Scheduled maintenance windows work brilliantly - when devices are actually available. But reality is messier. Machines get powered off. Network connections fail. Laptops go home with users. Kiosks lose internet at remote sites.
What happens when a device misses its maintenance window? Does it stay unpatched indefinitely? Does protection fail? Does it cause problems when it finally reconnects?
These are practical concerns for any IT team managing distributed devices. This guide explains exactly what happens when devices are offline during updates, how they catch up when they reconnect, and how to ensure your fleet stays compliant despite inevitable connectivity gaps.
Offline Scenarios Explained
Let's walk through the common scenarios where devices miss their maintenance windows:
Scenario 1: Device is powered off
What happens: The maintenance window arrives, but the device is completely off. No power means no thaw, no updates, no activity. The window opens and closes with the device unchanged.
Device state: Remains frozen with its existing baseline. Still protected by Deep Freeze. No updates applied.
When powered on: Device boots normally, still frozen, still protected. It will update during the next maintenance window it's available for.
Scenario 2: Device has no internet connection
What happens: The device is on, but can't reach Faronics Cloud or Windows Update servers. The agent can't receive the signal to thaw, or it thaws but updates can't download.
Device state: If it couldn't receive the thaw command, it remains frozen. If it thawed but couldn't download updates, it refreezes unchanged when the window closes.
When connectivity returns: Device checks in with Faronics Cloud, receives any pending configuration, and updates during the next available maintenance window.
Scenario 3: Device is in sleep or hibernate mode
What happens: This depends on your Wake-on-LAN configuration and whether the device can be woken remotely.
• With Wake-on-LAN configured: The device can be woken for maintenance, updates apply normally
• Sleep mode without WoL: Device may wake on its own during the window (depending on power settings) or miss the window
• Hibernate: Similar to powered off - won't wake automatically for maintenance
Scenario 4: Laptop is travelling or at home
What happens: Device is on and connected, just not on your network. As long as it has internet access, maintenance can proceed normally - Faronics Cloud works over the internet, not just your local network.
The exception: If you're using WSUS for update distribution and the laptop can't reach WSUS, it may thaw but not receive updates from your internal server. It would need to reach Windows Update directly or wait until it's back on-network.
What Happens When Devices Reconnect
When an offline device comes back online, here's the sequence:
1. Agent checks in with Faronics Cloud. The Faronics Cloud agent establishes connection and reports its current status - frozen state, last maintenance, current configuration. This happens automatically within minutes of connectivity being restored.
2. Configuration synchronises. If any policy changes were made while the device was offline, it receives those updates. The device's configuration aligns with whatever policies currently apply to its group.
3. Device waits for next maintenance window. The device doesn't immediately thaw and update just because it missed a window. It waits for the next scheduled maintenance window. This is intentional - you scheduled maintenance at specific times for a reason; random mid-day updates would be disruptive.
4. Updates apply during next window. When the next maintenance window arrives, the device thaws, downloads and installs pending updates, reboots as needed, and refreezes with the updated baseline.
Catch-up considerations:
• If the device missed one window: Normal update cycle, perhaps slightly more updates than usual
• If the device missed several windows: More updates accumulated; may need longer window
• If the device was offline for months: Significant update backlog; consider extending maintenance window or manually triggering a longer thaw
When manual intervention helps. For devices returning from extended offline periods, you can:
• Manually trigger a thaw from Faronics Cloud console
• Allow a longer-than-normal period for updates
• Verify updates completed before refreezing
• Refreeze when satisfied the device is current
This proactive approach gets devices current faster than waiting for scheduled windows.
Ensuring Update Compliance Across Your Fleet
Some devices will inevitably miss maintenance windows. Here's how to maintain overall compliance:
Identify devices that consistently miss windows. Faronics Cloud shows when devices last checked in and their current state. Look for patterns:
• Devices that haven't checked in for days
• Devices that are always offline during maintenance windows
• Devices with repeated failed maintenance attempts
These need investigation - is there a power management issue? Network problem? User behaviour pattern?
