTimeWindowStart and RebootTimeWindowEnd today. The pop up reminder can be configured with a frequency (i.e. every hour, every 2 hours, etc). The pop up reminder has a two buttons at the bottom that are: Reboot Now, and Dismiss.

I can implement all of that with worklets and powershell that installs scheduled tasks, using toast notifications, and custom protocol handlers (for the reboot action), but I’d much rather have this built in to Automox than cobbling a solution that I have to maintain separately.

Thanks that’s good info. I’ve passed that along to the product managers.

I finally wrote my own Powershell to take care of the above. Needed the feature now. 🙂

I didn’t implement a custom protocol handler because I didn’t think it was necessary in my situation (plus, i’m worried it might be a security risk).

Glad you were able to get your own script written for this one. Is that something you could share on the community for others?

Absolutely. Can I send it to you privately? There’s some company specific stuff that needs to be cleaned up.

Sure, no problem. You can message me directly through the community. Thanks for being willing to share it!

Hi @Nic,

I came across with this worklet to notify users to reboot their devices. I test in my lab workstation but the msg windows disappear quicky without showing the message. Trying to troubleshoot but im stuck right now where is the issue. Can you help?

Thanks!


U

This one might not be the best option to use now that we have the reboot notifications built in. And there’s a few other worklets that you can use to just send reboot prompts to the user as often as you need.

@Nic,

Thanks for your reply. Can you suggest some of this worklets? Im still dealing with stubborn users.

Regards,


U

I’d suggest this one for Mac: Worklet: macOS Deferred Reboot

and this one for Windows: Worklet: Reboot immediately after Windows user dismisses notification message

You could also do this outside of AX with a schedule task or cron job to prompt for a reboot, and you could use a worklet to set those up if you wanted to.

@Nic,

That is the one i used for windows but no message window is popping up. Just blue window screen that disappeared immediately.

Thanks!


U

The blue window popping up means that the powershell script is running, but is failing to execute properly for some reason. What version of Windows 10 is the endpoint?

Windows 10 Pro ver 20H2


OS Build: 19042.844

Ok the first issue might be with the msg.exe command.


Take a look in c:\windows\system32 to make sure that file exists.

msg.exe file exist on this directory c:\windows\system32… The odd thing if i run manually thru this command, the pop-up window shows up and execute correctly - " msg.exe “local username” /W Test Message"

Ok that’s good that it works locally.

Next thing to check is to make sure the message.ps1 file is getting generated correctly. Comment out this line in the Remediation code:

Remove-Item -Path "c:\ProgramData\Amagent\message.ps1"

Then run the worklet and grab the contents of that file and post it here so we can see if it looks correct.

This is the output from message.ps1:

C:\Windows\System32\msg.exe Greenlots IT Greenlots IT /W We have patched a security updates on your devices. Please reboot your workstation to take effect. | Out-Null


Restart-Computer

I noticed there is two username after the command.

Yup, that’s probably the culprit. Now to figure out why it’s happening.

If you run just this command in powershell, what does it return?

(Get-WmiObject -class win32_process -ComputerName 'localhost' | Where-Object name -Match explorer).getowner().user

It returns just the current username “Greenlots IT”

Ok so now to figure out why it’s getting added twice to message.ps1 file. Can you post the code from your remediation section, just to make sure we’re not missing anything in there?