Monitor for Pending Reboots

Version: SCCM 2012 R2

I recently came across an issue with an existing report that showed systems that were pending a reboot. I was using this report here -> “Show Pending System Restart Clients for Software Updates“. However, the issue I came across was after a synchronization of the SUP with Microsoft, the systems would go to “Enforcement State Unknown” and never return to “Pending System Restart”.

So, I decided to take a difference approach using Compliance Settings to monitor systems directly for Pending Reboots. First, I found some very useful web links that cover the various ways to detect if a system is pending a reboot using Powershell. The links can be found here:

I mainly focused on the first link where I used 2 of the 4 detection methods used to determine if a pending reboot is needed. I decided to use Compliance Settings to monitor for 2 registry keys:

  • HKLM\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired

Configuration Items

These are the 2 configuration items created. One is called CB-RebootPending to monitor for HKLM\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending and the second is WU-RebootRequired to monitor for HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired.

CI-1

CM-RebootPending CI

CI-7

CI-8

CI-9

CI-10CI-11

WU-RebootRequired CI

CI-2

CI-3

CI-4

CI-5

CI-6

Baseline Configuration named NoPendingReboot consisting of the above CIs

 

BC-1

BC-2

BC-3

BC-4

BC-5

After you create the Configuration Items and deploy your Baseline, the next thing will be to create reports on the status.  The report can be created using the following tabular functions:

Machines that are Compliant:

select Distinct AssetName from fn_DCMDeploymentCompliantAssetDetails(1033)
where BLName = 'NoPendingReboot'

Machines that are Non-Compliant:

select Distinct AssetName from fn_DCMDeploymentNonCompliantAssetDetails(1033)
where BLName = 'NoPendingReboot'

Machines that are Unknown for status:

select Distinct MachineName from fn_CIDeploymentUnknownAssetDetails(1033)
where SoftwareName = 'NoPendingReboot'

If you want to combine all 3 statuses into a single report, then you can rewrite your SQL query like this:

select Distinct sys.AD_Site_Name0 as'AD Site',Sys.Resource_Domain_OR_Workgr0 as'Domain', sys.Name0 as'Name',DCM.Baseline, DCM.Status, OPSYS.Caption0 as'OS' from
(
select Distinct CompliantAssets.AssetName as 'MName', CompliantAssets.BLName as 'Baseline', 'Compliant' as 'Status' from fn_DCMDeploymentCompliantAssetDetails(1033) AS CompliantAssets
UNION  
Select Distinct NonCompliantAssets.AssetName as 'MName', NonCompliantAssets.BLName as 'Baseline', 'Non-Compliant' as 'Status' from fn_DCMDeploymentNonCompliantAssetDetails(1033) AS NonCompliantAssets
UNION
select  UnknownAssets.MachineName as 'MName', UnknownAssets.SoftwareName as 'Baseline', 'Unknown' as 'Status' from fn_CIDeploymentUnknownAssetDetails(1033) AS UnknownAssets 
) as DCM
join v_R_System sys on sys.Name0=DCM.MName
join v_GS_OPERATING_SYSTEM OPSYS on sys.ResourceID=OPSYS.ResourceID
where Baseline is not NULL and DCM.Baseline = 'NoPendingReboot'
ORDER by sys.AD_Site_Name0,Sys.Name0

The above SQL query will also show AD site, domain, and OS caption.

NoRebootPendingReport