Client Management Suite

Is it possible to deliver software through the managed software delivery functionality without performing an compliance check?

Each time I create a managed software delivery policy that I want to schedule, the agent comes up with "not compliant" and doesn't install my package. It doesn't matter what kind of software package I use and/or create.

I've read this but I can't figure out how to do this using for example the managed delivery wizard because each time I schedule a delivery it comes up with "not compliant".

In its simplest form, Managed Software Delivery delivers a single software resource with
its associated package and command line. It downloads the software and installs it on the
managed computer according to a defined schedule. It does not perform a compliance
check and it always considers the computer to be compliant.

If your Software Resource(s) within the Managed Software Delivery policy have no Detection Rules, there is no "compliance check."  (Even if there is a detection rule, you can override this by adding the Software Resource(s) to the Managed Software Delivery, then selecting a software resource under Policy Rules/Actions under the Software tab and unchecking the box 'Perform software compliance check using.')

When no compliance check occurs, they are always "out of compliance" and your remediation steps will always run.

Does this help?  If not, can you provide specific details on your software program, schedule, target, compliance settings for the Software Resource and compliance settings within the MSD, and what your remediation action is?

Well the strange thing is that if I check the compliance settings, the box is grey which means that I cannot select the box, but the checkbox is not checked by the way. And it shows in the color red: a detection rule is not defined for the software resource.

On the Rules tab I haven't a detection rule or a applicability rule selected.

It even happens when I create a batch file which just simply needs to copy a file. If I add this batch file in the software catalog and create a managed software delivery policy the agent still comes up with "not compliant"

Not compliant is correct because there is no compliance check to perform.  Is your Install command 'Custom' for the Software Resource?  If so, change it to Install -- you can use the same command line, just don't use Custom, which has known issues.

Does this help?

Hi,

Let me explain what I really want and was working perfectly in NS 6.

I'm using altiris mainly for software deployment. The packages that I deploy are packages with customized software for our customers. These customers are alle outside the office, so the package approx 20 mb needs to be downloaded. So I'm not managing clients with their microsoft products.

The only thing that I want to do is deploying my package (.exe) to my customers and install the package on a scheduled time, the package should be downloaded before the scheduled time.

I thought that the Quick task was working  perfect for this but the package isn't downloaded before the scheduled run time. Also the user can't be notified with the task because the package isn't downloaded yet.

So it looks like I have to use the Managed software delivery policy to deploy my packages. But when I do that the agent says "not compliant", I know I haven't have a compliance check and I sure don't need one. But when the agent says "not compliant" the package is not going to be installed.

Do you have some advice how to handle? I hope you understand my problem.

If your remediation is to Remediate now, and compliance is Not compliant, it will install the software resource.  But you are saying that the install is not being attempted.  What do you see within the Symantec Management Agent for this software resource?  A screenshot or retyping of the Software Resource as viewed within the SMA (the line which says "Not compliant" or "Not found") is the screen I'm wondering about.

If you can't handle a download at the scheduled time, I would recommend a sequential job which runs a Copy File task, and, upon success, runs a task to execute the .exe at the scheduled time.  The execute task only occurs if the Copy File has succeeded.

Hi,

If I change the command type of the package to "custom" then the agent says it is "compliant". If I change it back to "install" then the agent says "not compliant"

And in both scenarios the package is not downloaded and doesn't start the package. I Know that if my remediation is on immediately than the package is going to run right away but it is very important that my package is going to run at night.

Here are the screenshots:

(By the way you can't see the scheduled time on the screenshot, but is has a scheduled time)

Thanks for looking into this matter :)

What schedule are you using?

There seems to be a problem with your Managed Software Delivery.  The only task being performed is a Detection check, but there is no Download package or Execute install command task listed.  These should be listed even if a compliance check has never started.

