Update Orchestrator
Purpose
This solution uses a custom task, a device group, and a custom monitor to manage and deploy ProVal's solution to prevent the Update Orchestrator from patching and rebooting machines without warning.
Associated Content
| Content | Type | Function |
|---|---|---|
| CW RMM - Device Groups - Update Orchestrator | Device Group | The device group is designed to slowly deploy the Update Orchestrator in the environment. |
| CW RMM - Task - Update Orchestrator Bouncer | Task | Will attempt to "neuter" the Update Orchestrator solution on endpoints by renaming/removing a directory. |
| CW RMM - Custom Monitor - Update Orchestrator Bouncer | Monitor | This solution will monitor the C:/Windows/System32/Tasks/Microsoft/Windows/UpdateOrchestrator/Reboot path. If the folder for "reboot" exists, it will be renamed to reboot.bak. This prevents the Update Orchestrator from side loading Microsoft patches on endpoints that are not approved via the RMM. |
Implementation
-
Create the device groups. This step is required before creating the tasks; otherwise, they will not have a proper target.
Follow the documentation here: CW RMM - Device Groups - Update Orchestrator -
Create the Update Orchestrator task.
Follow the documentation here: CW RMM - Task - Update Orchestrator Bouncer
Please ensure that the task is scheduled per the above documentation! -
Create the custom monitor.
Follow the documentation here: CW RMM - Custom Monitor - Update Orchestrator Bouncer
Please ensure that the task is scheduled as the Automation Task on the monitor.