Installing Shopping Central when SMS Provider is NOT hosted on ConfigMgr site server

    The following describes the required permissions the Shopping Service Account needs when installing Shopping Central in a distributed server/component environment:

    Servers

    ========

    SHOPPING (W2K3)- Shopping Central Server

    NMCM01 (W2K8) – ConfigMgr Central Site Server

    NMSQL01 (W2K8) – SQL Server (2K8) hosting ConfigMgr site database AND ConfigMgr SMS Provider

  1. On server hosting ConfigMgr SMS Provider: add Shopping Service account to local Distributed COM Users group. – NOT documented in Shopping Installation Guide
    • Note: In my environment, this was the SQL server (NMSQL01)
  2. On the ConfigMgr site server: grant full WMI permissions for both the Root/SMS (Note: Root\SMS\Site_<sitecode> is not listed because in my lab, the SMS Provider is hosted on the remote SQL server. See bullet below for instructions for when SMS Provider is hosted remotely on a different server).
  3. On server hosting ConfigMgr “SMS Provider“: grant full WMI permissions for both the Root/SMS and the Root/SMS/SMS_<SiteCode> namespaces. – IS documented in Shopping Installation Guide. However, “Root\SMS\Site_<sitecode>” namespace ONLY exists on servers hosting the SMS Provider. If the SMS Provider is installed on the site server, then the namespace will exist on the site server. As you see on the left is the SQL server hosting the SMS Provider, which has the namespace. At the bottom is a site server that is also hosting the SMS Provider. However, on the right is the site server (which is NOT hosting the SMS Provider) does NOT have the namespace.

Installing Shopping Central when SMS Provider is NOT hosted on ConfigMgr site server

    The following describes the required permissions the Shopping Service Account needs when installing Shopping Central in a distributed server/component environment:

    Servers

    ========

    SHOPPING (W2K3)- Shopping Central Server

    NMCM01 (W2K8) – ConfigMgr Central Site Server

    NMSQL01 (W2K8) – SQL Server (2K8) hosting ConfigMgr site database AND ConfigMgr SMS Provider

  1. On server hosting ConfigMgr SMS Provider: add Shopping Service account to local Distributed COM Users group. – NOT documented in Shopping Installation Guide
    • Note: In my environment, this was the SQL server (NMSQL01)
  2. On the ConfigMgr site server: grant full WMI permissions for both the Root/SMS (Note: Root\SMS\Site_<sitecode> is not listed because in my lab, the SMS Provider is hosted on the remote SQL server. See bullet below for instructions for when SMS Provider is hosted remotely on a different server).
  3. On server hosting ConfigMgr “SMS Provider“: grant full WMI permissions for both the Root/SMS and the Root/SMS/SMS_<SiteCode> namespaces. – IS documented in Shopping Installation Guide. However, “Root\SMS\Site_<sitecode>” namespace ONLY exists on servers hosting the SMS Provider. If the SMS Provider is installed on the site server, then the namespace will exist on the site server. As you see on the left is the SQL server hosting the SMS Provider, which has the namespace. At the bottom is a site server that is also hosting the SMS Provider. However, on the right is the site server (which is NOT hosting the SMS Provider) does NOT have the namespace.

Installing Shopping Central when SMS Provider is NOT hosted on ConfigMgr site server

    The following describes the required permissions the Shopping Service Account needs when installing Shopping Central in a distributed server/component environment:

    Servers

    ========

    SHOPPING (W2K3)- Shopping Central Server

    NMCM01 (W2K8) – ConfigMgr Central Site Server

    NMSQL01 (W2K8) – SQL Server (2K8) hosting ConfigMgr site database AND ConfigMgr SMS Provider

