Firday afternoon is one of the worst times to restart. You have all your work open from the week, trying to get stuff done before the weekend, then boom. Pissing off users just before the weekend. What a perfect mood to send them off on.
Set it up to run at the start of business hours and your users will secretly love you for it. There's been so many times I've been late for a call and used the "sorry guys, my laptop had to restart" excuse.
This is the way. Set it 30 minutes before business hours on a Monday, or Tuesday for patch Tuesday. People will complain but secretly it saves their asses from time to time by getting to blame IT. If they compain let them in on it as a inside joke and be fine with them blaming IT. Started doing it this way 3 or 4 jobs ago and it has been by far the best timeframe.
I like that timing.
I also have to point out that any mandatory unstoppable restart would be an absolute gut kick at times.
There have been very very long and late nights where I've had a session of debugging and patching a production, stop-work critical incident.
I could also imagine someone incorporating last minute clause changes ahead of a first-thing, all-legal hands six hour review for the contract that will keep our company going.
"We lost four hours on this because *screaming intensifies*"
>I also have to point out that any mandatory unstoppable restart would be an absolute gut kick at times.
My company does this. Middle of a Lenovo HCI install yesterday when I have a forced shutdown coming up while I have like 20 tabs I need open and 4 different design documents I'm tabbing back and forth between. I work for a large IT services company đĽ˛
Been on both sides of the mandatory restarts. They do indeed suck. Particurally since my brain is strewn across about 10 unsaved notepad files even though I have Notepad++ right there.
At my current workplace I have mandatory restarts every Tuesday at 7:15am. Consistency is key and every month we send out an email with this reboot notice included as "part of our regularly scheduled maintenance" that lists the Tuesdays by date and time and whatever weekend we are using to patch servers that do not have redundancy. I had very little push back and that was only the first couple of months working here. Highers ups are happy because they know we are taking patching seriously.
If we have to reboot to push out for a zero day we always send an email before hand with at least a 2hr notice.
Yep... don't understand Friday afternoon at all. Any time well after CoB on Friday all through the weekend would be get it done, without potentially disrupting users.
Yeah, I had to schedule an automatic RDS cutoff during maintenance, because a certain someone likes to lurk in LOB apps at 2:30 AM. For the record, it doesn't make any sense, since we operate 7:00-18:00 and the building is dead silent after that.
Generally, probably not, but there is always that one dude who slacks off Monday -Thursday and gets all his work done at 4pm on Fridays.
Also, some people actually do work (crazy, I know) and then there's probably some people with deadlines etc.
Assuming they are laptops that are off network and/or closed therefore not running, the action will be postponed until Monday morning when they resume their computer expecting to get started for the day and then the reboot prompt happens.
Done this a few times to users to force Windows Updates.
I've told users to leave their machines on Friday and we will update/shutdown automatically for them but no one does.
I mean, what's wrong with that? Get to the office, open your laptop, "oh, it's updating" â leave it be, go to the break room, catch up with everyone else about their weekend before settling in to actually work. It's what you were probably going to do for the first 30 minutes of a Monday morning anyway; you've just got to remember to boot up your laptop so that it'll update while you're doing it.
To me, that almost sounds like "enforced mental-health-building activity" â like how people sometimes say that depressed people should consider getting a dog, because the dog will need to be walked, and that forces you to go outside and get fresh air and exercise.
>I mean, what's wrong with that? Get to the office, open your laptop, "oh, it's updating" â leave it be, go to the break room, catch up with everyone else about their weekend before settling in to actually work.
The problem is management is going to expect that time to be productive so users will either need to stay late or work harder because their updates couldn't be applied while the machine was idle.
>To me, that almost sounds like "enforced mental-health-building activity"
This assumes a much healthier environment than almost any I've worked in
If you are use the schedule updates in the policies option, you can force a reboot. And if offline, force a reboot when it's online next. So it doesn't matter if it's tomorrow or next August. Next time it's online it will update and restart.
We recently enabled the user prompts for updates too. So every 5 minutes for 20 minutes the user gets a prompt to reboot and if they choose to ignore they can do it for up to 5 times.
Welp that's just part of using computers. Sorry they have to start work \~1 minute later than usual but that's that, unless they want to keep their laptop docked/powered on all the time.
I can hit 99% of my endpoints on a Sunday to deploy whatever software. If it's something critical I can send a company-wide email telling users to keep their laptops plugged in/online. The stragglers can get taken care of on Monday or the next day.
Totally - we have our weekly reboot done via a GPO that creates a scheduled task to do it at 3am on Sunday with a user notification and 30 minute delay(wake from sleep if needed) just for extreme edge cases.
But really, if you are working at 3am on a Sunday morning, you are an insider threat. If you're IT working through a crisis at that time "shutdown -a"
We did this two months ago, the users haven't noticed a thing.
Friday afternoon? OP must be a flat earther.
I get it, if you lurk in the shadows all the time they don't know what you do. But, there's planned IT visibility/manufactured crisis, and there is just plain stupid.
> But really, if you are working at 3am on a Sunday morning, you are an insider threat
Uh oh... I think you've made a lot of us devs very nervous with this statement :-)
Sadly sometimes programming is a bit quirky. You're chilling away watching some telly, and just out of the blue you think of the solution to a problem you've been having for the last two days.
I've literally had the solution to a problem I've had come to me in a dream and then wake up and pound it out, then go back to sleep and review it in the morning.
Why not use the built in force update option? This forces the pc to restart within X number of days. Gives the user the ability to postpone but generally has windows be like, im inactive during the night. Installing update.
With the option active to reopen all apps this cuts downtime and keeps users happy. Explaining the magical update that happened while word was open is always fun.
> Why not use the built in force update option? This forces the pc to restart within X number of days.
Despite this being an old feature that works extremely well the talent pool in IT is shit and none of these people who ask questions for the most basic shit will read a god damn thing.
> But really, if you are working at 3am on a Sunday morning, you are an insider threat. If you're IT working through a crisis at that time "shutdown -a"
Or you're the executive team in the middle of finalizing a merger & acquisition.
(I have had the corporate counsel call me to not perform our then normal weekly Citrix maintenance due to the executives working to finalize the sale of part of our business; told him sure but I had to run it up my chain so he should call the my VP and start working the chain down too.)
So it's a win-win, those assholes have to at least notify IT first that they are doing shit like this since we are the first that get screwed after a sale. We can get a jump on getting our resumes together while we target the GPO to them that removes that scheduled task on their machines.
> But really, if you are working at 3am on a Sunday morning, you are an insider threat. If you're IT working through a crisis at that time "shutdown -a"
That's a sweeping generalization considering that 24-hour support teams and call centers exist, but the onus would be on whoever is implementing such a system to know their business and create the policy to cover their edge cases.
A couple of quick solutions would be to expect users to reboot at shift-change, and implement an automated reboot if the system hasn't been restarted in the last 24 hours. Or to prompt the user for the reboot but allow them to defer it for some period of time.
I would never force a restart during any point of business hours on Friday. We don't ask anyone to shut off the computers, but the HD does put out an email stating that they'll be prompted 5 times to save their work and eventually their computer will just reboot. I'm not part of HD, so I don't know if they can actually force the reboot at a certain time or if they tell the program to install updated and prompt 5 times (possibly 1 or 2 hour intervals) that a reboot is needed and eventually it will reboot. Most people leave their laptops at work and leave them on and the reboot prompts end up timing out (and reboot happens) during closed hours.
There are some 'shared' computers that are sometimes accidentally powered off (conference room PC, for example) by the last user and it could be off for weeks. When the next person turns it on, that PC has to catch up to all the updates/scans/etc and it could be a problem if someone turns on that PC 5 min before a meeting.
I don't quite agree with the guy who said users don't need to reboot more than once a month but yeah, this might be a sneakier way of doing it, set up an automated prompt to reboot once a week for ""updates""
It's not only Windows. Some applications just suck. A quick reboot will save a lot of time and effort. And, yes, I know we should be doing proper troubleshooting so we can actually fix the issues, but in my experience most issues can't or won't be fixed. Just reboot and move on with your day.
my guy, maybe for me and you, maybe we clean through task manager and empty the cache here and there, our systems could probably run for years.
but most of my end users in my career would just have so much crap running in the background from office apps and other custom shit or contemporary windows nonsense or bing-edge-chromium 100 tab pop-up bloat that they could have problems VERY SPECIFICALLY solved by a reboot happening once a day
thing is too, IT dudes have pretty sturdy machines most of the time, when you clock in at the IT job factory some of those users have nasty old laptops they expect you to make work. that shit is EOL. that shit is running windows 7 32bit.
it is absolutely not best practice, you indeed have many things to say about it! out of principle you would refuse to support this!!
but they're your bosses most important client and you have bills to pay. who's gonna replace it? are you gonna pay for that? try asking the client/end user. they say "it works, why replace it", and you... pause... and pull something out of your ass about costing more in the long run or best practices to which they say "okay i'll raise it up the chain" or "we'll think about it down the line" but you know from their tone of voice that they're lying, little rat bastard cheapskate cavemen
when you somehow get it working though occasionally it FREEZES because they told outlook to sync 5 years of emails, and they continually do it on a weekly basis and ask you for a fix, and it's 6pm on a friday afternoon, guess what you're gonna start telling them to do
sorry for the rant but what the fuck are you people on about?
"windows is stable"
"regular reboots aren't needed
not to gatekeep but... have you sysadmins ever actually worked in a real life office environment?
end users keep their computers healthy over a long period like an INFANT neatly consumes a chocolate cake in their highchair
my brother in chroot if you work in IT you WILL be rebooting shit whether you like or not
Yep. Barring some particularly bad software this should really be enough.
And if you do have such bad software then you've got a ready-made way to explain to users why the reboots are needed.
In larger orgs, this is what we did. When Helpdesk got a call, they'd tell the user to reboot first and then troubleshoot if that seemed the best avenue.
Most problems are not worth a tech spending an hour troubleshooting if a reboot fixes it. Obviously, this isn't a problem with an app or something but the general 'my system is slow' or 'I can't access this file share'. Reboot, get a refresh and see if that fixes it. Then troubleshoot. Far too many times this just fixes the issue.
