Systems Management Question

Patching laptops out of office

03/14/2018 1585 views
I'm wondering how people manage patching on laptops that are often out of the office. We've got KACE patching our desktops and laptops, and it's working well. We've got a Group Policy to disable Windows Updates, but when laptops are out of the office, they're not getting updates from KACE or Microsoft. We'd like laptops to be able to detect when there's no connection to KACE to use Windows Updates instead, but we're not sure how to do this (or if it's reasonably possible). 

I tried setting up a Group Policy to disable Windws Updates if the KACE server can be pinged (using WMI a filter), and another one to enable Windows Updates if KACE can't be pinged. I found out with a bit of testing outside the network Group Policies don't get updated when a Domain Controller can't be contacted (no surprise there, but it was worth testing).

Right now I'm thinking of exporting the registry setting for on-network and off-network computers from

Then creating an Offline KScript which will import the correct settings based on whether KACE can be pinged or not. This seems like a bad hack, but I'm not sure how else to manage this.

What are other business doing to handle this issue?

(Side question: do Offline KScripts run later if the computer is off at the scheduled time? I don't see that explicit option for Offline KScripts.)

2 Comments   [ + ] Show comments


  • Just a suggestion does this laptop have a VPN connection back to the office? If not, is there another secure way to always have the laptops connect to Kace while inthe office or out?

    I think somehow having Kace available even while not on site, in a secure way would be useful. What do others do in such a case?
    • I would be careful with this, but check:



      • We briefly discussed allowing access to the K1000 over the Internet, but none of us on the team liked the idea.
    • Some of the laptops have VPN access, but not all of them need it, so we don't have the client installed on all of them. We don't want to give VPN access to people who don't have a need.
  • We have agent communication enabled from the Internet. We also allow access to the User Portal from the Internet (we use the Service Desk). However, we require VPN connection for the admin login. We have not had any serious problems with this configuration.

Be the first to answer this question

This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