  1. On server hosting ConfigMgr SMS Provider: add Shopping Service account to local Distributed COM Users group. – NOT documented in Shopping Installation Guide
    • Note: In my environment, this was the SQL server (NMSQL01)
  2. On the ConfigMgr site server: grant full WMI permissions for both the Root/SMS (Note: Root\SMS\Site_<sitecode> is not listed because in my lab, the SMS Provider is hosted on the remote SQL server. See bullet below for instructions for when SMS Provider is hosted remotely on a different server).
  3. On server hosting ConfigMgr “SMS Provider“: grant full WMI permissions for both the Root/SMS and the Root/SMS/SMS_<SiteCode> namespaces. – IS documented in Shopping Installation Guide. However, “Root\SMS\Site_<sitecode>” namespace ONLY exists on servers hosting the SMS Provider. If the SMS Provider is installed on the site server, then the namespace will exist on the site server. As you see on the left is the SQL server hosting the SMS Provider, which has the namespace. At the bottom is a site server that is also hosting the SMS Provider. However, on the right is the site server (which is NOT hosting the SMS Provider) does NOT have the namespace.

Installing Shopping Central when SMS Provider is NOT hosted on ConfigMgr site server

    The following describes the required permissions the Shopping Service Account needs when installing Shopping Central in a distributed server/component environment:

    Servers

    ========

    SHOPPING (W2K3)- Shopping Central Server

    NMCM01 (W2K8) – ConfigMgr Central Site Server

    NMSQL01 (W2K8) – SQL Server (2K8) hosting ConfigMgr site database AND ConfigMgr SMS Provider

  1. On server hosting ConfigMgr SMS Provider: add Shopping Service account to local Distributed COM Users group. – NOT documented in Shopping Installation Guide
    • Note: In my environment, this was the SQL server (NMSQL01)
  2. On the ConfigMgr site server: grant full WMI permissions for both the Root/SMS (Note: Root\SMS\Site_<sitecode> is not listed because in my lab, the SMS Provider is hosted on the remote SQL server. See bullet below for instructions for when SMS Provider is hosted remotely on a different server).
  3. On server hosting ConfigMgr “SMS Provider“: grant full WMI permissions for both the Root/SMS and the Root/SMS/SMS_<SiteCode> namespaces. – IS documented in Shopping Installation Guide. However, “Root\SMS\Site_<sitecode>” namespace ONLY exists on servers hosting the SMS Provider. If the SMS Provider is installed on the site server, then the namespace will exist on the site server. As you see on the left is the SQL server hosting the SMS Provider, which has the namespace. At the bottom is a site server that is also hosting the SMS Provider. However, on the right is the site server (which is NOT hosting the SMS Provider) does NOT have the namespace.

Installing Shopping Central when SMS Provider is NOT hosted on ConfigMgr site server

    The following describes the required permissions the Shopping Service Account needs when installing Shopping Central in a distributed server/component environment:

    Servers

    ========

    SHOPPING (W2K3)- Shopping Central Server

    NMCM01 (W2K8) – ConfigMgr Central Site Server

    NMSQL01 (W2K8) – SQL Server (2K8) hosting ConfigMgr site database AND ConfigMgr SMS Provider

  1. On server hosting ConfigMgr SMS Provider: add Shopping Service account to local Distributed COM Users group. – NOT documented in Shopping Installation Guide
    • Note: In my environment, this was the SQL server (NMSQL01)
  2. On the ConfigMgr site server: grant full WMI permissions for both the Root/SMS (Note: Root\SMS\Site_<sitecode> is not listed because in my lab, the SMS Provider is hosted on the remote SQL server. See bullet below for instructions for when SMS Provider is hosted remotely on a different server).
  3. On server hosting ConfigMgr “SMS Provider“: grant full WMI permissions for both the Root/SMS and the Root/SMS/SMS_<SiteCode> namespaces. – IS documented in Shopping Installation Guide. However, “Root\SMS\Site_<sitecode>” namespace ONLY exists on servers hosting the SMS Provider. If the SMS Provider is installed on the site server, then the namespace will exist on the site server. As you see on the left is the SQL server hosting the SMS Provider, which has the namespace. At the bottom is a site server that is also hosting the SMS Provider. However, on the right is the site server (which is NOT hosting the SMS Provider) does NOT have the namespace.