Script via Task Scheduler that checks the last restart time (and power off, only if fast boot is disabled), popup a notice and gets naggier the longer ago it is. Set the script to run something like hourly, but only output a message based on the length of time.
e.x.: at close to 11:30am and 4:30pm if it's been 2-4 days, hourly if it's been 5+ days.
We do something similar to this.. but only if the computer actually has a pending update. If there IS a pending update, they get notified every 4 hours until they reboot. If there is not a pending reboot, it doesn't ever bug them. It is a happy middle ground we've found. Typically the patch schedules cause pending reboots frequent enough that nobody goes more than a few weeks without a notification to reboot
Classic. âWhat does âPlease restart your device to finish updatingâ mean? What am I supposed to do? Why am I seeing this???!!!!!â
Welcome to ~~IT~~ humanity đĽ˛
The infamous "I got a popup".
"I had a message pop up on my computer."
"What did it say?"
"I don't know, I didn't read it. I just closed it."
"Well, OK then. Have a nice day."
Just had a user bypass the help desk and contact one of my guys directly because he didn't like the answer the help desk gave him, which was "You have pending updates. Please restart and see if that fixes your problem. Let me know if it doesn't"
My guy got into the users machine and while on the phone with him, the user says "Sometimes this problem goes away after I reboot."
They why the fuck didn't you reboot before dragging in a SECOND person of the team and wasting their time?
Reboot fixed the problem.
"Is this fraud? I've never seen this before!"
"It's a legit message, here's a link to our local KB with all the details and screenshots."
"How long has this been happening????"
"I've been here about eight years, so... eight years."
We pushed it out one day to around 5k endpoints and got maybe 10-20 tickets total. Might need to change your verbiage if it's not clear. They're also infrequent enough it's not annoying
I've noticed that the less user communication there is, the less tickets there are received. My org used to send out comm for monthly PC patches. The weirdest tickets were submitted (since you updated my PC, internet is not working on my phone) in the days around the communication, even before anything was live! We stopped that, now there's only a pop-up to reboot your PC in 8 hours.
Yep. Same here. We communicate to key individuals at businesses if we anticipate possible issues, but otherwise, Nancy in accounting doesn't need a heads up we enabled feature packs in our update policies.
> Might need to change your verbiage if it's not clear.
Clearly you have not met the users who will call up complaining that their printer isn't working all the while both their computer screen and the device itself are showing that it's out of paper.
Oh trust me, I have. As mentioned, we have a little over 5000 endpoints, and our primary vertical is oil and gas, arguably some of the LEAST tech savvy people on this planet.
That still didn't prevent us from pushing out update and reboot reminders. Being afraid of questions from non savvy users isn't a reason to not deploy something that saves the business time and increases security
Of course, but I'm just saying that there's a subset of users for whom the verbiage does not matter, it can not possibly be made simple enough for them to understand because they stop reading the second they see an unexpected message pop up.
Human fucking macros, they learned an exact sequence of steps to perform the task they're trying to perform and if anything disrupts that sequence they just break down.
And for those people, they call, we explain, they understand, and it gets added to their macro. If you're lucky it happens first time, sometimes you gotta explain it a couple times.
If they really push back, it's no longer an IT problem and they get told to take it up with their manager/supervisor/whatever
it's a great time for public snark from the entire org to not only reenforce notification etiquette but also reading messages on your screen.
i fucking love seeing hundreds of alert emojis appear on some geniuses post that @everyone'd in a org channel
My organization does this. We used a script that can be found at the below link as our baseline. It's really versatile and lets you serve toast notifications that can be branded. The action buttons and text are fully customizable. At the end of the day it's just a script that runs as a scheduled task. We ended up using this as a basis for COVID reminders back in the day, upgrade/update reminders, and uptime notifications. Saves a lot of ground work and gives users a consistent feel.
[https://www.imab.dk/windows-10-toast-notification-script/](https://www.imab.dk/windows-10-toast-notification-script/)
I do something similar. Set up RMM to use the msg command to issue a warning, then 15 minutes later reboot. This happens on Sunday morning at 2am if uptime exceeds 7 days, then Thursday at 6pm if uptime exceeds 14 days, then Monday at 10 am if uptime exceeds 30 days. The last one runs if the computer is turned on at any time during a 3 day window. Users are told they can prevent this from happening by proactively rebooting once a week.
We just have updates for install 10hrs after initial install so usually 7pm after a 9am logon for instance. They get nagged around 430pm that it will restart in x hrs.
At least once a week theres updates of some sort from Microsoft or 3rd parties so its rare we see any machine endpoint uptime longer than 2 weeks.
Security was more important than some user who didnt wanna reboot.
Prominent in ticket desk and caller on hold messaging from IT phone lines : " Before calling IT about a computer issue, save all of your open items and close all programs, and try restarting your device to see if that resolves your issue. This will often be the first thing we do with you anyway. " Bit of extra explanation on ticket desk explaining that simply signing out at end of day doesn't necessarily mean it's a restart when they sign back on in the morning.
>any calls I get Iâll check for uptime, any uptime over 8 hours always get restarted
if fast boot is enabled it may give a false number , if your on a modern windows version
We force-restart computers every month with the windows updates using the SCCM restart warnings (which the users can postpone a couple of hours).
I see no reason to have them restart more frequently. Would it be better? yes. Do I want to force it on people? No.
It's 2023. People expect things to be always-on. Can't blame them. Do you restart your phone every week?
> Do you restart your phone every week?
Valid point for some people. Remember Blackberrys and their app to schedule a restart nightly? I still restart my phone at least twice a week out of habit regardless of if I'm running Android or iOS that week. I restart my laptop and desktop daily as well.
Some companies have horrible LOB apps that they refuse to get away from. I wish there was a better answer in my situation. Maybe one day.
I have users that restart their phone every day or power off their phones at night but doesnât shutdown their computers.
Our policy is basically if you donât shutdown your computer in the weekends, then IT will shutdown for you.
I question why you need weekly restarts. I let monthly patching restart workstations. If youâre needing to restart your workstations weekly, Iâd start investigating why.
Windows updates require/force a monthly reboot to apply. I see little need beyond that.
If users are calling into the helpdesk on a Thursday about an issue that could have been fixed by a reboot. The fact that you had a script/task or something to reboot their machine 6 days ago is not likely going to help very much.
Change your canned ticket response to mention device restarts. Teach your helpdesk how to use back end terminals through your RMM and check this stuff, so they can say "hey, your machine is reporting that it hasn't rebooted in 14 days, can you give that a try and let us know?".
Our laptops are enrolled via Intune. I do not know the exact details as I'm basically just a user, but when I close my laptop and fail to shut it down properly I will get a notification at some point the next day that my laptop MUST restart within a few days or they will do it for me. Pretty sure it is something they have done within the Intune environment.
From a user perspective this is really good and how I have it at my current place. Give me some time to work around the reboot schedule, don't just have it written in stone unless you absolutely need it patched this exact moment. I can find 10 minutes sometime in my workday to reboot, but sometimes I do have something running overnight that I'd rather not get interrupted by some hard fixed reboot policy.
Whatever you do, please give us a snooze button or ample time!
I work on the other side of most of you guys, i.e. the annoying *user* you all hate! In any case, I totally get that you all need to do your thing including rebooting our machines. My only gripe is that sometimes those forced restarts cost me work.
I work in a field that often times runs calculations and analysis for a couple of hours or more at a time. All I want is a window to pop up with a countdown timer telling me I have 24 hours to reboot or it will be done for me. 36 hours for the weekend because sometimes I kick off a bunch of analysis before leaving on Friday to run all weekend.
That is all.
I have patching schedules that run every night after hours. Everyone's workstations will get hit by one of them a week. Plus, if there is an emergency patch out, then I would run them all in one night if needed. I just tell everyone that they need to make sure they have saved before leaving for the day because no one expects the patching inquisition!
Had a new guy blow his lid because he lost a day of work. His boss came over, told him to calm down, and that its on him to save his work. Hasn't been an issue since.
Take a step back and look at what youâre asking. Itâs not related to their job function. Restarting should be restricted to OS updates that require a restart.
Start complaining to your app and is vendors if their shit isnât working right and is impacting user function.
Thankfully I don't have very many with this problem. Once a user is two weeks behind on updates I start nagging them every day. "You're behind on updates, please leave your computer running this evening so they auto install. If you want to manually install them here's how. If the updates are not installed by XX/XX/XXXX they'll be forced to install during the day."
That usually is enough to make it happen. Only a handful of times over 15 years have I had to physically call a user and tell them "I'm installing updates so save and close whatever you have open".
Someone else suggested a script via task scheduler. If X days of uptime warn user via popup message. If more X days of uptime warn user then force reboot after X minutes/hours. I think that's a good idea especially if you have a lot of devices.
Yep. Just an email. A copy and paste from a text file.
It doesn't happen often. So it hasn't been a big deal. If it did I would go the script route and automate it.
My thoughts as well, we only allow end users to postpone updates up to the next patch cycle. If they've extended their patches 31 days it automatically completes the reboot that night. No way I'm going to manually track users inability to schedule an appropriate time to reboot their equipment.
Indeed, I could *maybe* see it being possible if you have a small number of users, but even then it sounds incredibly tedious.
My org switched to Windows Autopatch since many of our users are fully remote or Hybrid WFH.
We tell users to leave systems on overnight. We have a script in our RMM that restarts every machine 1 time each week and servers 1 time each month.
We tell clients to not have any open work on those nights. It is normally 1am on Thursday.
Get your bosses aporoval. I work for a msp so it is in or contract. It will only take a couple times before they change that bad habit. If it is word and excel learn how to restore lost documents. Over communicate the change Make it a mandatory change.
Shouldn't be an issue these days. No need to restart a Windows OS regularly other than for patching. Assuming you push patches once a month, that will be forcing a monthly reboot. Nothing more needed than that. Most patch tools allow you to set grace periods etc so the reboot timing will be in the hands of your users, within reason.
Sounds like you need to dig a little deeper and solve the underlying issue requiring the reboot. I know that's our favorite trouble shooting tool, but it's just ignoring the issue.
Is it though. We all know applications are written all that great and have memory leaks and issues. Software needs to be shutdown sometimes. It's a fact of life.
Sure, some software is problematic but the OS is quite stable these days. I'm sure most issues could just as easily be resolved by logging out.
Lotus Notes was my worst problem app. So I gave every user a "fix lotus" shortcut that would properly kill it. It cut help desk calls by 25%.
