{"id":3426,"date":"2013-06-10T00:01:00","date_gmt":"2013-06-10T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2013\/06\/10\/determine-pending-reboot-statuspowershell-style-part-1\/"},"modified":"2013-06-10T00:01:00","modified_gmt":"2013-06-10T00:01:00","slug":"determine-pending-reboot-statuspowershell-style-part-1","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/determine-pending-reboot-statuspowershell-style-part-1\/","title":{"rendered":"Determine Pending Reboot Status&#8212;PowerShell Style! Part 1"},"content":{"rendered":"<p><strong style=\"font-size:12px\">Summary<\/strong><span style=\"font-size:12px\">: Guest blogger, Brian Wilhite, talks about using Windows PowerShell to determine pending reboot status.<\/span><\/p>\n<p>Microsoft Scripting Guy, Ed Wilson, is here. Today we have the first of a two-part series about using Windows PowerShell to determine if a reboot is pending. Brian Wilhite, the writer, is no stranger to readers of the Hey, Scripting Guy! Blog&mdash;he has written <a href=\"\/b\/heyscriptingguy\/archive\/tags\/brian+wilhite\/\" target=\"_blank\">several posts<\/a>.<\/p>\n<p>Take it away Brian&hellip;<\/p>\n<h2>So what&rsquo;s the problem?<\/h2>\n<p>Thanks, Ed.<\/p>\n<p>A few months ago one of my coworkers asked if we could determine the pending reboot status of servers in our environment. This is important to know because you will not be able to install updates if the system is pending a reboot from a previous software update. Windows PowerShell is &ldquo;the&rdquo; go-to platform to accomplish any task in the Microsoft universe, so I focused my efforts there.<\/p>\n<h2>The solution journey<\/h2>\n<p>The journey to a solution starts by researching all the avenues a pending reboot is documenting on a system. Furthermore, to be as accurate as possible, I wanted to validate my research by whatever means necessary. After I validate my research, I want to develop reusable code in the form of a function to share with my coworkers and others in the community that may have a similar need. So the birth of <a href=\"http:\/\/gallery.technet.microsoft.com\/scriptcenter\/Get-PendingReboot-Query-bdb79542\" target=\"_blank\">Get-PendingReboot<\/a> began, and you can find it in the TechNet Script Center Repository.<\/p>\n<h2>The research and validation expedition<\/h2>\n<p>The landscape of our environment, like most, is a mixture of Windows versions ranging from Windows Server&nbsp; 2003 to Windows&nbsp;Server 2012. After searching the web and receiving community feedback, I have compiled several methods that are used to determine a system&rsquo;s pending reboot status. The methods are (including links for reference):<\/p>\n<ul>\n<li>Registry: <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc960241.aspx\" target=\"_blank\">PendingFileRenameOperations<\/a><\/li>\n<li>Registry: <a href=\"http:\/\/blogs.msdn.com\/b\/hansr\/archive\/2006\/02\/17\/patchreboot.aspx\" target=\"_blank\">WindowsUpdate\\Auto Update<\/a><\/li>\n<li>Registry: <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc756291(v=WS.10).aspx\" target=\"_blank\">Component-Based Servicing<\/a><\/li>\n<li>WMI: <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/jj902723.aspx\" target=\"_blank\">CCM_ClientUtilities<\/a> (System Center Configuration Manager clients only)<\/li>\n<\/ul>\n<p>At this point, my curiosity was piqued, and I wanted to ensure these locations were indeed accurate. I turned to <a href=\"http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb896645.aspx\" target=\"_blank\">Process Monitor<\/a> to validate my research. I staged an unpatched computer running Windows Server 2003 with SP2, and I captured events as Windows Update was running and installing updates.<\/p>\n<p>Following is a screenshot of the <strong>RegSetValue <\/strong>operation for the <strong>PendingFileRenameOperations<\/strong> multistring value (REG_MULTI_SZ):<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/8372.6-10-13-1.png\"><img decoding=\"async\" title=\"Image of command output\" alt=\"Image of command output\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/8372.6-10-13-1.png\" \/><\/a><\/p>\n<p>I filtered based on <strong>RegSetValue<\/strong> because this was the operation that actually wrote the value to the registry. Here are the values for this particular round of patching:<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/8726.6-10-13-2.png\"><img decoding=\"async\" width=\"400\" height=\"354\" title=\"Image of command output\" alt=\"Image of command output\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/8726.6-10-13-2.png\" \/><\/a><\/p>\n<p>An item worthy of note&hellip;<\/p>\n<p>In <strong>PendingFileRenameOperations<\/strong>, the first item in the first pair, &ldquo;SET21.tmp&rdquo; is renamed to &ldquo;wininet.dll&rdquo; when the server reboots. As you can see, the first line in the pair is the source file and the second line is the destination name. Stated another way, it is moving the file to rename it when the computer reboots, even if the destination file exists. From time-to-time, you&#039;ll also observe a pair with a value present in the first line and a blank line immediately afterward. This indicates that the file will be deleted when the computer reboots. When the system performs the Rename and Delete action, the <strong>PendingFileRenameOperations<\/strong> REG_MULTI_SZ value is cleared.