Installing Shopping Central when SMS Provider is NOT hosted on ConfigMgr site server

    The following describes the required permissions the Shopping Service Account needs when installing Shopping Central in a distributed server/component environment:

    Servers

    ========

    SHOPPING (W2K3)- Shopping Central Server

    NMCM01 (W2K8) – ConfigMgr Central Site Server

    NMSQL01 (W2K8) – SQL Server (2K8) hosting ConfigMgr site database AND ConfigMgr SMS Provider

  1. On server hosting ConfigMgr SMS Provider: add Shopping Service account to local Distributed COM Users group. – NOT documented in Shopping Installation Guide
    • Note: In my environment, this was the SQL server (NMSQL01)
  2. On the ConfigMgr site server: grant full WMI permissions for both the Root/SMS (Note: Root\SMS\Site_<sitecode> is not listed because in my lab, the SMS Provider is hosted on the remote SQL server. See bullet below for instructions for when SMS Provider is hosted remotely on a different server).
  3. On server hosting ConfigMgr “SMS Provider“: grant full WMI permissions for both the Root/SMS and the Root/SMS/SMS_<SiteCode> namespaces. – IS documented in Shopping Installation Guide. However, “Root\SMS\Site_<sitecode>” namespace ONLY exists on servers hosting the SMS Provider. If the SMS Provider is installed on the site server, then the namespace will exist on the site server. As you see on the left is the SQL server hosting the SMS Provider, which has the namespace. At the bottom is a site server that is also hosting the SMS Provider. However, on the right is the site server (which is NOT hosting the SMS Provider) does NOT have the namespace.

Installing Shopping Central when SMS Provider is NOT hosted on ConfigMgr site server

    The following describes the required permissions the Shopping Service Account needs when installing Shopping Central in a distributed server/component environment:

    Servers

    ========

    SHOPPING (W2K3)- Shopping Central Server

    NMCM01 (W2K8) – ConfigMgr Central Site Server

    NMSQL01 (W2K8) – SQL Server (2K8) hosting ConfigMgr site database AND ConfigMgr SMS Provider

  1. On server hosting ConfigMgr SMS Provider: add Shopping Service account to local Distributed COM Users group. – NOT documented in Shopping Installation Guide
    • Note: In my environment, this was the SQL server (NMSQL01)
  2. On the ConfigMgr site server: grant full WMI permissions for both the Root/SMS (Note: Root\SMS\Site_<sitecode> is not listed because in my lab, the SMS Provider is hosted on the remote SQL server. See bullet below for instructions for when SMS Provider is hosted remotely on a different server).
  3. On server hosting ConfigMgr “SMS Provider“: grant full WMI permissions for both the Root/SMS and the Root/SMS/SMS_<SiteCode> namespaces. – IS documented in Shopping Installation Guide. However, “Root\SMS\Site_<sitecode>” namespace ONLY exists on servers hosting the SMS Provider. If the SMS Provider is installed on the site server, then the namespace will exist on the site server. As you see on the left is the SQL server hosting the SMS Provider, which has the namespace. At the bottom is a site server that is also hosting the SMS Provider. However, on the right is the site server (which is NOT hosting the SMS Provider) does NOT have the namespace.

Installing Shopping Central when SMS Provider is NOT hosted on ConfigMgr site server

    The following describes the required permissions the Shopping Service Account needs when installing Shopping Central in a distributed server/component environment:

    Servers

    ========

    SHOPPING (W2K3)- Shopping Central Server

    NMCM01 (W2K8) – ConfigMgr Central Site Server

    NMSQL01 (W2K8) – SQL Server (2K8) hosting ConfigMgr site database AND ConfigMgr SMS Provider

  1. On server hosting ConfigMgr SMS Provider: add Shopping Service account to local Distributed COM Users group. – NOT documented in Shopping Installation Guide
    • Note: In my environment, this was the SQL server (NMSQL01)
  2. On the ConfigMgr site server: grant full WMI permissions for both the Root/SMS (Note: Root\SMS\Site_<sitecode> is not listed because in my lab, the SMS Provider is hosted on the remote SQL server. See bullet below for instructions for when SMS Provider is hosted remotely on a different server).
  3. On server hosting ConfigMgr “SMS Provider“: grant full WMI permissions for both the Root/SMS and the Root/SMS/SMS_<SiteCode> namespaces. – IS documented in Shopping Installation Guide. However, “Root\SMS\Site_<sitecode>” namespace ONLY exists on servers hosting the SMS Provider. If the SMS Provider is installed on the site server, then the namespace will exist on the site server. As you see on the left is the SQL server hosting the SMS Provider, which has the namespace. At the bottom is a site server that is also hosting the SMS Provider. However, on the right is the site server (which is NOT hosting the SMS Provider) does NOT have the namespace.