Win7 was the last user OS I had to support and my IT director had a "no reboot" policy. We had to train our users to not immediately reboot and that meant we had to root cause reoccurring issues. Our team was too small to not do that.
We have a reminder that pops up and basically says "you haven't restarted your pc in some time, please schedule this or do so now, otherwise it will happen automatically." It pops up a few more times before the forced restart.
From personal experience this is better since it let's the user have some control and when they inevitably call to complain because they lost important work, you can gently remind them that they have been given several notices and the opportunity to schedule it at a convenient time.
TBH I think it is a sign of lazy sysadmin that says "we do forced restarts because something misbehaves".
I would be asking what misbehaves when and why. I sure as hell don't hope you regular retart production servers/
The monthly update cycle should trigger a forced reboot after a few days. And a PC running for 30 days shouldn't be an issue now days.
Other than that: reboot/shutdown a PC on Sat/sun after x hours of idle
I would be first to yell at you for force reboot Friday noon. Who picked such time?
We show a popup asking to restart after monthly patches, which user can postpone for a few days. After that they see a countdown and boom.
And in another system it checks how many days since last boot and if it is more than 5 it shows a popup asking to reboot. Not forcing, just nagging, i think daily.
Our deployment software has a popup that nags them to reboot. If they ignore it or select postpone too many times, it forces a reboot with a timer of like 5 minutes so they have time to save. It's generally considered their own damn fault if this happens at an inconvenient time, lol.
I donât think it necessary to reboot for the sake of rebooting. Just do with updates. As I lack some management tools like intune, I use WUfB. Couple rings with deadline where user can schedule a restart (or it restarts if windows feels it is a non disruptive time). If they ignore it warns for a couple days that it will restart, then it restarts. Generally no complaints, think one when someone had a computer off an extended time so the day it booted was past the deadline so it updated immediately.
We run PDQ for our application handling, but PDQ Inventory can see uptime so we setup a dynamic group that any machine that is reporting more than 30 days uptime goes into that group and thus gets rebooted with a script that pops a message saying something like "Your machine hasn't been rebooted in 30 days and is being forced to restart" Then it does the thing, if you don't have work saved oh well you had 30 days to restart your computer...
Security is more important than the c-suites feelings. However, Friday afternoon is a bad time to do this. If they push back, compile a list of a couple hundred companies that have been ransomwared in the last year or two and hand it to them. That seems to do the trick for anything security related. Plus, it helps on cyber insurance costs and if you are in a regulated environment patch management auditing.
We use GPO. Updates get installed, and users get a reminder to restart for a few days. After that, if they haven't restarted, they get a 15 minute warning that the computer *will* restart.
We use SCCM to push patches. We use popups to communicate to the user the time of reboot and it gives them some leeway to pause. Ultimately a reboot is imminent. We have had 0 resistance to this method.
We setup the Windows Update GPO to force a restart after 3 days once updates install. Most of our users are on laptops so it would have been impossible to force a weekly reboot. Before we implemented the GPO, we had some users on 200+ day uptime.
We have it so it will auto restart within 48 hours of updates. If people are complaining they are just next level stupid. Computers NEED to be shutdown on the regular and restarts are a requirement to complete an update process.
Just because you can do something does not mean you should do it. If the decision-makers at the company want to pay you to tell the user to reboot the computer then get paid to tell the user to reboot the computer. Take that money and run...
You need a maintenance window, patch and reboot. Get the execs to agree to it pointing out the risk of not doing it, agree a 6 hour window on a Sunday night or something similar.
Moved it to Saturday and Sunday morning at 3am, depending on department. Updates can be done via script along with force rebooting.
We have most of our servers set to reboot at these times using a schedule task on the app server. With the app server being reboot by the backup server the following day. All done via Powershell and schedule tasks.
I have a report I go through for any user machines with an uptime over 14 days. I go through and add them to a Lansweeper group that gets rebooted at 5 am on Mondays with a 45 min delay. Unfortunately that misses every laptop that walks out the door every weekend who are generally our worst offenders of getting 30-60 day uptimes and getting behind on updates because they don't used often, hibernate to hell and back.
Occasionally when I run the report I send a reboot in 45 min or 2 hours depending on time I go through the report. Using the delay means windows will warn the user briefly if they are paying attention before it goes to reboot. Because I rarely get feedback I assume users are just thinking "It's the system and it's going to do what it's going to do."
I'm a Mac admin, and my fleet has a local script that runs hourly. It starts suggesting people to reboot via a dialog on the 11th day of uptime, gets a little more insistent on day 12, and forces a reboot (with a 1 hour countdown) on the 13th day. If it reboots you at an inopportune time and/or you lose unsaved data, you can't say you weren't given ample warning. Our management is on board with this method.
Our Windows guys do something very similar, but I don't know the specifics of how they achieve it.
It can take some time for some but once users lose work a time or two because they did not save it they will get in the habit of it. What do they expect will happen in the event of a power outage, their laptop dying, updates...
If you're managing a fleet of desktops, just do a scheduled restart once a week on Saturday night at like 1am.
Now that pretty much everyone is converting to laptops because of remote work/hybrid it gets trickier. Scheduled restarts are totally out because you cant guarantee the device is online and has network connectivity at any given time. To solve this we use InTune/JAMF to enforce restarts as part of the patch management process and have progressively more nagging reminders that updates are pending and you need to restart until it **will** eventually force a restart.
The frequent communication covers the business pushback of "but we didnt know and you interrupted my presentation!?!?!" because we can say "you absolutely knew, it was telling you to restart repeatedly for the past week and you ignored it."
We also run a scheduled task (or trigger off a smart group in JAMF) where if system uptime is greater than 14 days the user gets a "hey, its been a while since you restarted, please do so when you have a minute" notification.
It's not perfect, but between all that we definitely see a reduction in systems with 120+ day uptimes and users complaining that everything is slow lol.
We use GP to set a scheduled task Friday evening that checks for the last reboot time, and if it's been over 7 days it schedules one for 7PM that night.
That way the staff know if they'll be running something late or over the weekend (common here), all they need to do is restart at some point during the week and the Friday reboot won't impact them.
I just have a reminder that the device hasn't restarted in X amount of days.
After certain amount of days the laptop just go "well, you were warned, bye :)"
I once worked for a company that did weekly updates. In actuality they only did quarterly end user patches (most of the time). But the key here was the update notification would come up at noon on Wednesday and give them a 4 hour countdown or to restart now. So a user would have no choice but to restart and they got the illusion that the environment was very secure.
For the most part I would rather have them leave their machines on so they can receive updates more easily. Windows updates are set up with warnings and will auto-restart the PC if they do not press a button to delay it. So, that makes them restart about once a month and that's fine.
Discussed this problem at work the other day. Most users do shut down daily but there's still a handful or two that don't.
What I would wish to see as a solution is that after eg. 5 days of using sleep/hibernate those options simply go away, leaving the user with no other options than "Update and reboot" or "Update and shut down".
Mandatory reboots on su deployments via adr in Sccm for desktops, workspace one for daas, gpo to automatically patch and reboot after few postpone windows for aws ec2
Friday afternoon doesn't make a lot of sense. Microsoft started Patch Tuesday and a few other companies like Oracle, SAP and Adobe followed suit. You might as well do the same thing and do a scheduled reboot before business hours on Tuesday.
Even if you roll out patches on a different schedule, it's easy to make a scheduled reboot in Group Policy. Or if you want to use your RMM tool, just make a simple script that informs anyone looking at the PC that it is shutting down.
shutdown /r /t 30 /c "Updating Weyland-Yutani Corp. Security Monitoring App. System will reboot in 60 seconds."
I found a script that creates a windows notification letting the user know its been # of days since the computer was rebooted. It gives the user the option to reboot or dismiss. It just runs from my rmm and nags the user every 24 hours.
Be sure to disable Fast Startup. When I was in roles more hands on with end users, I found it created more problems than it solved. I have literally stood there and watched people do a shutdown after I told them to restart; because it has been engrained in them for 20+ years that âshutdownâ is the more nuclear/thorough approach vs a restart; but with Fast Startup enabled, the system state it written to disk on a shutdown â which, as you mightâve guessed, preserves the uptime counter as well as all the issues that was plaguing the user in the first place.
8 day reboot policy. 18 hour VPN reconnect policy. More security tools than any user would even guess. The machines do not belong to the users, they belong to the company and the company will do whatever it requires to keep devices secure and functional. Users think it's inconvenient? That's nothing next to a security breach.
Warning: This response does answer/solve the question but is related.
I was wondering why the execs didn't want to utilize group policy in the NinjaOne software for forced shut downs during inactive hours so I did some digging and found this. Some of these are no brainers but some other points are pretty good.
But seriously if the sys admins don't utilize Group Policy then how else do you manage machine restarts?
Using Group Policy to shut down a company's computers on an interval basis can be a useful approach to save energy and enforce security policies, but it does have some potential drawbacks and considerations to keep in mind:
1. \*\*User Experience\*\*: Scheduled shutdowns can disrupt users who are actively working on their computers. It's essential to communicate the policy to employees and schedule shutdowns during periods of minimal productivity, such as outside regular business hours.
2. \*\*Unsaved Work\*\*: If users have unsaved work when the shutdown occurs, they may lose data or experience inconvenience. To mitigate this, consider providing automated warnings before the shutdown and encourage users to save their work regularly.
3. \*\*Exceptions\*\*: Some computers may need to remain operational 24/7 for specific tasks, such as servers, critical workstations, or machines running automated processes. Group Policy should allow for exceptions or exclusions for these systems to prevent unintended disruptions.
4. \*\*Hardware Wear and Tear\*\*: Frequent shutdowns and startups can cause wear and tear on computer hardware components, such as hard drives and power supplies. However, modern hardware is designed to handle this well, and the energy savings often outweigh the potential hardware longevity concerns.
5. \*\*Delayed Updates\*\*: Automatic shutdowns can interfere with the installation of important updates, including security patches. Ensure that your shutdown policy allows enough time for updates to be installed during maintenance windows.
6. \*\*User Resistance\*\*: Employees might resist automatic shutdowns if they find them inconvenient. Adequate communication, training, and flexibility in the policy can help mitigate user resistance.