<\/p>\n<p>Next, I performed the same process for <strong>HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Auto Update<\/strong>:<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/0654.6-10-13-3.png\"><img decoding=\"async\" title=\"Image of command output\" alt=\"Image of command output\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/0654.6-10-13-3.png\" \/><\/a><\/p>\n<p>In this screenshot, the <strong>RegCreateKey<\/strong> operation is called to create the <strong>RebootRequired<\/strong> registry key, which signifies that a reboot is required.<\/p>\n<p>Next, I captured events on a computer running Windows Server&nbsp;2008&nbsp;R2 while it was installing a security update that required a reboot. Notice the <strong>HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\RebootPending<\/strong> key. This key will only exist if the system is pending a reboot. The following image illustrates what occurred with the <strong>RebootPending<\/strong> key during the security update installation.<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/6740.6-10-13-4.png\"><img decoding=\"async\" title=\"Image of command output\" alt=\"Image of command output\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/6740.6-10-13-4.png\" \/><\/a><\/p>\n<p>Again, you&rsquo;ll notice that the <strong>RegCreateKey<\/strong> operation calls for the <strong>RebootPending<\/strong> key.<\/p>\n<p>For the fourth method to work, System Center Configuration Manager&nbsp;2012 must be installed on the client. When it&rsquo;s installed, the &lsquo;ROOT\\ccm\\ClientSDK&rsquo; WMI class will be available. This class has a method called <strong>DetermineIfRebootPending<\/strong>. The method name is a dead give-away as to what it does. The following screenshot illustrates what&rsquo;s returned when calling the method on a client running System Center Configuration Manager&nbsp;2012. In my example, notice that the method was called, and it returned a False for <strong>RebootPending<\/strong>. We&rsquo;ll get to the Windows PowerShell code that&rsquo;s used to call this method in my next post.<\/p>\n<p><span style=\"font-size:12px\"><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/8865.6-10-13-5.png\"><img decoding=\"async\" width=\"400\" height=\"250\" title=\"Image of command output\" alt=\"Image of command output\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/8865.6-10-13-5.png\" \/><\/a>&nbsp;<\/span><\/p>\n<p>~Brian<\/p>\n<p>Awesome job, Brian. Way to go, and thanks for contributing to the Windows PowerShell community. Join me tomorrow when Brian will complete his awesome script.<\/p>\n<p>I invite you to follow me on <a href=\"http:\/\/bit.ly\/scriptingguystwitter\" target=\"_blank\">Twitter<\/a> and <a href=\"http:\/\/bit.ly\/scriptingguysfacebook\" target=\"_blank\">Facebook<\/a>. If you have any questions, send email to me at <a href=\"mailto:scripter@microsoft.com\" target=\"_blank\">scripter@microsoft.com<\/a>, or post your questions on the <a href=\"http:\/\/bit.ly\/scriptingforum\" target=\"_blank\">Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.<\/p>\n<p><strong>Ed Wilson, Microsoft Scripting Guy<\/strong><\/p>\n<p><span style=\"font-size:12px\">&nbsp;<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary: Guest blogger, Brian Wilhite, talks about using Windows PowerShell to determine pending reboot status. Microsoft Scripting Guy, Ed Wilson, is here. Today we have the first of a two-part series about using Windows PowerShell to determine if a reboot is pending. Brian Wilhite, the writer, is no stranger to readers of the Hey, Scripting [&hellip;]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[327,56,31,3,45],"class_list":["post-3426","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-brian-wilhite","tag-guest-blogger","tag-operating-system","tag-scripting-guy","tag-windows-powershell"],"acf":[],"blog_post_summary":"<p>Summary: Guest blogger, Brian Wilhite, talks about using Windows PowerShell to determine pending reboot status. Microsoft Scripting Guy, Ed Wilson, is here. Today we have the first of a two-part series about using Windows PowerShell to determine if a reboot is pending. Brian Wilhite, the writer, is no stranger to readers of the Hey, Scripting [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/3426","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=3426"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/3426\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=3426"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=3426"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=3426"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}