Installing Shopping Central when SMS Provider is NOT hosted on ConfigMgr site server

    The following describes the required permissions the Shopping Service Account needs when installing Shopping Central in a distributed server/component environment:

    Servers

    ========

    SHOPPING (W2K3)- Shopping Central Server

    NMCM01 (W2K8) – ConfigMgr Central Site Server

    NMSQL01 (W2K8) – SQL Server (2K8) hosting ConfigMgr site database AND ConfigMgr SMS Provider

  1. On server hosting ConfigMgr SMS Provider: add Shopping Service account to local Distributed COM Users group. – NOT documented in Shopping Installation Guide
    • Note: In my environment, this was the SQL server (NMSQL01)
  2. On the ConfigMgr site server: grant full WMI permissions for both the Root/SMS (Note: Root\SMS\Site_<sitecode> is not listed because in my lab, the SMS Provider is hosted on the remote SQL server. See bullet below for instructions for when SMS Provider is hosted remotely on a different server).
  3. On server hosting ConfigMgr “SMS Provider“: grant full WMI permissions for both the Root/SMS and the Root/SMS/SMS_<SiteCode> namespaces. – IS documented in Shopping Installation Guide. However, “Root\SMS\Site_<sitecode>” namespace ONLY exists on servers hosting the SMS Provider. If the SMS Provider is installed on the site server, then the namespace will exist on the site server. As you see on the left is the SQL server hosting the SMS Provider, which has the namespace. At the bottom is a site server that is also hosting the SMS Provider. However, on the right is the site server (which is NOT hosting the SMS Provider) does NOT have the namespace.

Machines awaiting reboot due to PendingFileRenameOperations

Introduction

As we know, many desktop computers do not get rebooted for long periods of time and many laptop users almost never shutdown their computer and just merely “close the lid”.  Because of this, the “pending reboot/file rename” is persisted and usually goes undetected.  Case-in-point:  After implementing this at a customer site, more than half of their computers needed to be rebooted due to a pending file rename…and they never knew it.

A "pending file rename operation” occurs when an install needs to rename files that are in-use at the time of the install, and is waiting to have the rename completed as part of the next reboot.  Some applications will first check to see if this condition exists before installing it’s app or software (some hotfixes will not install because of this).  This is a common practice amongst software patches and updates, service packs and anti-virus updates just to name a few.

To make this (very fun) practical and to ease your administrative duties, I’m going to provide instructions to implementing a solution that will “dynamically automate” (aahh…longtime FAVORITE phrase in IT!!!) the rebooting of all computers – running desktop OS’es -, that are awaiting a reboot due to “pending file rename operation”.

  • Create a package to reboot computers
  • Create and Assign an advertisement to the collection to reboot the computers

Create a package to reboot computers

Download GracefuLReboot.vbs (by Steve Pruitt)and use it as the source-file(s) for the package.  Then create a package program with the Command-Line property as GracefuLReboot.vbs n (e.g. “n” being a numeric value for the amount of time to surpass before (re)prompting the logged-on user to reboot, should they decline during the previous attempt.

Package program properties In my screen-capture, I have used “1” to represent prompting the logged-on user every 1 minute.  This is ok since it is just my lab environment.  If you want to prompt users every 60 minutes should they decline the reboot, then make the numeric value 60.  Keep in mind, this parameter only applies when NightWatchman is NOT installed on target computer.  If NightWatchman is installed, the n parameter is not used).

Oh yeah…don’t forget to add distribution points to the package!!

Overview of how the script chooses the reboot process 

The script checks for the existence of HKLM\System\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations to determine if the computer needs to be rebooted.