Do you have Remediation set to 'Don't run remediation' in the Managed Software Delivery remediation settings, either for the entire MSD policy or the specific software resource?  This will cause only the detection check to appear (as you can see in your screenshot) and will not process a download or install command.

The difference between custom and install is a result of the bug I explained with custom, so you are correct to use install.

Check on the NS the managed delivery task, it must have all the components as mclemson said above, if not probably you did a left turn around the way.

Sorry i dont have access to my console atm to point you to the exact path, but you can go to Manage -> Policies and search for Managed Delivery, yours should be there.

Thanks guys I will test it soon as possible, I will let you know the results or If I find some issues.

Well, the reason I have the 'Don't run remediation' is because it is very important that package will only be started at the scheduled time.

My customers are retailers and this package can only run at night. So I Think its strange when my package isn't compliant the package will not install at the scheduled time but you have to select a remediation action.

So what is the use of my scheduled time, cause altiris isn't doing anything with my scheduled run time because of the remediation action you have to perform.

I just need my .exe package to be downloaded and installed at the scheduled time, but also need the package to be downloaded before the scheduled time.

Do you guys see any Possibilities?

If you don't run remediation, you'll get exactly your scenario.  The only result is a compliance report -- you'll never get beyond the detection check.

What if you run a Quick Delivery (to deliver the resource) with a fake command (so that it doesn't install anything), then follow up with your Managed Software Delivery with the real settings, to remediate either at a specific time (e.g. daily at 2 a.m.) or during a maintenance window.  The files will already be downloaded by the Quick Delivery (certainly if you specify them to execute locally) so that they're there when the Managed Software Delivery occurs.

7.1 allows you to define separate download and execution schedules.

Great, hope that will solve my issue. Is 7.1 already available? Or can you just upgrade from the installation manager?

Beta was just released last week.  Production is estimated for March 2011.  That makes the typical window between March and June 2011.

OK thanks,

I have one last question and than I will leave you alone :) , from what I have read you need to install 7.1 on a windows 2008 server.

I have 7.0 running on a 2003 server, how can you upgrade then? That means that I have to install a windows 2008 server first and after this you can migrate or something?

You'll want to read up on 7.1, primarily in the 7.1 beta threads.  But yes, this is only supported on 64-bit Server 2008 and Server 2008 R2.  You'll also have support for SQL 2008, but some features don't work on SQL 2008 R2 as of beta release.

Please be sure to mark a post as the solution if I was able to help you.

It sounds like you've got the right pieces, just a little settings problem.

Disclaimer:
From what I gather from the thread, you have software you want to install without using any compliance checking. However, I don't know how a policy behaves when no compliance rules are set. I assume (hope) it will execute once and not again as default behavior for policies without a detection. Absolute worst case is that the policy will run at every instance, see no detection check to stop it from installing, and continue to install again and again. I doubt that's the case but stranger things have happened. Personally, I do like to use detection/applicability checks to verify the install was successful (or whether to install at all) and to perform self-remediation if necessary. It helps with reporting and doesn't interfere with scheduled installs or anything else I've found.
End Disclaimer

Now, managed software delivery steps that have worked for me:

1. Create the software resource completely including install command lines, any detection/applicability checks needed, etc.
2. Create a software delivery policy that includes the software resource, defines appropriate targets for the policy, and sets a policy schedule. Here is where it sounded like the settings were in question.
    a. The policy can define one or more delivery schedules. This is where you restrict install times, not the remediation setting. Set the window to only allow installs at night (8PM-6AM or whatever you prefer).
    b. Make sure remediation is on. This allows the policy to actually download and run the install.

I believe the policy should go out and download to the machine immediately. (If that isn't the case, it downloads at the first attempt to run the policy.) The install will wait to execute until the time you set in the schedule.

Hope that helps.

I'm looking at a 7.1 beta just now. It has a schedule for compliance and then a choice of when to run remediation.

So to only check compliance once for the first install you just choose no repeat on the compliance check.