2 min read

ConfigMgr - CI/CB Disable Fast Startup

ConfigMgr - CI/CB Disable Fast Startup

This might be an "oldie/goldie" that you think that most admins know of today, but i'd thought i would write it down anyway, to get it bumped.


Why?

To avoid PC's not being patched because a user think that they are shutting down their PC when they go home, and patches should install when it's asking for a reboot, but they are not, why?

The Fast Startup feature in Windows 10 allows your computer start up faster after a shutdown. When you shut down your computer, Fast Startup will put your computer into a hibernation state instead of a full shutdown. Fast Startup is enabled by default if your computer is capable of hibernation.

Because "Fast Start Up" only hibernates the PC on shutdowns, the only way to apply patches is by using "Restart". But, if you disable this function, patches will be applied even with a shutdown/power on.

You can read more about this here:

Updates may not install with Fast Startup in Windows 10 - Windows Client
Describes that the Fast Startup feature may impede the installation of certain Windows 10 updates.

If you want to disable this (and you should) you can use a Configuration Item / Baseline to have the RegValue created, changed and controlled.

I have it setup like this:

Configuration Item

General Information
Name Setting Type Data Type
HiberbootEnable Value Registry value Integer
Registry value to assess
Hive Name Key Name Value Name
HKLM HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power HiberbootEnabled
Compliance Rules
Name Condition Severity Remediate
HiberbootEnabled -eq 0 Equals 0 Information Yes
HiberbootEnabled Exist Must Exist Information Yes

Configuration Baseline

General

Name Description
Registry - Disable - FastStartup Changes RegValue to disable "Fast Startup funcionallity"
Always Apply this baseline Evaluate as part of compliance pol assessment
Unchecked Unchecked

Evaluation Condition

Add the ConfigurationItem created earlier

Configuration Baseline Deployment

  • Remediate noncompliant rules when supported - CHECKED
  • Allow remediation outside the maintenance window - CHECKED

Otherwise setup the deployment as you prefer.