Return = objReg.GetMultiStringValue(HKEY_LOCAL_MACHINE,_
    strKeyPath,"PendingFileRenameOperations", strValue)
If (Return = 0) And (Err.Number = 0) Then
    bRebootNeeded = True
End If

The script then determines what tool/method to use to reboot the computer.  If NightWatchman is installed, the script will run the following command-line:

nightwatchman.exe -onceoff -shutdowntime=NOW -shutdownaction=reboot

…if NightWatchman is NOT installed, the script will use WMI Win32_OperatingSystem:Win32Shutdown to reboot the computer.  Here is the VBscript code which calls the Win32Shutdown method:

Sub RebootComputer(ByVal intTimeOut, ByVal intFlags)

'Set objArgs = Wscript.Arguments

'intTimeOut = objArgs(0) 'Countdown in seconds

'intFlags = objArgs(1) 'Bitmapped set of flags to shutdown the computer: 0 = Logoff, 4 = Forced Logoff (0+4),
        '1 = Shutdown, 2 = Reboot, 6 = Forced Reboot (2+4), 8 = Power Off, 12 = Forced Power Off (8+4)

intTimeOutSec = intTimeOut * 1000 'Convert from milliseconds to seconds

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _
  & "{impersonationLevel=impersonate,(Shutdown)}!\\" & _
   strComputer & "\root\cimv2")

Set colOperatingSystems = objWMIService.ExecQuery _
  ("Select * from Win32_OperatingSystem WHERE Primary=True")

For Each objOperatingSystem in colOperatingSystems
  Wscript.Sleep intTimeOutSec 'Pause for x seconds before rebooting computer
  objOperatingSystem.Win32Shutdown intFlags
Next

End Sub

Create and Assign an advertisement to the collection to reboot the computers

Note: I want to stress that the advertisement properties below recommends using Always rerun program.  This option is only available under ConfigMgr.  If you are interested in a blog specifically for SMS, post a comment below.

Advertisement Schedule-tab properties

Now that the reboot package is created, create an advertisement of it and assign to the collection All Windows Workstation and Professional Systems (Note: More than likely, you will only want this executed against computers running desktop operating systems, so assigning the advertisement to this collection should be fine for you.)  On the Schedule tab for the advertisement properties, set a mandatory assignment with a recurring schedule of your choice (this will vary, depending on how aggressive you want to be.  Since this is my lab, I have it scheduled to run every 2 minutes.  However, in a production environment, the advert run every few hours or maybe once per day should be fine).  Since you are setting a recurring schedule for the advertisement, ConfigMgr will prompt you and recommend setting the Program rerun behavior to Always rerun program (Note: With this, the advertisement will run again even if it has previously run on the target computer).

Also, make sure Enable Wake On LAN is disabled (e.g. unchecked).  This will prevent ConfigMgr or 1E WakeUp from unnecessarily waking machines.

Impact of NightWatchman properties: MonitorJobs and PendingJobWindowMins

As explained, if NightWatchman is installed, the reboot script will use NightWatchman to reboot the computer.  When NightWatchman is initially installed on your computers, the property MonitorJobs is enabled (default) and PendingJobWindowMins is set to 5 minutes (default).  This combination means, if NightWatchman detects any currently running jobs in SMS/ConfigMgr and/or pending jobs in SMS/ConfigMgr within the specified “look-ahead” window (e.g. 5 minutes), the reboot/restart will be deferred.  If no jobs are currently running, or pending within the time specified by PendingJobWindowMins, the reboot/restart will occur.

Conclusion…

Rebooting computers is one of those administrative tasks that’s at the top of the list.  As we all have been working with Windows for quite some time now, we know that rebooting is just a “good” thing to do.  Rebooting computers due to pending file rename operations, is a scenario that usually goes undetected in many environments.

