Update Orchestrator Bouncer

Summary

This solution will monitor the C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot path. If the folder for "reboot" exists, it will be renamed to reboot.bak. This prevents the update orchestrator from side-loading Microsoft patches on endpoints that are not approved via the RMM.

Note: A Task and Device group will need to be created before the monitor can be set up.

Details

Monitor Creation

Navigate to Automation > Monitors
Click "Add Monitor"
Monitor Creation

Monitor Configuration

Name: Update Orchestrator Bouncer
Description: This solution will monitor the C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot path. If the folder for "reboot" exists, it will be renamed to reboot.bak. This prevents the update orchestrator from side-loading Microsoft patches on endpoints that are not approved via the RMM.
Type: Script
Family: Patch Management
Severity: Other

Monitor Configuration

Conditions

Run Script on: Schedule
Repeat every: 3 Hours
Script Language: PowerShell

Script:

Test-Path 'C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot'

Criteria: Contains > AND > "True"
Run Automated Task: Update Orchestrator Bouncer

Conditions

Ticket Resolution

Automatically resolve: Enabled
Run same script as above
Criteria: Contains > AND > "False"

Ticket Resolution

Resources

Note: A Task and Device group will need to be created before the monitor can be set up.
This monitor is intentionally aimed at the Update Orchestrator group.

Resources

Dependencies

Ticketing

This solution does technically create tickets, but the tickets are designed to autoclose as soon as the machine runs the task to update PowerShell.

Summary​

Details​

Monitor Creation​

Monitor Configuration​

Conditions​

Ticket Resolution​

Resources​

Dependencies​

Ticketing​

Summary

Details

Monitor Creation

Monitor Configuration

Conditions

Ticket Resolution

Resources

Dependencies

Ticketing