Having the ability to temporarily (initiated via Quick Task, an action within a bundle, a credentialed zac command, or as a pre or post patch policy enforcement action) that allows a system to bypass PBA for x number of reboots or y minutes.
Any update requiring a reboot of the remote system would benefit - think Windows Patching. If a patch cycle requires multiple reboots a device will sit at the PBA after the first restart until the user logs in the next morning. Additionally, restarting a system prior to applying patches helps to clear out any pending system restarts to minimize the risk of MSI 1603 errors, but today restarting prior to patching the system would result in patching not actually occurring until the next morning when the user is trying to log in and do work.


  • Oh, also, would need to provide a mechanism to cancel out the remaining unused x reboots or y minutes. For example, as a patch administrator I know some devices will need to reboot twice, but others may need to reboot three times. I create a pre-enforcement action to "Enable PBA Bypass" for, say, an intentionally unrealistic (for the sake of the example) 10 hours. 5 hours later I'm certain that all patching has been completed and I'd like to be able to run a Quick Task, zac command, bundle, etc that would let me cancel out of the remaining time and return to normal.

  • This idea has been out there a while and hasn't gained any traction. Is this really not a big deal for anyone else?

  • Useful Feature.