And how does this differ from the
Enable Automatic Booting on the Log On tab? Thanks again....
1 of 1 people found this helpful
I would hope this stuff is covered in the documentation. However, briefly, the feature works like this:
1) In advance of patch roll-out, you "allow Temporary Autoboot" in the product policy. This does nothing more than tell EEPC on the machine to listen to commands regarding temporary autoboot.
2) You can optionally run a query after a few ASCIs to verify that the machines are reporting themselves as having Temporary Autoboot enabled (there's now a property for it).
3) Using your in-house mechanism for patch deployment, integrate the use of the EpeTemporaryAutoboot.exe. This executable takes some parameters that allow you to specify the conditions that decide when PBA is re-enabled, such as "number of reboots" and "number of minutes" (since the EXE was called).
4) Let your scripts install the patches, without PBA hindering any reboots.
5) Disable "allow Temporary Autoboot" in the product policy.
6) Over the course of an ASCI, machines will re-enable PBA due to the policy setting.
7) Run a query to make sure they're all secured.
The goal in patch rollout + EEPC is to minimise the window of opportunity for someone to walk in and "yoink" the machine. It's recommended that the patch rollout be tested in isolation to establish exact requirements for numbers of reboots, number of minutes, or both. However, if patching fails for some reason, you don't want to leave a machine unsecured, so disabling the option in the policy at the end safegaurds against this.
As you can see, this is quite different from standard autoboot. We realised that autoboot leaves a big window of opportunity, since it relied entirely on the completion of policy enforcement. Temporary Autoboot has a much finer grain of control, due to the EpeTemporaryAutoboot executable.
Hope this helps!
Hi Rich, we have unfortunately identified a defect in the documentation which we are working to address.
We are working on a KB article which I am hoping will be published today, and then to correct the issue in the docs.
Please bear with us for a little longer on this issue.
Thank you very much for that thorough reply. I was unable to locate any of that in the documentation or EE_HELP. Very good stuff - when it works. We have LANDesk so this will make life MUCH BETTER
I cant wait for KB article for more documentation. I will start looking into this shortly with the information you describe.
PS: If this is in the docs anywhere, I apologize for missing it, but could you please point me to it for the read?
Has there been any update on the documentation for this feature? We're a LANDesk shop and this would really help us on patch night.
I wrote a step-by-step guide here: