cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Set Access Protection to Maintenance Mode for Windows Updates

Jump to solution

As you may know, certain options in Access Protection will prevent some Windows Updates from installing which results in an hours long reboot-update-fail-revert changes cycle that drives users and admins mad.  My solution has been to create an Access Protection policy called "Maintenance Mode" which turns off most of the options in Access Protection that usually cause trouble with Windows Updates and other installations.  Of course, having to manually change this for my customers is quite annoying as well.  Is there a way to automate or schedule the changing of an Access Protection Policy or, can I schedule a move of computers from one Group to another Group?  If not, how else does one handle Windows Updates and still have Access Protection locked down?  In my experience, Access Protection is the best defense against viruses and malware.

1 Solution

Accepted Solutions
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 7

Re: Set Access Protection to Maintenance Mode for Windows Updates

Jump to solution

Simplest one is to define a query with all the system affected by the maintenance window.

Server task would be action: run query, sub action Assign policy, second sub-action wake up systems. This is a bit destructive in the sense that it will reset the policy assigned to the system

Another option is to assign a tag, again with a query the use a policy assignment rule that will assign the policy when systems have a specific tag. So in this case, you'd run the query, sub-action apply tag and wake then reset tag, wake up when done.

View solution in original post

6 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 7

Re: Set Access Protection to Maintenance Mode for Windows Updates

Jump to solution

You could assign the policy+wakeup using a server task a few hours before maintenance and revert that back after.

Highlighted

Re: Set Access Protection to Maintenance Mode for Windows Updates

Jump to solution

Yes, that's what I'd like to do, however the option does not seem to be available.

epo server tasks 2.jpgepo server tasks 1.jpg

Highlighted

Re: Set Access Protection to Maintenance Mode for Windows Updates

Jump to solution

Wait - will this do it?

epo server tasks 3.jpg

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 7

Re: Set Access Protection to Maintenance Mode for Windows Updates

Jump to solution

That will also do it. Same caveat as above, it will reset the policy assigned. If you don't have any other specific assignments, then just run a task to reset the inheritance afterwards.

You can do a lot of things in ePO in a lot of different ways. I've been doing this for over 5 years and still find new ways

Highlighted

Re: Set Access Protection to Maintenance Mode for Windows Updates

Jump to solution

Thanks for your help!  I called support on this a few months ago and they had no idea how to do it.  They put in a request for a feature enhancement.  Thanks for helping me find this!

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 7

Re: Set Access Protection to Maintenance Mode for Windows Updates

Jump to solution

Simplest one is to define a query with all the system affected by the maintenance window.

Server task would be action: run query, sub action Assign policy, second sub-action wake up systems. This is a bit destructive in the sense that it will reset the policy assigned to the system

Another option is to assign a tag, again with a query the use a policy assignment rule that will assign the policy when systems have a specific tag. So in this case, you'd run the query, sub-action apply tag and wake then reset tag, wake up when done.

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community