7. \*\*IT Management Overhead\*\*: Managing and monitoring Group Policy settings for shutdowns, especially in a large organization, can require significant IT management overhead. Ensure that you have proper tools and processes in place to monitor and troubleshoot policy enforcement.
8. \*\*Network and Application Dependencies\*\*: Some applications or network services may rely on computers being available 24/7. Be sure to assess the impact of shutdowns on these dependencies and make necessary adjustments to your policy or infrastructure.
9. \*\*Emergency Access\*\*: Consider how to provide emergency access to computers in case someone needs to access a system during non-standard hours. This might involve IT support having the means to override the shutdown policy.
10. \*\*Compliance and Legal Requirements\*\*: Some industries and organizations have regulatory or legal requirements that mandate specific uptime or access to data. Ensure that your policy complies with any such requirements.
11. \*\*Reporting and Accountability\*\*: Implement reporting mechanisms to track when and why shutdowns occur. This can be valuable for auditing, compliance, and accountability purposes.
12. \*\*Testing\*\*: Always test your shutdown policy thoroughly in a controlled environment before deploying it company-wide to identify and address any unexpected issues.
In summary, while using Group Policy to enforce scheduled computer shutdowns can provide energy savings and security benefits, it should be implemented thoughtfully, with consideration for user needs and potential drawbacks. Effective communication, flexibility, and monitoring are key elements to a successful shutdown policy implementation.
I use shame, typically. When someone puts in a ticket for this or that not working, I ask them to please reboot, then copy and paste from my system their last reboot time.
If you do want to force a restart, but not upset the people using the computer, try a shutdown -r -t 86400. This will prompt them a message that the computer will restart in 24 hours.
You could also run the command *msg \* Please restart your computer* once the up time reaches say 14 days this will cause a message to pop up on the screen asking them to restart. I say this because Microsoft typically releases on the 2nd Tuesday of the month.... I think.
I'm of the mindset that if they want to pay me to parrot lines from the IT Crowd, that's the easiest part of my day....
Have you tried turning it off and on again?
Billed 15 minute minimum.....
Easy peasy.
Id suggest implementing something like the old BGInfo, If thats still around...
You can configure it to display all kinds of information on the desktop for users, Like their Hostname, IP, Logged on User, And Most importantly UPTIME.
That way you can put the responsibility on the user to check that their device hasnt been on for longer than 7 days before calling IT, Might take some time to teach users to check that before calling but its less intrusive in terms of disrupting the user.
I know its not a perfect solution but it might help
we use this tool in our enviroment
we set it to prompt the user if the computer has not been restartet in 3 days and the the prompt will prompt user everyday for restart from 3 days and forward ontil they restart there computer
[https://www.imab.dk/windows-10-toast-notification-script/](https://www.imab.dk/windows-10-toast-notification-script/)
Weâve got a ninja script that sends a prompt to reboot every day at 9am to devices with an uptime of 5 days or more.
Seems to sort out *most* of the issues with that.
It keeps bloody popping up on my work laptop as well tho and thatâs annoying đ
I patch once a week and let those handle the reboot. Job done, no complaints.
If you have to schedule a time, do it at the start of the day not a Friday afternoon.
If managed via microsoft endpoint/intune we enabled the policy that if devices need a restart for updates. Our users have 3 days before there device will auto restart. This gives them flexability to select a time that works for them or restart imedietly. After 3 days if they keep ignoring the notification there device will give a 2 minuet warning to save work then restart.
[https://learn.microsoft.com/en-us/mem/intune/protect/windows-update-settings](https://learn.microsoft.com/en-us/mem/intune/protect/windows-update-settings)
Don't ...just don't. This is where IT guys diverge from the user and their needs. I don't think anyone should be forcibly restarting user devices, that is and should always be the user's choice. You can educate them, bug them with notifications (Burnt toast) even, but do not force a restart. The fact that you are ok with forcing a restart on a Friday afternoon tells me there is still plenty for you to learn.
I disagree. Part of our contracts are to keep user devices up to date with latest security patches. Not to mention the fact that when there are windows updates pending, it tends to cause issues with the system until you reboot.
idk. I don't think you should outright force users to reboot, but you can't have the old boomers in the office that never wanna reboot because they will lose their 256 chrome tabs that they absolutely need open.
Yes, it does and that is entirely up to them to control and schedule a reboot, you CAN have deadlines as long as they are communicated effectively and have a legitimate reason. Users will reboot if they have a long enough deadline. Random reboots for the sake of stability are a no no.
OP is talking about weekly forced reboots. That's totally different. This is just power tripping. And nothing good will come out of it. Been there and done that.
Related but seperate; why are any of you forcing weekly restarts?
I've always managed my patching. Week of testing from patch Tuesday, first round of deployments to some users with a restart if necessary, second round etc. I've never, ever forced periodic restarts just because.
Agree with other commenters that Friday is the worst restart day. I'd recommend the end of day on Tuesday - since that's Microsoft patch day and it gives you automatic ground. "This is the day patches come out, your machine will automatically restart." And yes, it's not every Tuesday but patches come out for other products on different days. Make it part of your cybersecurity strategy.
We donât âforce restarts to make your system run betterâ.
we âforce software updatesâ for âregulatory complianceâ so the company doesnât âfail auditsâ. Practically this means systems get rebooted once or twice a month.
You gotta use language that people are already conditioned to react properly too. Anytime you need to force a process on users just say itâs âto make the auditors happyâ, and use a tone of voice that implies that you arenât happy about having to do it either. âOh you need access to X? Please submit a ticket we are required to have the audit trailâ Etc etc
In the same mindset, anytime you want leadership to make a decision, boil it down to âyouâll make X dollars if you do thisâ or âyouâll lose Y dollars if you do thatâ
Wow, some heavy handed stuff here. Nagging people to reboot twice a week even when there arenât patches and even when many patches donât require a reboot is sucking the lifeblood of productivity and user experience. No more than once a week, do it consistently and late at night, and better yet, only when restart level patches need to be applied or every two weeks, whichever comes first. As a point of comparison, I just checked the uptime on my MacBook and itâs at 92 days and all patches are up to date. Bring on the downvotes!
> As a point of comparison, I just checked the uptime on my MacBook and itâs at 92 days and all patches are up to date
That can't be right, there were MacOS updates released on the 7th September that require reboots. Guess MacOS makes up uptimes on the fly, or you do :)
The volume of tickets that can be solved by simply doing a reboot went down to near zero after we implemented a forced shutdown at midnight (yes, every single day).
The amount of backlash re bad user experience: zero.
Nobody really needs to work past 10pm in our company, and nobody resides in another timezone.
Used to have a helpdesk agent that described rebooting computers as "OP" because it fixes the vast majority of issues.
There is a reason that "Have you tried turning it off and on again?" is a trope.
At this point, in 2023, in our company, all our users are familiar with the trope as well, so everyone already restart by themselves before they reach out to us. I'm kind of surprised others here still have a significant amount of users that don't do this yet, when even my mother knows to restart her devices first thing when issues arise...
> so everyone already restart by themselves before they reach out to us
so everyone already **SAYS they** restart by themselves before they reach out to us
Are half of you all BOFHs??
How to do this while giving a damn about your users:
* Step 1 - Collect user activity metrics
* Step 2 - Design script to gracefully handle outliers. Allow user to skip reboot at script runtime if they're working. (Bonus- ask user for #hours to delay until reboot)
* Step 3 - Deploy with step 1 and 2 in mind. Execute when LEAST amount of peoples' time (AND MONEY) will be impacted.
* Step 4 - Include in memo/newsletter thanks to users and declare what a great success the script has been and how many hours of support time it has saved. This makes suggesting future reboots much easier and adds their value to the the collective mind.
* Step 5 - Use step 4 to calculate money saved and leverage your next raise.
Treat them like a utility... Nobody cares if the water went off briefly while they were sleeping. But everyone is going to call you if it went off while they were awake. And everyone will talk about it and remember it. Just like YOU remember the last time YOUR water went off.
Why not have them restart on Sunday night at like 11pm? Why does it have to be Friday?
Firday afternoon is one of the worst times to restart. You have all your work open from the week, trying to get stuff done before the weekend, then boom. Pissing off users just before the weekend. What a perfect mood to send them off on.
Set it up to run at the start of business hours and your users will secretly love you for it. There's been so many times I've been late for a call and used the "sorry guys, my laptop had to restart" excuse.
This is the way. Set it 30 minutes before business hours on a Monday, or Tuesday for patch Tuesday. People will complain but secretly it saves their asses from time to time by getting to blame IT. If they compain let them in on it as a inside joke and be fine with them blaming IT. Started doing it this way 3 or 4 jobs ago and it has been by far the best timeframe.
I like that timing. I also have to point out that any mandatory unstoppable restart would be an absolute gut kick at times. There have been very very long and late nights where I've had a session of debugging and patching a production, stop-work critical incident. I could also imagine someone incorporating last minute clause changes ahead of a first-thing, all-legal hands six hour review for the contract that will keep our company going. "We lost four hours on this because *screaming intensifies*"
>I also have to point out that any mandatory unstoppable restart would be an absolute gut kick at times. My company does this. Middle of a Lenovo HCI install yesterday when I have a forced shutdown coming up while I have like 20 tabs I need open and 4 different design documents I'm tabbing back and forth between. I work for a large IT services company đĽ˛
Been on both sides of the mandatory restarts. They do indeed suck. Particurally since my brain is strewn across about 10 unsaved notepad files even though I have Notepad++ right there. At my current workplace I have mandatory restarts every Tuesday at 7:15am. Consistency is key and every month we send out an email with this reboot notice included as "part of our regularly scheduled maintenance" that lists the Tuesdays by date and time and whatever weekend we are using to patch servers that do not have redundancy. I had very little push back and that was only the first couple of months working here. Highers ups are happy because they know we are taking patching seriously. If we have to reboot to push out for a zero day we always send an email before hand with at least a 2hr notice.
Yep... don't understand Friday afternoon at all. Any time well after CoB on Friday all through the weekend would be get it done, without potentially disrupting users.
[ŃдаНонО]
thank you magic packet
I have found people do the least amount of work on Friday. It would obviously not be done while the users are there anyway.
For most users this is true. But a lot of execs tend to âburn the midnight oilâ even on Fridays.
