Reboot script with deferment

Hey Folks,

So I’ve been tasked with creating a script that will prompt our users to reboot if they haven’t in 7 days, and when prompted they get two options “Reboot” or “Defer - 1 Hour”. Then at the end of that 1 hour timer, it pops up again but with either the defer button gone (2nd form) or greyed out (reuse form but disable defer button?). I found a non-PSADT script that will almost do that on the technet gallery, but am hoping that PSADT will have better options.

So any help that can be offered would be massively appreciated.

The script I found, will pop up a gui after it checks how many days since the last reboot, but uses schtasks to schedule a reboot at a specific time. The user isn’t subsequently prompted again at 6 PM. My thought is to start a timer when the defer button is pressed, then when it comes back to remind them, it only has the reboot option which when clicked will immediately reboot, or after a 10 second delay or something.

Tried Coretech’s tool, but can’t limit the number of deferments (might have to convince boss this is the best option tho if I can’t figure this out by EOM). If it had the option to remove deferments, or remove them all once someone clicked postpone the first time, i’d be in business.

Here’s the script that i’ve been trying to bend to my will. If PSADT has a better option I’m so on board.

https://gallery.technet.microsoft.com/scriptcenter/Custom-PowerShell-GUI-7c7fbda8/view/Discussions

Thanks everyone!

This is what I ended up using. It’s pretty much perfect for my needs and sounds like it would fit yours.

https://github.com/Fredrik81/Reboot-Dialog/blob/b36d566428186f52a53f0b05255280263bede902/_config.yml

1 Like

This is definitely doable, but I’m wondering why you want to use something like PSADT for this. Sure, PSADT has a prebuilt deferral function, but it would have to be adapted anyway.

Use a screwdriver for screws, not a hammer.

Wondering what other options there are. Users won’t reboot on their own, so trying to do it as ‘nicely’ as possible (that was the mandate given to me).

I have reboot dialog, but I haven’t fully tested if someone keeps deferring for 15 minutes each time, how long does it go on for? I’ll have to post some questions over on their git page to see what they say.

So, if you’re prompting a user to reboot, of course they’re always going to say no if they have the option. They’re at the computer, actively using it. They don’t want to wait for a reboot.

Can you not leverage a standard maintenance window? Are these laptops that are frequently taken home? If so, the only real solution here is one of policy. You can’t write a script that will get these machines rebooted without upsetting a user. There needs to be a policy in place to reinforce this requirement. PowerShell has no function for specifying an emotional response.

My suggestion is to implement a policy that laptop users must reboot once per week. Example:

Laptop users: To maintain performance and security of your company-owned device, you must reboot it at least once per week to allow automated maintenance processes to complete. If your machine hasn’t been rebooted in 7 days, then on ((Friday at Noon)) you will be prompted to reboot. You can defer the reboot 3 times for up to 15 minutes each, then will be forced to reboot. You can avoid these prompts & forced reboots by taking the time to do so yourself at some point through the week; you can do this, for example, as you leave your station for lunch, or as you leave for the day if you are not taking your device home.

This is, in spirit, similar to our laptop policy. We print this out and have it signed when laptops are issued or loaned. We don’t have a deferral button, but a schedule button. That’s the main difference. We use this: https://gallery.technet.microsoft.com/scriptcenter/Custom-PowerShell-GUI-7c7fbda8

For desktops, we simply enforce a maintenance window that is documented. Sometimes management will ask you to do something impossible or unreasonable, it’s okay to tell them when that happens; just have other solutions available.

That is something that is in the works. We have office and windows updates that get pushed out monthly that an get users rebooted as SCCM takes care of it, but outside of that, we’ve had machines (our sales VP) that weren’t rebooted for nearly 2 months. The policy is coming, was just asked to get something done up in the meantime. I was able to use coretech’s tool and just set the countdown timer to an hour, and remove the postpone button, then it reboots. So not an actual deferment there, but gives them time to wrap up or reboot when it comes up.

If you have machines not obeying SCCM maintenance windows, that’s something you might want to look into. I think your decision here strikes a nice compromise.

DEFINITELY going to look into it (mtce windows), and I like the idea of making people sign the policy form when they get their machines. No one can do the “I didn’t know” dance then. Thanks for the suggestions and advice, much appreciated.

I was asked to do the same thing as the OP.

I have used the 3 deferrals along with a Global Condition that checks for the screen being unlocked. Many of the scripts that check for logged on user don’t account for the screen being locked and the user being away.

In testing, we discovered that if all deferrals were used, the machine would restart while the user was away. This defeated the purpose of being nice - right?

Here is the powershell for the GC:
% {
$currentuser = gwmi -Class win32_computersystem | select -ExpandProperty username
$process = get-process logonui -ea silentlycontinue
$UserStatus= if($currentuser -and $process){“Non-Compliant”}else{“Compliant”}}

If($UserStatus -eq “Non-Compliant”){
"Non-Compliant"t }
Else{
“Compliant”

Otherwise, it is setup as an Application with a detection method that uses a powershell script that follows:
$os = Get-WmiObject win32_operatingsystem -ErrorAction SilentlyContinue
$uptime = ((get-date) - ($os.ConvertToDateTime($os.lastbootuptime))).TotalDays

If($uptime -le 5) {
Write-Host “Installed”
}
else
{
}

Obviously, you could add the GC into the detection script.

So, we use 5 days because depending on evaluation cycles, machines being offline (laptops mainly) it takes a couple of days for compliance - could even take a week for some macines depending on use case.

Bottom line is PSADT has provided a way of getting it done within the confines of Config Manager as advertised. I haven’t explored any of the other solutions because I was tasked with coming up with a solution using PSADT.

1 Like

Very cool, thank you sir. I’ll definitely give this a test. We’re going with Coretech’s shutdown tool for now, but I’m still exploring all other options as the only way to do it with this one is instead of giving a deferal, we just give them a countdown of 60 minutes from when it launches. It’s a nice tool, but I prefer something that uses sccm / config mgr. I may ping you back to ask some questions once i start tinkering with it.

Hey Slundy, no problem. If you have any specific questions let me know.