Symantec Management Platform (Notification Server)

Hello,

I am new to Altiris dministration and we just launched ver 7.0.  Im creating a managed software delivery policy and Im a little confused on scheduling.  I basically want the compliance check to take place when the PC gets the policy so that in the event it fails compliance, it downloads the software locally.  I then want the remediation to take place the next time the computer restarts or the user logs in.  The see the scheduling for the compliance check but only see the three options for remediation (immediately, at next maintenance... and dont run....).

The software Im installing needs to have everything basically closed.  And we have a lot of travelers so software needs to be local so if the next time they log in, it still installs even if not connected to the network.

So, basically how do I configure remediation to run during startup or login?

Thanks in advance!

The ability to 1) run a compliance check, 2) download if failed and 3) remediate at a scheduled time only if the files are already downloaded is not available until the upcoming 7.1 release.  Currently, you can only 1) run a compliance check and 2) launch the download and remediate sequence at the scheduled time (immediately, at next maintenance window, or don't run).

If you want to download at one time and install at another, you'll be looking at the 7.1 release.  A workaround could be downloading all files and launching with a .vbs that prompts for reboot, or a task that asks for a reboot, and once the user allows the reboot and logs back in, the install continues (with all files closed).

Does this help?

Thanks for the response and thats bad news.  Totally lowers my expectations of the product.  Seems like that would be something simple to put into place.  Ill have to work out a different solution.  Nothing like having to apply a workaround to get my first two software delivery methods workingl.

Is there anyway to run the compliance check so that it downloads the files.  Then I can set the Remidiation not to run.  I can then create a job or task that runs at startup\login, that runs the install locally?  All the scheduling Im seeing is based a time.  Compliance check is the only thing that I can see that configured with the startup\login options.

When we went to v7 from v6 we also found this behaviour.

What we do now for things where we want to deliver the files first and then Install later is use a cache command (this is not simple ). Basically the Remediation still runs, but it delivers the files, then a 2nd remediation at a later time installs the app. so:

1. Set up your software release for the product
2. Set up an install command like this (as well as the one you want to run at the end), which will basically do nothing C:\windows\system32\cmd.exe /c  @echo "cache this"
3. Set up the detection rule to be checking the existence of the downloaded cache (C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery\{PKGGUID}\Cache)
4. Create the managed delivery policy with this package and cache rule and the cache remediation to occur when you want the download to happen
5. When you are ready to "flick the switch" you edit the detection rule (each release can only have one) to be the real detection for the software being installed, and change the remediation command, and edit the schedule of the policy to be when you want it to go to. 

We spoke to a few people at Symantec about this change in behaviour, and a lot of customers pushed so that the feature is back in 7.1. And the config in 7.1 is a LOT easier.

Also your point about scheduling at login/startup is also true, as far as I can find you cannot schedule a task/job for login or startup. Push this feedback to your TAM and maybe it will come about in a future release

Thanks for all your help. I understand Triggers explanation but it doesnt sound like it would install something whe the computer turns on but here is what I did.  Let me know what you think. I created the package and the policy.  There are two scripts built into the package.  When the compliance runs and fails, it downloads the software but then what the remediation does instead of installing, it runs the first script that adds a registry entry to

HKEY_Local_Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

pointing to the local install cache.  What this does is the next time the computer restarts, it kicks off the install from the local package cache regardless if the computer is on the network or not.  I only tested on one but it appears to work fine.

A couple of things that arent so great.

Since the complaince check isnt really kicking off the actual install the altiris agent says its out of compliance unless I set the compliance on a schedule.  The next day it will say its compliant.

And Im thinking I'm not going to get the greatest software execution report because execution is going to based on the script doing the registry change.  With Windows actually doing the install, Im going to have to base my results on inventory probably.

Thoughts?

Using the runonce key is a good idea, the only possible downside I can see is that this runs when the next user logs in and as that user, so if you are doing an installation the users account needs rights to do the install.

The compliance/reporting will one to live with till 7.1 is done. Was going through it yesterday and it looks like it would be able to do what we are both trying to do without "fudges"

One with the dummy command line, can use the "normal" detection rule, set to run ASAP (Scheduled time > 00:00 > No repeat).

The second MSD has the wanted parameters and should run even if off the network as the Package is already cached.

I know this is an old thread, but 7.1 SP1 was released late in May, so give it a go...unfortunately 7.1 requires a 2008 R2 (x64) server, so you'll be building a new box...but there is a LOT of documentation available here on Connect and in the KB on how to do so.  7.0 -> 7.1 is a much easier conversion than 6.x -> 7.1 (which is of course the boat I'll be in when we finally upgrade!)