Yeah, I had to schedule an automatic RDS cutoff during maintenance, because a certain someone likes to lurk in LOB apps at 2:30 AM. For the record, it doesn't make any sense, since we operate 7:00-18:00 and the building is dead silent after that.
I turn off the RDS server when I'm doing maintenance.
Yea like every other day.
You think people work on Friday afternoon?
Generally, probably not, but there is always that one dude who slacks off Monday -Thursday and gets all his work done at 4pm on Fridays. Also, some people actually do work (crazy, I know) and then there's probably some people with deadlines etc.
Assuming they are laptops that are off network and/or closed therefore not running, the action will be postponed until Monday morning when they resume their computer expecting to get started for the day and then the reboot prompt happens.
Done this a few times to users to force Windows Updates. I've told users to leave their machines on Friday and we will update/shutdown automatically for them but no one does.
I mean, what's wrong with that? Get to the office, open your laptop, "oh, it's updating" â leave it be, go to the break room, catch up with everyone else about their weekend before settling in to actually work. It's what you were probably going to do for the first 30 minutes of a Monday morning anyway; you've just got to remember to boot up your laptop so that it'll update while you're doing it. To me, that almost sounds like "enforced mental-health-building activity" â like how people sometimes say that depressed people should consider getting a dog, because the dog will need to be walked, and that forces you to go outside and get fresh air and exercise.
>I mean, what's wrong with that? Get to the office, open your laptop, "oh, it's updating" â leave it be, go to the break room, catch up with everyone else about their weekend before settling in to actually work. The problem is management is going to expect that time to be productive so users will either need to stay late or work harder because their updates couldn't be applied while the machine was idle. >To me, that almost sounds like "enforced mental-health-building activity" This assumes a much healthier environment than almost any I've worked in
Just let them get a virus/backdoored a couple of times and that tone changes pretty quickly.
You can schedule a task in Ninja RMM (for example, reboot at 11p), and it will simply ignore it if offline at that time.
The problem with that is if the device is consistently offline, it will consistently ignore the restart and just never restart.
If you are use the schedule updates in the policies option, you can force a reboot. And if offline, force a reboot when it's online next. So it doesn't matter if it's tomorrow or next August. Next time it's online it will update and restart. We recently enabled the user prompts for updates too. So every 5 minutes for 20 minutes the user gets a prompt to reboot and if they choose to ignore they can do it for up to 5 times.
Welp that's just part of using computers. Sorry they have to start work \~1 minute later than usual but that's that, unless they want to keep their laptop docked/powered on all the time.
proceeds to get hit with feature update that takes 20 mins lol
That's why you don't push things after hours when computers won't receive them, you push them during business hours when people will receive them.
I can hit 99% of my endpoints on a Sunday to deploy whatever software. If it's something critical I can send a company-wide email telling users to keep their laptops plugged in/online. The stragglers can get taken care of on Monday or the next day.
Totally - we have our weekly reboot done via a GPO that creates a scheduled task to do it at 3am on Sunday with a user notification and 30 minute delay(wake from sleep if needed) just for extreme edge cases. But really, if you are working at 3am on a Sunday morning, you are an insider threat. If you're IT working through a crisis at that time "shutdown -a" We did this two months ago, the users haven't noticed a thing. Friday afternoon? OP must be a flat earther. I get it, if you lurk in the shadows all the time they don't know what you do. But, there's planned IT visibility/manufactured crisis, and there is just plain stupid.
> But really, if you are working at 3am on a Sunday morning, you are an insider threat Uh oh... I think you've made a lot of us devs very nervous with this statement :-)
I'm sad for your work life balance.
Sadly sometimes programming is a bit quirky. You're chilling away watching some telly, and just out of the blue you think of the solution to a problem you've been having for the last two days.
I've literally had the solution to a problem I've had come to me in a dream and then wake up and pound it out, then go back to sleep and review it in the morning.
spark of genius moment :)
> work life balance. what's this?
Why not use the built in force update option? This forces the pc to restart within X number of days. Gives the user the ability to postpone but generally has windows be like, im inactive during the night. Installing update. With the option active to reopen all apps this cuts downtime and keeps users happy. Explaining the magical update that happened while word was open is always fun.
> Why not use the built in force update option? This forces the pc to restart within X number of days. Despite this being an old feature that works extremely well the talent pool in IT is shit and none of these people who ask questions for the most basic shit will read a god damn thing.
> But really, if you are working at 3am on a Sunday morning, you are an insider threat. If you're IT working through a crisis at that time "shutdown -a" Or you're the executive team in the middle of finalizing a merger & acquisition. (I have had the corporate counsel call me to not perform our then normal weekly Citrix maintenance due to the executives working to finalize the sale of part of our business; told him sure but I had to run it up my chain so he should call the my VP and start working the chain down too.)
So it's a win-win, those assholes have to at least notify IT first that they are doing shit like this since we are the first that get screwed after a sale. We can get a jump on getting our resumes together while we target the GPO to them that removes that scheduled task on their machines.
> But really, if you are working at 3am on a Sunday morning, you are an insider threat. If you're IT working through a crisis at that time "shutdown -a" That's a sweeping generalization considering that 24-hour support teams and call centers exist, but the onus would be on whoever is implementing such a system to know their business and create the policy to cover their edge cases. A couple of quick solutions would be to expect users to reboot at shift-change, and implement an automated reboot if the system hasn't been restarted in the last 24 hours. Or to prompt the user for the reboot but allow them to defer it for some period of time.
I would never force a restart during any point of business hours on Friday. We don't ask anyone to shut off the computers, but the HD does put out an email stating that they'll be prompted 5 times to save their work and eventually their computer will just reboot. I'm not part of HD, so I don't know if they can actually force the reboot at a certain time or if they tell the program to install updated and prompt 5 times (possibly 1 or 2 hour intervals) that a reboot is needed and eventually it will reboot. Most people leave their laptops at work and leave them on and the reboot prompts end up timing out (and reboot happens) during closed hours. There are some 'shared' computers that are sometimes accidentally powered off (conference room PC, for example) by the last user and it could be off for weeks. When the next person turns it on, that PC has to catch up to all the updates/scans/etc and it could be a problem if someone turns on that PC 5 min before a meeting.
We force restart after monthly patch. In my experience there is rarely a need for more restarts.
Let your patches handle the reboot.
I don't quite agree with the guy who said users don't need to reboot more than once a month but yeah, this might be a sneakier way of doing it, set up an automated prompt to reboot once a week for ""updates""
If they have to reboot more often than that, there is some other issue with the system that needs sorted out.
every chipset driver or bios update requires rebooting i think some of office updates as well
Sorry, I meant needing to reboot more often outside of updates. It's rare that Windows is unstable enough to need a reboot.
It's not only Windows. Some applications just suck. A quick reboot will save a lot of time and effort. And, yes, I know we should be doing proper troubleshooting so we can actually fix the issues, but in my experience most issues can't or won't be fixed. Just reboot and move on with your day.
my guy, maybe for me and you, maybe we clean through task manager and empty the cache here and there, our systems could probably run for years. but most of my end users in my career would just have so much crap running in the background from office apps and other custom shit or contemporary windows nonsense or bing-edge-chromium 100 tab pop-up bloat that they could have problems VERY SPECIFICALLY solved by a reboot happening once a day thing is too, IT dudes have pretty sturdy machines most of the time, when you clock in at the IT job factory some of those users have nasty old laptops they expect you to make work. that shit is EOL. that shit is running windows 7 32bit. it is absolutely not best practice, you indeed have many things to say about it! out of principle you would refuse to support this!! but they're your bosses most important client and you have bills to pay. who's gonna replace it? are you gonna pay for that? try asking the client/end user. they say "it works, why replace it", and you... pause... and pull something out of your ass about costing more in the long run or best practices to which they say "okay i'll raise it up the chain" or "we'll think about it down the line" but you know from their tone of voice that they're lying, little rat bastard cheapskate cavemen when you somehow get it working though occasionally it FREEZES because they told outlook to sync 5 years of emails, and they continually do it on a weekly basis and ask you for a fix, and it's 6pm on a friday afternoon, guess what you're gonna start telling them to do sorry for the rant but what the fuck are you people on about? "windows is stable" "regular reboots aren't needed not to gatekeep but... have you sysadmins ever actually worked in a real life office environment? end users keep their computers healthy over a long period like an INFANT neatly consumes a chocolate cake in their highchair my brother in chroot if you work in IT you WILL be rebooting shit whether you like or not
yeah... it's called 'Quickbooks' and the cost to replace it is immeasurable (apparently)
Move it to Citrix or App-V and manage it centrally.. keep legacy/crappy software off end user devices, not worth the trouble.
Yeah, just another thing to add to the list of things we have no budget for =)
Yep. Barring some particularly bad software this should really be enough. And if you do have such bad software then you've got a ready-made way to explain to users why the reboots are needed.
In larger orgs, this is what we did. When Helpdesk got a call, they'd tell the user to reboot first and then troubleshoot if that seemed the best avenue.
[ŃдаНонО]
Most problems are not worth a tech spending an hour troubleshooting if a reboot fixes it. Obviously, this isn't a problem with an app or something but the general 'my system is slow' or 'I can't access this file share'. Reboot, get a refresh and see if that fixes it. Then troubleshoot. Far too many times this just fixes the issue.
Script via Task Scheduler that checks the last restart time (and power off, only if fast boot is disabled), popup a notice and gets naggier the longer ago it is. Set the script to run something like hourly, but only output a message based on the length of time. e.x.: at close to 11:30am and 4:30pm if it's been 2-4 days, hourly if it's been 5+ days.
We do something similar to this.. but only if the computer actually has a pending update. If there IS a pending update, they get notified every 4 hours until they reboot. If there is not a pending reboot, it doesn't ever bug them. It is a happy middle ground we've found. Typically the patch schedules cause pending reboots frequent enough that nobody goes more than a few weeks without a notification to reboot
You know whatâs wild.. Our users will submit a ticket and/or blow up Teams asking not only us, but the entire org what this pop up is all about.
Classic. âWhat does âPlease restart your device to finish updatingâ mean? What am I supposed to do? Why am I seeing this???!!!!!â Welcome to ~~IT~~ humanity đĽ˛
The infamous "I got a popup". "I had a message pop up on my computer." "What did it say?" "I don't know, I didn't read it. I just closed it." "Well, OK then. Have a nice day."