Automated rebooting of computers is always a “hot topic” and usually requires buy-in from management.  While this blog may not show you how to navigate the approval process in your company, it does provide you the tools and instructions to implement this most valuable solution.  <wink>Once you get approval…</wink>

I hope you enjoyed…

Troy L. Martin | Principal Consultant | 1E |

troy.martin@1e.com | www.1e.com

Machines awaiting reboot due to PendingFileRenameOperations

Introduction

As we know, many desktop computers do not get rebooted for long periods of time and many laptop users almost never shutdown their computer and just merely “close the lid”.  Because of this, the “pending reboot/file rename” is persisted and usually goes undetected.  Case-in-point:  After implementing this at a customer site, more than half of their computers needed to be rebooted due to a pending file rename…and they never knew it.

A "pending file rename operation” occurs when an install needs to rename files that are in-use at the time of the install, and is waiting to have the rename completed as part of the next reboot.  Some applications will first check to see if this condition exists before installing it’s app or software (some hotfixes will not install because of this).  This is a common practice amongst software patches and updates, service packs and anti-virus updates just to name a few.

To make this (very fun) practical and to ease your administrative duties, I’m going to provide instructions to implementing a solution that will “dynamically automate” (aahh…longtime FAVORITE phrase in IT!!!) the rebooting of all computers – running desktop OS’es -, that are awaiting a reboot due to “pending file rename operation”.

  • Create a package to reboot computers
  • Create and Assign an advertisement to the collection to reboot the computers

Create a package to reboot computers

Download GracefuLReboot.vbs (by Steve Pruitt)and use it as the source-file(s) for the package.  Then create a package program with the Command-Line property as GracefuLReboot.vbs n (e.g. “n” being a numeric value for the amount of time to surpass before (re)prompting the logged-on user to reboot, should they decline during the previous attempt.

Package program properties In my screen-capture, I have used “1” to represent prompting the logged-on user every 1 minute.  This is ok since it is just my lab environment.  If you want to prompt users every 60 minutes should they decline the reboot, then make the numeric value 60.  Keep in mind, this parameter only applies when NightWatchman is NOT installed on target computer.  If NightWatchman is installed, the n parameter is not used).

Oh yeah…don’t forget to add distribution points to the package!!

Overview of how the script chooses the reboot process 

The script checks for the existence of HKLM\System\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations to determine if the computer needs to be rebooted.

Return = objReg.GetMultiStringValue(HKEY_LOCAL_MACHINE,_
    strKeyPath,"PendingFileRenameOperations", strValue)
If (Return = 0) And (Err.Number = 0) Then
    bRebootNeeded = True
End If

The script then determines what tool/method to use to reboot the computer.  If NightWatchman is installed, the script will run the following command-line:

nightwatchman.exe -onceoff -shutdowntime=NOW -shutdownaction=reboot

…if NightWatchman is NOT installed, the script will use WMI Win32_OperatingSystem:Win32Shutdown to reboot the computer.  Here is the VBscript code which calls the Win32Shutdown method:

Sub RebootComputer(ByVal intTimeOut, ByVal intFlags)

'Set objArgs = Wscript.Arguments

'intTimeOut = objArgs(0) 'Countdown in seconds

'intFlags = objArgs(1) 'Bitmapped set of flags to shutdown the computer: 0 = Logoff, 4 = Forced Logoff (0+4),
        '1 = Shutdown, 2 = Reboot, 6 = Forced Reboot (2+4), 8 = Power Off, 12 = Forced Power Off (8+4)

intTimeOutSec = intTimeOut * 1000 'Convert from milliseconds to seconds

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _
  & "{impersonationLevel=impersonate,(Shutdown)}!\\" & _
   strComputer & "\root\cimv2")

Set colOperatingSystems = objWMIService.ExecQuery _
  ("Select * from Win32_OperatingSystem WHERE Primary=True")

For Each objOperatingSystem in colOperatingSystems
  Wscript.Sleep intTimeOutSec 'Pause for x seconds before rebooting computer
  objOperatingSystem.Win32Shutdown intFlags
Next

End Sub

Create and Assign an advertisement to the collection to reboot the computers

Note: I want to stress that the advertisement properties below recommends using Always rerun program.  This option is only available under ConfigMgr.  If you are interested in a blog specifically for SMS, post a comment below.

