You may have a requirement to reboot SCCM client computers which have not been rebooted for n number of days. This process can be used to schedule a reboot using PowerShell script deployed as SCCM application.
Schedule SCCM Client Reboot – Process overview
- The PowerShell script will check if machine was rebooted in last n number of days. If not it will return exit code 3010 instructing SCCM client agent that a soft reboot is required.
- The script need to be deployed as ConfigMgr Application using ‘Fake path’ as file detection rule to re-execute the script at each application evaluation cycle.
- The reboot behavior will be controller by SCCM client agent “Computer restrart” settings. If 4 hours deadline time given in Computer restart settings, user will get 4 hours time to reboot the computer. The reboot will be forced after that.
- Global condtion and Requirements rule are used to restrict script executes only on laptops. You can update this as per your requirements.
Limitation of Process
You can’t control the exact reboot time of client computer with this method.
PowerShell Script
The below PowerShell script will check computer last boot time. If last boot age will be more than specified number of days then it will return exit code 3010. We will deploy this script through SCCM application and SCCM client initiate a reboot if exit code is 3010.
function Write-Log {
[CmdletBinding()]
param(
[Parameter()]
[ValidateNotNullOrEmpty()]
[string]$Message,
[Parameter()]
[ValidateNotNullOrEmpty()]
[ValidateSet('Information','Warning','Error')]
[string]$Severity = 'Information'
)
[pscustomobject]@{
Time = (Get-Date -f g)
Message = $Message
Severity = $Severity
} | Export-Csv -Path "c:\windows\Temp\SCCMClientReboot.csv" -Append -NoTypeInformation
}
$LastBootupTime = (gcim win32_operatingsystem).LastBootupTime
$LastBootAge = ((Get-Date) - (gcim win32_operatingsystem).LastBootupTime).Days
If ($LastBootAge -gt 15) {
$msg = "Last Bootup time: $LastBootupTime - Last bootup Age (days): $LastBootAge - Exit Code 3010. ConfigMgr client will handle reboot."
Write-Host $msg
Write-Log -Message $msg -Severity Information
Exit (3010)
}
else
{ $msg = "Last Bootup time: $LastBootupTime - Last bootup Age (days): $LastBootAge - Exit Code 0. Reboot is not required"
Write-Host $msg
Write-Log -Message $msg -Severity Information
Exit (0)}Computer Agent Settings
When SCCM client initiate a reboot, the final reboot count down time will be based on Computer Restart client settings “Specify the amount of time after the deadline before a device get restarted”. In the below example, user will see 4 hour count down timer and computer will be forcefully rebooted after 4 hours. You can adjust this as per your requirement. However keep in mind that it will also change the bahavior for restart initiated by Software Update deployment / other applications.
Global Conditions to Add an Extra Safety Layer
In Configuration Manager, global conditions are rules that represent business or technical conditions that you can use to specify how an application is provided and deployed to client devices. You can create a Global Conditions from Software Library / Global Conditions blade.
Global conditions are used in Requirement rules while creating an application. Here, we will create a Global condition to identify the PC type such as Desktop, Laptop or Server. We will use this Global condition in requirement rule of Application to ensure script will only executes on laptops. This will add an additional layer of security as SCCM application will applicable for laptops only.
Create a Global condition with below details.
- Global condition name: PC System Type
- Description: Possible values: 1 (Desktop), 2 (Mobile), 3 (Workstation), 4 (Enterprise Server), 5 (SOHO Server), 6 (Appliance PC), 7 (Performance Server), 8 (Maximum), 0 (Unknown)
- Device type: Windows
- Condition type: Settings
- Setting type: WQL query
- Namespace : root\cimv2
- Class: Win32_ComputerSystem
- Property: PCSystemType
Create ConfigMgr Application
Use the following configuration when creating SCCM application. These are not the complete steps to create an application. The assummption here is that you are already well familiar with Configuration Manager application model.
User Experience:
- Installation behavior: Install for system
- Logon requirement: Whether or not a user is logged on
- Installation program visibility: Hidden
Select “Determine behaviour based on return codes” at bottom of screen.
Detection Rule:
Create Detection Rule with the following details.
- Setting Type: File System
- Type: File
- Path : C:\FakePath
- File or folder name: FakeFile
- Select “The file system setting must exists on the target system to indicate presense of this application“
Requirements:
In the Requirements tab, add the Global Condition which you created earlier. The value should be 2 to restrict the execution on laptops only. This will add an additional layer of security. If someone mistakenly deployed the application on Servers then application will not execute.
Create a Deployment
Create a SCCM collection for all Laptops and deploy the application on that collection. You can refer SCCM Dynamic Collection Based on Device Type | Collection Queries if you need any help in creating the collection for Laptop / Desktops.
Ensure that you hide the deployment from Software Center. The way we have used the detection rule to ensure script execute at each application evaluation, the appenforce.log will show that application was not detected after installation. The user will see application status as failed in Software Center and may raise issue to IT team. Hence, it’s better to hide the deployment from Software center.
Log File to View Script Actions
The script will create a log file on client computer in c:\windows\temp folder. This can be checked to review the execution history and reboot action triggered by script.
Related Posts:
- Configure Management Point for HTTPS | ConfigMgr | SCCM
- Configure Software Update Point for SSL | ConfigMgr | SCCM
- Deploy client authentication certificate for SCCM clients
- SCCM CMG Part 1 | Cloud Management Gateway (CMG) Setup Guide
- SCCM CMG Part 2 | Issue, Enroll & Export Server Authentication Certificate
- SCCM CMG Part 3 | Configure SCCM Site for SSL
- SCCM CMG Part 4 | Integrate Azure Active Directory with ConfigMgr
- SCCM CMG Part 5 | Setup Cloud Management Gateway
- SCCM CMG Part 6 | Validate CMG Health & Client Communication
- Location of smsts.log file during Operating System Deployment (OSD)
- Schedule SCCM Client Reboot through ConfigMgr
- Check Software Center Business Hours of Remote Computer
- SCCM Software deployment strategy
- How to deal with wrong deployment in ConfigMgr
- How to Initiate SCCM client agent actions using PowerShell
Subscribe to Techuisitive Newsletter
Be the first to know about our new blog posts. Get our newsletters directly in your inbox and stay up to date about Modern Desktop Management technologies & news.