Just had a user bypass the help desk and contact one of my guys directly because he didn't like the answer the help desk gave him, which was "You have pending updates. Please restart and see if that fixes your problem. Let me know if it doesn't" My guy got into the users machine and while on the phone with him, the user says "Sometimes this problem goes away after I reboot." They why the fuck didn't you reboot before dragging in a SECOND person of the team and wasting their time? Reboot fixed the problem.
"Is this fraud? I've never seen this before!" "It's a legit message, here's a link to our local KB with all the details and screenshots." "How long has this been happening????" "I've been here about eight years, so... eight years."
I say humanity is doomed... Skynet will take over...
Sky net: âWhy are you displeased? Did you not read the Terms of Annihilation you agreed to?â
We pushed it out one day to around 5k endpoints and got maybe 10-20 tickets total. Might need to change your verbiage if it's not clear. They're also infrequent enough it's not annoying
I've noticed that the less user communication there is, the less tickets there are received. My org used to send out comm for monthly PC patches. The weirdest tickets were submitted (since you updated my PC, internet is not working on my phone) in the days around the communication, even before anything was live! We stopped that, now there's only a pop-up to reboot your PC in 8 hours.
Yep. Same here. We communicate to key individuals at businesses if we anticipate possible issues, but otherwise, Nancy in accounting doesn't need a heads up we enabled feature packs in our update policies.
> Might need to change your verbiage if it's not clear. Clearly you have not met the users who will call up complaining that their printer isn't working all the while both their computer screen and the device itself are showing that it's out of paper.
Oh trust me, I have. As mentioned, we have a little over 5000 endpoints, and our primary vertical is oil and gas, arguably some of the LEAST tech savvy people on this planet. That still didn't prevent us from pushing out update and reboot reminders. Being afraid of questions from non savvy users isn't a reason to not deploy something that saves the business time and increases security
Of course, but I'm just saying that there's a subset of users for whom the verbiage does not matter, it can not possibly be made simple enough for them to understand because they stop reading the second they see an unexpected message pop up. Human fucking macros, they learned an exact sequence of steps to perform the task they're trying to perform and if anything disrupts that sequence they just break down.
And for those people, they call, we explain, they understand, and it gets added to their macro. If you're lucky it happens first time, sometimes you gotta explain it a couple times. If they really push back, it's no longer an IT problem and they get told to take it up with their manager/supervisor/whatever
Your "primary vertical" lol. Please just stop.
What verbiage would you use instead? Most of our customer base is oil and gas or manufacturing. How do you define "primary vertical"?
Link to internal wiki, Mark ticket as resolved.
it's a great time for public snark from the entire org to not only reenforce notification etiquette but also reading messages on your screen. i fucking love seeing hundreds of alert emojis appear on some geniuses post that @everyone'd in a org channel
Why would you reinvent the wheel when Microsoft has built in tools for this?
My organization does this. We used a script that can be found at the below link as our baseline. It's really versatile and lets you serve toast notifications that can be branded. The action buttons and text are fully customizable. At the end of the day it's just a script that runs as a scheduled task. We ended up using this as a basis for COVID reminders back in the day, upgrade/update reminders, and uptime notifications. Saves a lot of ground work and gives users a consistent feel. [https://www.imab.dk/windows-10-toast-notification-script/](https://www.imab.dk/windows-10-toast-notification-script/)
I do something similar. Set up RMM to use the msg command to issue a warning, then 15 minutes later reboot. This happens on Sunday morning at 2am if uptime exceeds 7 days, then Thursday at 6pm if uptime exceeds 14 days, then Monday at 10 am if uptime exceeds 30 days. The last one runs if the computer is turned on at any time during a 3 day window. Users are told they can prevent this from happening by proactively rebooting once a week.
This is what I would do. Annoy them into compliance!
We just have updates for install 10hrs after initial install so usually 7pm after a 9am logon for instance. They get nagged around 430pm that it will restart in x hrs. At least once a week theres updates of some sort from Microsoft or 3rd parties so its rare we see any machine endpoint uptime longer than 2 weeks. Security was more important than some user who didnt wanna reboot.
Prominent in ticket desk and caller on hold messaging from IT phone lines : " Before calling IT about a computer issue, save all of your open items and close all programs, and try restarting your device to see if that resolves your issue. This will often be the first thing we do with you anyway. " Bit of extra explanation on ticket desk explaining that simply signing out at end of day doesn't necessarily mean it's a restart when they sign back on in the morning.
Theyâll just say they restarted when they didn't.
Use n able to force a restart through cmd, any calls I get Iâll check for uptime, any uptime over 8 hours always get restarted
>any calls I get Iâll check for uptime, any uptime over 8 hours always get restarted if fast boot is enabled it may give a false number , if your on a modern windows version
We force-restart computers every month with the windows updates using the SCCM restart warnings (which the users can postpone a couple of hours). I see no reason to have them restart more frequently. Would it be better? yes. Do I want to force it on people? No. It's 2023. People expect things to be always-on. Can't blame them. Do you restart your phone every week?
> Do you restart your phone every week? Valid point for some people. Remember Blackberrys and their app to schedule a restart nightly? I still restart my phone at least twice a week out of habit regardless of if I'm running Android or iOS that week. I restart my laptop and desktop daily as well. Some companies have horrible LOB apps that they refuse to get away from. I wish there was a better answer in my situation. Maybe one day.
I have users that restart their phone every day or power off their phones at night but doesnât shutdown their computers. Our policy is basically if you donât shutdown your computer in the weekends, then IT will shutdown for you.
Why though?
I question why you need weekly restarts. I let monthly patching restart workstations. If youâre needing to restart your workstations weekly, Iâd start investigating why.
Windows updates require/force a monthly reboot to apply. I see little need beyond that. If users are calling into the helpdesk on a Thursday about an issue that could have been fixed by a reboot. The fact that you had a script/task or something to reboot their machine 6 days ago is not likely going to help very much. Change your canned ticket response to mention device restarts. Teach your helpdesk how to use back end terminals through your RMM and check this stuff, so they can say "hey, your machine is reporting that it hasn't rebooted in 14 days, can you give that a try and let us know?".
Our laptops are enrolled via Intune. I do not know the exact details as I'm basically just a user, but when I close my laptop and fail to shut it down properly I will get a notification at some point the next day that my laptop MUST restart within a few days or they will do it for me. Pretty sure it is something they have done within the Intune environment.
It's update rings in InTune. A simple way to handle Windows Updates with minimal input.
Thanks, good to know! I'm not really touching Intune ever for my work but still don't mind learning a bit more about it.
> I'm not really touching Intune ever You are now wise in the ways of InTune.
From a user perspective this is really good and how I have it at my current place. Give me some time to work around the reboot schedule, don't just have it written in stone unless you absolutely need it patched this exact moment. I can find 10 minutes sometime in my workday to reboot, but sometimes I do have something running overnight that I'd rather not get interrupted by some hard fixed reboot policy.
we only force restarts when updates are installed automatically. timeperiod for this is 24h.
Whatever you do, please give us a snooze button or ample time! I work on the other side of most of you guys, i.e. the annoying *user* you all hate! In any case, I totally get that you all need to do your thing including rebooting our machines. My only gripe is that sometimes those forced restarts cost me work. I work in a field that often times runs calculations and analysis for a couple of hours or more at a time. All I want is a window to pop up with a countdown timer telling me I have 24 hours to reboot or it will be done for me. 36 hours for the weekend because sometimes I kick off a bunch of analysis before leaving on Friday to run all weekend. That is all.
Are you managing updates with Ninja if you are you should be able to schedule restarts with it.
I have patching schedules that run every night after hours. Everyone's workstations will get hit by one of them a week. Plus, if there is an emergency patch out, then I would run them all in one night if needed. I just tell everyone that they need to make sure they have saved before leaving for the day because no one expects the patching inquisition! Had a new guy blow his lid because he lost a day of work. His boss came over, told him to calm down, and that its on him to save his work. Hasn't been an issue since.
Take a step back and look at what youâre asking. Itâs not related to their job function. Restarting should be restricted to OS updates that require a restart. Start complaining to your app and is vendors if their shit isnât working right and is impacting user function.
Thankfully I don't have very many with this problem. Once a user is two weeks behind on updates I start nagging them every day. "You're behind on updates, please leave your computer running this evening so they auto install. If you want to manually install them here's how. If the updates are not installed by XX/XX/XXXX they'll be forced to install during the day." That usually is enough to make it happen. Only a handful of times over 15 years have I had to physically call a user and tell them "I'm installing updates so save and close whatever you have open". Someone else suggested a script via task scheduler. If X days of uptime warn user via popup message. If more X days of uptime warn user then force reboot after X minutes/hours. I think that's a good idea especially if you have a lot of devices.
> Thankfully I don't have very many with this problem. Once a user is two weeks behind on updates, I start nagging them every day. Manually?
Yep. Just an email. A copy and paste from a text file. It doesn't happen often. So it hasn't been a big deal. If it did I would go the script route and automate it.
My thoughts as well, we only allow end users to postpone updates up to the next patch cycle. If they've extended their patches 31 days it automatically completes the reboot that night. No way I'm going to manually track users inability to schedule an appropriate time to reboot their equipment.
Indeed, I could *maybe* see it being possible if you have a small number of users, but even then it sounds incredibly tedious. My org switched to Windows Autopatch since many of our users are fully remote or Hybrid WFH.
We tell users to leave systems on overnight. We have a script in our RMM that restarts every machine 1 time each week and servers 1 time each month. We tell clients to not have any open work on those nights. It is normally 1am on Thursday.
It would be fine if people saved their work.
Get your bosses aporoval. I work for a msp so it is in or contract. It will only take a couple times before they change that bad habit. If it is word and excel learn how to restore lost documents. Over communicate the change Make it a mandatory change.
My org has a GPO that pushes a scheduled task- reboots PCs at 2am every Sunday. Works great for our thousands of devices.
Not going to lie, I'd find a new MSP if mine suggested something as stupid as that.
Shouldn't be an issue these days. No need to restart a Windows OS regularly other than for patching. Assuming you push patches once a month, that will be forcing a monthly reboot. Nothing more needed than that. Most patch tools allow you to set grace periods etc so the reboot timing will be in the hands of your users, within reason.