Advertisement Schedule-tab properties

Now that the reboot package is created, create an advertisement of it and assign to the collection All Windows Workstation and Professional Systems (Note: More than likely, you will only want this executed against computers running desktop operating systems, so assigning the advertisement to this collection should be fine for you.)  On the Schedule tab for the advertisement properties, set a mandatory assignment with a recurring schedule of your choice (this will vary, depending on how aggressive you want to be.  Since this is my lab, I have it scheduled to run every 2 minutes.  However, in a production environment, the advert run every few hours or maybe once per day should be fine).  Since you are setting a recurring schedule for the advertisement, ConfigMgr will prompt you and recommend setting the Program rerun behavior to Always rerun program (Note: With this, the advertisement will run again even if it has previously run on the target computer).

Also, make sure Enable Wake On LAN is disabled (e.g. unchecked).  This will prevent ConfigMgr or 1E WakeUp from unnecessarily waking machines.

Impact of NightWatchman properties: MonitorJobs and PendingJobWindowMins

As explained, if NightWatchman is installed, the reboot script will use NightWatchman to reboot the computer.  When NightWatchman is initially installed on your computers, the property MonitorJobs is enabled (default) and PendingJobWindowMins is set to 5 minutes (default).  This combination means, if NightWatchman detects any currently running jobs in SMS/ConfigMgr and/or pending jobs in SMS/ConfigMgr within the specified “look-ahead” window (e.g. 5 minutes), the reboot/restart will be deferred.  If no jobs are currently running, or pending within the time specified by PendingJobWindowMins, the reboot/restart will occur.

Conclusion…

Rebooting computers is one of those administrative tasks that’s at the top of the list.  As we all have been working with Windows for quite some time now, we know that rebooting is just a “good” thing to do.  Rebooting computers due to pending file rename operations, is a scenario that usually goes undetected in many environments.

Automated rebooting of computers is always a “hot topic” and usually requires buy-in from management.  While this blog may not show you how to navigate the approval process in your company, it does provide you the tools and instructions to implement this most valuable solution.  <wink>Once you get approval…</wink>

I hope you enjoyed…

Troy L. Martin | Principal Consultant | 1E |

troy.martin@1e.com | www.1e.com

Machines awaiting reboot due to PendingFileRenameOperations

Introduction

As we know, many desktop computers do not get rebooted for long periods of time and many laptop users almost never shutdown their computer and just merely “close the lid”.  Because of this, the “pending reboot/file rename” is persisted and usually goes undetected.  Case-in-point:  After implementing this at a customer site, more than half of their computers needed to be rebooted due to a pending file rename…and they never knew it.

A "pending file rename operation” occurs when an install needs to rename files that are in-use at the time of the install, and is waiting to have the rename completed as part of the next reboot.  Some applications will first check to see if this condition exists before installing it’s app or software (some hotfixes will not install because of this).  This is a common practice amongst software patches and updates, service packs and anti-virus updates just to name a few.

To make this (very fun) practical and to ease your administrative duties, I’m going to provide instructions to implementing a solution that will “dynamically automate” (aahh…longtime FAVORITE phrase in IT!!!) the rebooting of all computers – running desktop OS’es -, that are awaiting a reboot due to “pending file rename operation”.

  • Create a package to reboot computers
  • Create and Assign an advertisement to the collection to reboot the computers

Create a package to reboot computers

Download GracefuLReboot.vbs (by Steve Pruitt)and use it as the source-file(s) for the package.  Then create a package program with the Command-Line property as GracefuLReboot.vbs n (e.g. “n” being a numeric value for the amount of time to surpass before (re)prompting the logged-on user to reboot, should they decline during the previous attempt.

Package program properties In my screen-capture, I have used “1” to represent prompting the logged-on user every 1 minute.  This is ok since it is just my lab environment.  If you want to prompt users every 60 minutes should they decline the reboot, then make the numeric value 60.  Keep in mind, this parameter only applies when NightWatchman is NOT installed on target computer.  If NightWatchman is installed, the n parameter is not used).

Oh yeah…don’t forget to add distribution points to the package!!

Overview of how the script chooses the reboot process 

The script checks for the existence of HKLM\System\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations to determine if the computer needs to be rebooted.