Adjust schedules for problem devices. If certain devices consistently miss 2 AM maintenance windows because users shut them down at night, consider:
• Moving them to a different schedule (lunch hour, early evening)
• Changing power management to sleep instead of shutdown
• Configuring Wake-on-LAN
• Communicating with users about leaving machines available
Consider multiple maintenance windows per week. If Tuesday's window is missed, Thursday's catches it. Weekly schedules with redundancy:
• Primary window: Tuesday 2:00 AM
• Backup window: Saturday 3:00 AM
Devices that miss Tuesday update Saturday instead.
Regular compliance reporting. Periodically review:
• What percentage of devices completed their last maintenance window?
• Which devices haven't updated in more than one cycle?
• Are there locations or device groups with consistently lower compliance?
• What's the trend over time - improving or declining?
Set acceptable thresholds. 100% compliance every cycle is unrealistic. Decide what's acceptable:
• Target: 95% of devices updated within two weeks of patches
• Escalation: Devices not updated within 30 days get manual attention
• Exception process: Document legitimate reasons for extended delays
Account for seasonal patterns. School holidays mean devices sit unused. Summer brings laptop travel. Plan for:
• Devices that will be offline during breaks
• Catch-up maintenance when devices return
• Extended windows at the start of new terms/seasons
Preventing Devices from Being Offline During Updates
Prevention is better than remediation. Here's how to maximise devices being available:
Configure sleep instead of shutdown. Via Group Policy or local settings, configure devices to sleep when users "turn off" the computer. Sleeping devices can be woken for maintenance; shutdown devices cannot.
Enable Wake-on-LAN. Configure BIOS/UEFI and Windows to allow Wake-on-LAN. Before maintenance windows, send wake packets to ensure devices are powered on. This requires network infrastructure support but solves the powered-off problem.
Schedule maintenance during on-hours for problem devices. If after-hours maintenance consistently fails because devices are off, consider brief maintenance windows during guaranteed-on times - lunch breaks, slow periods, scheduled downtime.
Communicate with users. "Please leave your computer on Tuesday nights for updates" is simple and often effective. Users who understand why are more likely to cooperate.
For always-on devices, ensure connectivity. Kiosks, servers, and 24/7 workstations should have reliable network connections. Monitor for connectivity issues that might prevent updates.
Frequently Asked Questions
Does a device become unprotected if it misses updates?
No. Deep Freeze protection continues regardless of update status. The device remains frozen with its existing baseline. It's running older software, but it's not unprotected - any malware or changes would still be wiped on reboot. Missing updates is a security concern, but it's not an immediate vulnerability.
Will the device try to update immediately when it comes back online?
No. The device waits for its next scheduled maintenance window. This prevents unexpected mid-day updates. If you want immediate updates, manually trigger a thaw from the Faronics Cloud console.
Can I force an update on a device that keeps missing windows?
Yes. From Faronics Cloud, you can manually trigger a thaw, allowing updates to install immediately rather than waiting for scheduled maintenance. Useful for persistently problematic devices or urgent security patches.
How do I know which devices missed their maintenance window?
Faronics Cloud shows device status including last check-in, current freeze state, and maintenance history. Devices that were offline during their scheduled window will show as not having completed maintenance. Review these regularly to identify patterns.
The Bottom Line: Offline Isn't Unprotected
Devices that miss their maintenance windows aren't broken or vulnerable - they're simply running an older baseline until they can update. Deep Freeze protection continues. When they reconnect and reach their next maintenance window, updates apply normally.
Your job is managing the exceptions: identifying devices that consistently miss windows, adjusting schedules or power settings, and ensuring extended-offline devices get proper catch-up maintenance. With proactive monitoring and sensible policies, you can maintain high update compliance even in distributed environments with imperfect connectivity.
Ready to Manage Updates Across Your Fleet?
Try Faronics Cloud free for 30 days. See how scheduled maintenance and device visibility work together.