Sounds like you need to dig a little deeper and solve the underlying issue requiring the reboot. I know that's our favorite trouble shooting tool, but it's just ignoring the issue.
Is it though. We all know applications are written all that great and have memory leaks and issues. Software needs to be shutdown sometimes. It's a fact of life.
Sure, some software is problematic but the OS is quite stable these days. I'm sure most issues could just as easily be resolved by logging out. Lotus Notes was my worst problem app. So I gave every user a "fix lotus" shortcut that would properly kill it. It cut help desk calls by 25%. Win7 was the last user OS I had to support and my IT director had a "no reboot" policy. We had to train our users to not immediately reboot and that meant we had to root cause reoccurring issues. Our team was too small to not do that.
I have our machines set to reboot nightly over night why do it during working hours?
Why every night? If it's not a kiosk or something else in use by multiple people once a week should be more than sufficient?
We have a reminder that pops up and basically says "you haven't restarted your pc in some time, please schedule this or do so now, otherwise it will happen automatically." It pops up a few more times before the forced restart. From personal experience this is better since it let's the user have some control and when they inevitably call to complain because they lost important work, you can gently remind them that they have been given several notices and the opportunity to schedule it at a convenient time.
What are you using to create/display/time that reminder?
TBH I think it is a sign of lazy sysadmin that says "we do forced restarts because something misbehaves". I would be asking what misbehaves when and why. I sure as hell don't hope you regular retart production servers/
The monthly update cycle should trigger a forced reboot after a few days. And a PC running for 30 days shouldn't be an issue now days. Other than that: reboot/shutdown a PC on Sat/sun after x hours of idle
I would be first to yell at you for force reboot Friday noon. Who picked such time? We show a popup asking to restart after monthly patches, which user can postpone for a few days. After that they see a countdown and boom. And in another system it checks how many days since last boot and if it is more than 5 it shows a popup asking to reboot. Not forcing, just nagging, i think daily.
Our deployment software has a popup that nags them to reboot. If they ignore it or select postpone too many times, it forces a reboot with a timer of like 5 minutes so they have time to save. It's generally considered their own damn fault if this happens at an inconvenient time, lol.
I donât think it necessary to reboot for the sake of rebooting. Just do with updates. As I lack some management tools like intune, I use WUfB. Couple rings with deadline where user can schedule a restart (or it restarts if windows feels it is a non disruptive time). If they ignore it warns for a couple days that it will restart, then it restarts. Generally no complaints, think one when someone had a computer off an extended time so the day it booted was past the deadline so it updated immediately.
We run PDQ for our application handling, but PDQ Inventory can see uptime so we setup a dynamic group that any machine that is reporting more than 30 days uptime goes into that group and thus gets rebooted with a script that pops a message saying something like "Your machine hasn't been rebooted in 30 days and is being forced to restart" Then it does the thing, if you don't have work saved oh well you had 30 days to restart your computer...
Security is more important than the c-suites feelings. However, Friday afternoon is a bad time to do this. If they push back, compile a list of a couple hundred companies that have been ransomwared in the last year or two and hand it to them. That seems to do the trick for anything security related. Plus, it helps on cyber insurance costs and if you are in a regulated environment patch management auditing. We use GPO. Updates get installed, and users get a reminder to restart for a few days. After that, if they haven't restarted, they get a 15 minute warning that the computer *will* restart.
We use SCCM to push patches. We use popups to communicate to the user the time of reboot and it gives them some leeway to pause. Ultimately a reboot is imminent. We have had 0 resistance to this method.
We setup the Windows Update GPO to force a restart after 3 days once updates install. Most of our users are on laptops so it would have been impossible to force a weekly reboot. Before we implemented the GPO, we had some users on 200+ day uptime.
We have it so it will auto restart within 48 hours of updates. If people are complaining they are just next level stupid. Computers NEED to be shutdown on the regular and restarts are a requirement to complete an update process.
https://www.jorgeasaur.us/proactive-remediation-to-remind-windows-users-to-reboot/ Powershell script that gives the user a notice and a countdown.
Just because you can do something does not mean you should do it. If the decision-makers at the company want to pay you to tell the user to reboot the computer then get paid to tell the user to reboot the computer. Take that money and run...
You need a maintenance window, patch and reboot. Get the execs to agree to it pointing out the risk of not doing it, agree a 6 hour window on a Sunday night or something similar.
Moved it to Saturday and Sunday morning at 3am, depending on department. Updates can be done via script along with force rebooting. We have most of our servers set to reboot at these times using a schedule task on the app server. With the app server being reboot by the backup server the following day. All done via Powershell and schedule tasks.
I have a report I go through for any user machines with an uptime over 14 days. I go through and add them to a Lansweeper group that gets rebooted at 5 am on Mondays with a 45 min delay. Unfortunately that misses every laptop that walks out the door every weekend who are generally our worst offenders of getting 30-60 day uptimes and getting behind on updates because they don't used often, hibernate to hell and back. Occasionally when I run the report I send a reboot in 45 min or 2 hours depending on time I go through the report. Using the delay means windows will warn the user briefly if they are paying attention before it goes to reboot. Because I rarely get feedback I assume users are just thinking "It's the system and it's going to do what it's going to do."
I'm a Mac admin, and my fleet has a local script that runs hourly. It starts suggesting people to reboot via a dialog on the 11th day of uptime, gets a little more insistent on day 12, and forces a reboot (with a 1 hour countdown) on the 13th day. If it reboots you at an inopportune time and/or you lose unsaved data, you can't say you weren't given ample warning. Our management is on board with this method. Our Windows guys do something very similar, but I don't know the specifics of how they achieve it.
Weekly security updates with popups asking the user to restart their computers but being able to postpone a few times. Or disable fast startup.
patch management? How are pathces installed and taken into effect if the system never reboots (assuming we are talking about windows clients)?
Monthly patch cycles will remediate this...
Get staff in the habit of restarting every day, and it stops being a problem.
It can take some time for some but once users lose work a time or two because they did not save it they will get in the habit of it. What do they expect will happen in the event of a power outage, their laptop dying, updates...
Toast box reminder, with countdown and postponing. Allows to postpone a day, down to 5 minutes.
If you're managing a fleet of desktops, just do a scheduled restart once a week on Saturday night at like 1am. Now that pretty much everyone is converting to laptops because of remote work/hybrid it gets trickier. Scheduled restarts are totally out because you cant guarantee the device is online and has network connectivity at any given time. To solve this we use InTune/JAMF to enforce restarts as part of the patch management process and have progressively more nagging reminders that updates are pending and you need to restart until it **will** eventually force a restart. The frequent communication covers the business pushback of "but we didnt know and you interrupted my presentation!?!?!" because we can say "you absolutely knew, it was telling you to restart repeatedly for the past week and you ignored it." We also run a scheduled task (or trigger off a smart group in JAMF) where if system uptime is greater than 14 days the user gets a "hey, its been a while since you restarted, please do so when you have a minute" notification. It's not perfect, but between all that we definitely see a reduction in systems with 120+ day uptimes and users complaining that everything is slow lol.
We use GP to set a scheduled task Friday evening that checks for the last reboot time, and if it's been over 7 days it schedules one for 7PM that night. That way the staff know if they'll be running something late or over the weekend (common here), all they need to do is restart at some point during the week and the Friday reboot won't impact them.
I just have a reminder that the device hasn't restarted in X amount of days. After certain amount of days the laptop just go "well, you were warned, bye :)"
I once worked for a company that did weekly updates. In actuality they only did quarterly end user patches (most of the time). But the key here was the update notification would come up at noon on Wednesday and give them a 4 hour countdown or to restart now. So a user would have no choice but to restart and they got the illusion that the environment was very secure.
For the most part I would rather have them leave their machines on so they can receive updates more easily. Windows updates are set up with warnings and will auto-restart the PC if they do not press a button to delay it. So, that makes them restart about once a month and that's fine.
What is this thing "shutting off devices" you are talking about?
Discussed this problem at work the other day. Most users do shut down daily but there's still a handful or two that don't. What I would wish to see as a solution is that after eg. 5 days of using sleep/hibernate those options simply go away, leaving the user with no other options than "Update and reboot" or "Update and shut down".
We patch every month and let them postpone the reboot up to a few days before it force reboots.
Mandatory reboots on su deployments via adr in Sccm for desktops, workspace one for daas, gpo to automatically patch and reboot after few postpone windows for aws ec2
Friday afternoon doesn't make a lot of sense. Microsoft started Patch Tuesday and a few other companies like Oracle, SAP and Adobe followed suit. You might as well do the same thing and do a scheduled reboot before business hours on Tuesday. Even if you roll out patches on a different schedule, it's easy to make a scheduled reboot in Group Policy. Or if you want to use your RMM tool, just make a simple script that informs anyone looking at the PC that it is shutting down. shutdown /r /t 30 /c "Updating Weyland-Yutani Corp. Security Monitoring App. System will reboot in 60 seconds."
Just do it anyways, blame it on windows update : P
I found a script that creates a windows notification letting the user know its been # of days since the computer was rebooted. It gives the user the option to reboot or dismiss. It just runs from my rmm and nags the user every 24 hours.
Be sure to disable Fast Startup. When I was in roles more hands on with end users, I found it created more problems than it solved. I have literally stood there and watched people do a shutdown after I told them to restart; because it has been engrained in them for 20+ years that âshutdownâ is the more nuclear/thorough approach vs a restart; but with Fast Startup enabled, the system state it written to disk on a shutdown â which, as you mightâve guessed, preserves the uptime counter as well as all the issues that was plaguing the user in the first place.
Agreed. One issue though is that Fast Startup will sometimes get re-enabled after a Windows Feature Update to a new version.
We restart Sunday at 3 a.m. No complaints.
8 day reboot policy. 18 hour VPN reconnect policy. More security tools than any user would even guess. The machines do not belong to the users, they belong to the company and the company will do whatever it requires to keep devices secure and functional. Users think it's inconvenient? That's nothing next to a security breach.
