About Pre-Actions and Post-Actions

You can add actions that you want to execute on the assets for the Windows deployment job type. You can run scripts or install software on assets before or after the patches are installed using actions. You can add actions to determine the version of the software, install the software before the latest patch can be applied, and so on.

You can add two types of actions:

- Pre-Action: Action that you want to execute before the job starts.

- Post-Action: Action that you want to execute after the job is complete.

Consider this!

- You can only add actions for a Windows deployment job type.

- You can only add actions on assets that have Windows Cloud Agent version or later.

- You can add a maximum of 5 pre-actions and 5 post-actions each for a job.

- You can run a job to only execute one or more actions without adding any patches to the job.

- If one action fails, the other actions continue to execute.

- The script size cannot exceed 20 KB, and the script length must not be more than 20480 characters, including spaces. The script beyond 20480 characters will be truncated.

- Success or failure of action execution does not impact the patches that are part of the job. Installation of all patches in a job is attempted.

- The run time for each action cannot exceed 2 minutes. After 2 minutes, if the action is not completed, the next action will be executed.

- Only one reboot request is honored for one job. If the pre-actions require a reboot, the reboot will happen only after the patches are installed. Post-actions might be executed after the reboot.

- We strongly recommend not to use a force reboot in the script. Since Patch Management only allows one reboot for one job; this can cause the job to go into a reboot loop.

- You can view details for each action using the Job Progress option after the job is executed. For more information, see Viewing Action Details.

- Currently, the Job Progress report does not include action results.

- For the Install Software action type, ensure that you provide the SHA256 based checksum of the download file.

- The scripts that you provide will be sent in the base64 encoded format.

- Only Powershell scripts are supported. We recommend that you use signed scripts.

- You can use publicly available methods, such as certUtil, to generate SHA256 for a file. For example, you can run the following command in your command prompt:   certUtil -hashfile "<<filename>>" SHA256.

  Utility Example

- For the Install Software action type, ensure that the script that you add contains the code to deploy the binary.

- The detection script acts as a pre-check for the Install Software action type. The detection script is not mandatory, and if you don't enter the detection script, the install script action will be executed directly. If the detection script fails, the install software action will not be executed.

Note: Patch Management does not perform any validation and executes any script that is provided by you. We recommend that you exercise caution with the scripts that you run.

Types of Actions

You can add two types of actions, install software and run a script.

The install software action requires you to provide the download URL, SHA256 based Checksum/Hash of the downloaded file, and the Install script.

Install Software

For a Run Script action, you must provide the script name and the custom script that you want to run.

Run Script

Example: To detect if the Notepad++ version 8.1.2 can be installed

This sample script detects if the software is installed or not. If the code returned is 0, the software can be installed, and if the code returned is 1, installation is not required.

Return Code:

- Success: 0

- Failure: 1

Notepad++ version

Example: To install the Notepad++ version 8.1.2

This sample script demonstrates the installation of software. If the code returned is 0, the software is installed successfully, and if the code returned is 1, the installation fails.

Return Code:

- Success: 0

- Failure: 1

Install Notepad ++

Example: Custom script to create array of text files

This sample script checks whether a specific file (pc.txt) already exists in a particular folder; if not, it generates a list of all AD computers and saves it to a new file named pc.txt. It returns 0 if the file does not exist and the latest AD computer list is saved and returns 1 if the file already exists.

Return Code:

- Success: 0

- Failure: 1

Custome script

Managing Patch Jobs for Windows Assets