Return = objReg.GetMultiStringValue(HKEY_LOCAL_MACHINE,_
    strKeyPath,"PendingFileRenameOperations", strValue)
If (Return = 0) And (Err.Number = 0) Then
    bRebootNeeded = True
End If

The script then determines what tool/method to use to reboot the computer.  If NightWatchman is installed, the script will run the following command-line:

nightwatchman.exe -onceoff -shutdowntime=NOW -shutdownaction=reboot

…if NightWatchman is NOT installed, the script will use WMI Win32_OperatingSystem:Win32Shutdown to reboot the computer.  Here is the VBscript code which calls the Win32Shutdown method:

Sub RebootComputer(ByVal intTimeOut, ByVal intFlags)

'Set objArgs = Wscript.Arguments

'intTimeOut = objArgs(0) 'Countdown in seconds

'intFlags = objArgs(1) 'Bitmapped set of flags to shutdown the computer: 0 = Logoff, 4 = Forced Logoff (0+4),
        '1 = Shutdown, 2 = Reboot, 6 = Forced Reboot (2+4), 8 = Power Off, 12 = Forced Power Off (8+4)

intTimeOutSec = intTimeOut * 1000 'Convert from milliseconds to seconds

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _
  & "{impersonationLevel=impersonate,(Shutdown)}!\\" & _
   strComputer & "\root\cimv2")

Set colOperatingSystems = objWMIService.ExecQuery _
  ("Select * from Win32_OperatingSystem WHERE Primary=True")

For Each objOperatingSystem in colOperatingSystems
  Wscript.Sleep intTimeOutSec 'Pause for x seconds before rebooting computer
  objOperatingSystem.Win32Shutdown intFlags
Next

End Sub

Create and Assign an advertisement to the collection to reboot the computers

Note: I want to stress that the advertisement properties below recommends using Always rerun program.  This option is only available under ConfigMgr.  If you are interested in a blog specifically for SMS, post a comment below.

Advertisement Schedule-tab properties

Now that the reboot package is created, create an advertisement of it and assign to the collection All Windows Workstation and Professional Systems (Note: More than likely, you will only want this executed against computers running desktop operating systems, so assigning the advertisement to this collection should be fine for you.)  On the Schedule tab for the advertisement properties, set a mandatory assignment with a recurring schedule of your choice (this will vary, depending on how aggressive you want to be.  Since this is my lab, I have it scheduled to run every 2 minutes.  However, in a production environment, the advert run every few hours or maybe once per day should be fine).  Since you are setting a recurring schedule for the advertisement, ConfigMgr will prompt you and recommend setting the Program rerun behavior to Always rerun program (Note: With this, the advertisement will run again even if it has previously run on the target computer).

Also, make sure Enable Wake On LAN is disabled (e.g. unchecked).  This will prevent ConfigMgr or 1E WakeUp from unnecessarily waking machines.

Impact of NightWatchman properties: MonitorJobs and PendingJobWindowMins

As explained, if NightWatchman is installed, the reboot script will use NightWatchman to reboot the computer.  When NightWatchman is initially installed on your computers, the property MonitorJobs is enabled (default) and PendingJobWindowMins is set to 5 minutes (default).  This combination means, if NightWatchman detects any currently running jobs in SMS/ConfigMgr and/or pending jobs in SMS/ConfigMgr within the specified “look-ahead” window (e.g. 5 minutes), the reboot/restart will be deferred.  If no jobs are currently running, or pending within the time specified by PendingJobWindowMins, the reboot/restart will occur.

Conclusion…

Rebooting computers is one of those administrative tasks that’s at the top of the list.  As we all have been working with Windows for quite some time now, we know that rebooting is just a “good” thing to do.  Rebooting computers due to pending file rename operations, is a scenario that usually goes undetected in many environments.

Automated rebooting of computers is always a “hot topic” and usually requires buy-in from management.  While this blog may not show you how to navigate the approval process in your company, it does provide you the tools and instructions to implement this most valuable solution.  <wink>Once you get approval…</wink>

I hope you enjoyed…

Troy L. Martin | Principal Consultant | 1E |

troy.martin@1e.com | www.1e.com