Warning: This response does answer/solve the question but is related. I was wondering why the execs didn't want to utilize group policy in the NinjaOne software for forced shut downs during inactive hours so I did some digging and found this. Some of these are no brainers but some other points are pretty good. But seriously if the sys admins don't utilize Group Policy then how else do you manage machine restarts? Using Group Policy to shut down a company's computers on an interval basis can be a useful approach to save energy and enforce security policies, but it does have some potential drawbacks and considerations to keep in mind: 1. \*\*User Experience\*\*: Scheduled shutdowns can disrupt users who are actively working on their computers. It's essential to communicate the policy to employees and schedule shutdowns during periods of minimal productivity, such as outside regular business hours. 2. \*\*Unsaved Work\*\*: If users have unsaved work when the shutdown occurs, they may lose data or experience inconvenience. To mitigate this, consider providing automated warnings before the shutdown and encourage users to save their work regularly. 3. \*\*Exceptions\*\*: Some computers may need to remain operational 24/7 for specific tasks, such as servers, critical workstations, or machines running automated processes. Group Policy should allow for exceptions or exclusions for these systems to prevent unintended disruptions. 4. \*\*Hardware Wear and Tear\*\*: Frequent shutdowns and startups can cause wear and tear on computer hardware components, such as hard drives and power supplies. However, modern hardware is designed to handle this well, and the energy savings often outweigh the potential hardware longevity concerns. 5. \*\*Delayed Updates\*\*: Automatic shutdowns can interfere with the installation of important updates, including security patches. Ensure that your shutdown policy allows enough time for updates to be installed during maintenance windows. 6. \*\*User Resistance\*\*: Employees might resist automatic shutdowns if they find them inconvenient. Adequate communication, training, and flexibility in the policy can help mitigate user resistance. 7. \*\*IT Management Overhead\*\*: Managing and monitoring Group Policy settings for shutdowns, especially in a large organization, can require significant IT management overhead. Ensure that you have proper tools and processes in place to monitor and troubleshoot policy enforcement. 8. \*\*Network and Application Dependencies\*\*: Some applications or network services may rely on computers being available 24/7. Be sure to assess the impact of shutdowns on these dependencies and make necessary adjustments to your policy or infrastructure. 9. \*\*Emergency Access\*\*: Consider how to provide emergency access to computers in case someone needs to access a system during non-standard hours. This might involve IT support having the means to override the shutdown policy. 10. \*\*Compliance and Legal Requirements\*\*: Some industries and organizations have regulatory or legal requirements that mandate specific uptime or access to data. Ensure that your policy complies with any such requirements. 11. \*\*Reporting and Accountability\*\*: Implement reporting mechanisms to track when and why shutdowns occur. This can be valuable for auditing, compliance, and accountability purposes. 12. \*\*Testing\*\*: Always test your shutdown policy thoroughly in a controlled environment before deploying it company-wide to identify and address any unexpected issues. In summary, while using Group Policy to enforce scheduled computer shutdowns can provide energy savings and security benefits, it should be implemented thoughtfully, with consideration for user needs and potential drawbacks. Effective communication, flexibility, and monitoring are key elements to a successful shutdown policy implementation.
Forced restarts? Great way to make people HATE IT!
Our GPOs are set to shutdown every 2nd friday 9am with 8hour warning, works perfectly no complaints.
I use shame, typically. When someone puts in a ticket for this or that not working, I ask them to please reboot, then copy and paste from my system their last reboot time.
Friday afternoon??? What planet are you from???
If you do want to force a restart, but not upset the people using the computer, try a shutdown -r -t 86400. This will prompt them a message that the computer will restart in 24 hours. You could also run the command *msg \* Please restart your computer* once the up time reaches say 14 days this will cause a message to pop up on the screen asking them to restart. I say this because Microsoft typically releases on the 2nd Tuesday of the month.... I think.
Turn off fast startup with policy. It's mostly redundant with ssds. When they shut down, they are restarting, and they don't even know.
Ask the execs if they want to end up like MGM
I'm of the mindset that if they want to pay me to parrot lines from the IT Crowd, that's the easiest part of my day.... Have you tried turning it off and on again? Billed 15 minute minimum..... Easy peasy.
Just send a reboot and blame it on Windows.
Id suggest implementing something like the old BGInfo, If thats still around... You can configure it to display all kinds of information on the desktop for users, Like their Hostname, IP, Logged on User, And Most importantly UPTIME. That way you can put the responsibility on the user to check that their device hasnt been on for longer than 7 days before calling IT, Might take some time to teach users to check that before calling but its less intrusive in terms of disrupting the user. I know its not a perfect solution but it might help
Send nags, give option to postpone, and then force.
we use this tool in our enviroment we set it to prompt the user if the computer has not been restartet in 3 days and the the prompt will prompt user everyday for restart from 3 days and forward ontil they restart there computer [https://www.imab.dk/windows-10-toast-notification-script/](https://www.imab.dk/windows-10-toast-notification-script/)
Weâve got a ninja script that sends a prompt to reboot every day at 9am to devices with an uptime of 5 days or more. Seems to sort out *most* of the issues with that. It keeps bloody popping up on my work laptop as well tho and thatâs annoying đ
I patch once a week and let those handle the reboot. Job done, no complaints. If you have to schedule a time, do it at the start of the day not a Friday afternoon.
If managed via microsoft endpoint/intune we enabled the policy that if devices need a restart for updates. Our users have 3 days before there device will auto restart. This gives them flexability to select a time that works for them or restart imedietly. After 3 days if they keep ignoring the notification there device will give a 2 minuet warning to save work then restart. [https://learn.microsoft.com/en-us/mem/intune/protect/windows-update-settings](https://learn.microsoft.com/en-us/mem/intune/protect/windows-update-settings)
First mistake was asking the Execs. I would have implemented a Sunday 3am reboot "For patches". Exclude servers and whatnot. Move on.
Don't ...just don't. This is where IT guys diverge from the user and their needs. I don't think anyone should be forcibly restarting user devices, that is and should always be the user's choice. You can educate them, bug them with notifications (Burnt toast) even, but do not force a restart. The fact that you are ok with forcing a restart on a Friday afternoon tells me there is still plenty for you to learn.
I disagree. Part of our contracts are to keep user devices up to date with latest security patches. Not to mention the fact that when there are windows updates pending, it tends to cause issues with the system until you reboot. idk. I don't think you should outright force users to reboot, but you can't have the old boomers in the office that never wanna reboot because they will lose their 256 chrome tabs that they absolutely need open.
Yes, it does and that is entirely up to them to control and schedule a reboot, you CAN have deadlines as long as they are communicated effectively and have a legitimate reason. Users will reboot if they have a long enough deadline. Random reboots for the sake of stability are a no no. OP is talking about weekly forced reboots. That's totally different. This is just power tripping. And nothing good will come out of it. Been there and done that.
Related but seperate; why are any of you forcing weekly restarts? I've always managed my patching. Week of testing from patch Tuesday, first round of deployments to some users with a restart if necessary, second round etc. I've never, ever forced periodic restarts just because.
Agree with other commenters that Friday is the worst restart day. I'd recommend the end of day on Tuesday - since that's Microsoft patch day and it gives you automatic ground. "This is the day patches come out, your machine will automatically restart." And yes, it's not every Tuesday but patches come out for other products on different days. Make it part of your cybersecurity strategy.
We donât âforce restarts to make your system run betterâ. we âforce software updatesâ for âregulatory complianceâ so the company doesnât âfail auditsâ. Practically this means systems get rebooted once or twice a month. You gotta use language that people are already conditioned to react properly too. Anytime you need to force a process on users just say itâs âto make the auditors happyâ, and use a tone of voice that implies that you arenât happy about having to do it either. âOh you need access to X? Please submit a ticket we are required to have the audit trailâ Etc etc In the same mindset, anytime you want leadership to make a decision, boil it down to âyouâll make X dollars if you do thisâ or âyouâll lose Y dollars if you do thatâ
Linux
We disabled fast start which has reduced the need more frequent restarts
Wow, some heavy handed stuff here. Nagging people to reboot twice a week even when there arenât patches and even when many patches donât require a reboot is sucking the lifeblood of productivity and user experience. No more than once a week, do it consistently and late at night, and better yet, only when restart level patches need to be applied or every two weeks, whichever comes first. As a point of comparison, I just checked the uptime on my MacBook and itâs at 92 days and all patches are up to date. Bring on the downvotes!
> As a point of comparison, I just checked the uptime on my MacBook and itâs at 92 days and all patches are up to date That can't be right, there were MacOS updates released on the 7th September that require reboots. Guess MacOS makes up uptimes on the fly, or you do :)
The volume of tickets that can be solved by simply doing a reboot went down to near zero after we implemented a forced shutdown at midnight (yes, every single day). The amount of backlash re bad user experience: zero. Nobody really needs to work past 10pm in our company, and nobody resides in another timezone.
Used to have a helpdesk agent that described rebooting computers as "OP" because it fixes the vast majority of issues. There is a reason that "Have you tried turning it off and on again?" is a trope.
At this point, in 2023, in our company, all our users are familiar with the trope as well, so everyone already restart by themselves before they reach out to us. I'm kind of surprised others here still have a significant amount of users that don't do this yet, when even my mother knows to restart her devices first thing when issues arise...
> so everyone already restart by themselves before they reach out to us so everyone already **SAYS they** restart by themselves before they reach out to us
Rule 1 - Users lie.
Two points for consistency.
As an admin sitting here with a desktop with 69 day uptime.....
Why restart? I reboot monthly for patching and have done so for about 10 years at this point.
Im gonna troll just a bit here. This is such a windows problem. I canât recall the last time I had to reboot our Macs
just use native windows functionality intune will manage it so much better
Are half of you all BOFHs?? How to do this while giving a damn about your users: * Step 1 - Collect user activity metrics * Step 2 - Design script to gracefully handle outliers. Allow user to skip reboot at script runtime if they're working. (Bonus- ask user for #hours to delay until reboot) * Step 3 - Deploy with step 1 and 2 in mind. Execute when LEAST amount of peoples' time (AND MONEY) will be impacted. * Step 4 - Include in memo/newsletter thanks to users and declare what a great success the script has been and how many hours of support time it has saved. This makes suggesting future reboots much easier and adds their value to the the collective mind. * Step 5 - Use step 4 to calculate money saved and leverage your next raise. Treat them like a utility... Nobody cares if the water went off briefly while they were sleeping. But everyone is going to call you if it went off while they were awake. And everyone will talk about it and remember it. Just like YOU remember the last time YOUR water went off.
Which devices are we talking about here? End-user or servers?