Deployment Template: Post-Deploy Reboot Tab

Field

Description

Never reboot after deployment

This SafeReboot capability specifies that it is unnecessary to reboot each machine after the patches are deployed. The remaining options on this tab will be disabled.

As a rule, you should only enable this option when you are deploying patches that you know do not require a reboot.

Always reboot after deployment

This SafeReboot capability specifies that each machine should be reboot after the patches are deployed. This is the safest option when deploying patches as most patches require a reboot in order to complete, but there may be times when machines are rebooted unnecessarily.

Reboot when needed

This SafeReboot capability specifies that Security Controls will determine whether or not a reboot of each machine is required.

Schedule reboot

If you elect to reboot the machines, you can specify when the reboot should occur. You can:

  • Reboot the machines immediately after installation
  • Reboot at a specific time
  • Reboot at a specific date and time

If a target machine is rebooted before a scheduled reboot occurs, the scheduled reboot is no longer necessary and will be cancelled.

Power action

You can specify what state you want to leave the machines after the reboot.

  • Restart: The machines are restarted and left in a powered on state.
  • Restart, then sleep if possible: The machines are restarted and then put into a sleep state. There is a two minute delay between the completion of the restart and the time the machines are put into the sleep state. The Microsoft Scheduler is used on each target machine to initiate the sleep state following the restart. For more detailed information about sleep state, see Sleep and Hibernation Notes.
  • Restart, then hibernate if possible: The machines are restarted and then put into a hibernation state. There is a two minute delay between the completion of the restart and the time the machines are put into the hibernate state. The Microsoft Scheduler is used on each target machine to initiate the hibernation state following the restart.
  • If a target machine is not configured to allow hibernation, the program will instead attempt to put the machine into a sleep state after the restart. If the machine cannot be put into a sleep state no action will occur. For more detailed information about hibernate state, see Sleep and Hibernation Notes.

  • Restart, then shut down: The machines are restarted and then powered off. There is a two minute delay between the completion of the restart and the time the machines are shut down. This option is useful if you want to perform a reboot in order to complete a maintenance task but then want the machines to be shut down. The Microsoft Scheduler is used on each target machine to initiate the shutdown following the restart.
  • Shut down only, do not restart: The machines are powered off. This option is also useful if you simply want to make sure non-critical machines are turned off each night or over a weekend, saving energy.

For more information about the power management capabilities of Security Controls, see Power Management Overview.

Use defaults

This button is tied to the Restart and power action box. When you click Use defaults, all remaining options on the dialog will be changed to the values recommended for use with the currently selected Restart and power action.

If a user is logged on

If you elect to restart the machines, you can specify the amount of warning that a logged-on user with an active session will receive. You can also choose the degree of control the user will have over the restart process. The options do not apply to inactive sessions such as locked machines or disconnected RDP sessions.

You can:

  • Alert the user that a restart will occur when they log off.
  • Elect to force a restart after a number of minutes have passed.
  • Elect to force a restart at a specific date and time.
  • Show a countdown dialog on the user's machine in advance of the restart. To preview the dialog box that the user will see, click Show sample countdown. The language box to the right can be used to preview this dialog in different languages.
  • Select the duration to display the standard Windows shutdown message when the shutdown sequence is initiated.
  • Allow the user to extend the time-out countdown up to a specified maximum. The maximum can be specified as either a duration or as a specific latest time that the restart will occur.
  • Allow the user to cancel the time-out. If a time-out is cancelled the patches will not be deployed until the user logs off or manually restarts the machine.
  • Allow the user to cancel the restart. The patches will not be installed until the machine is restarted.