How to create a live update policy
Created: 06 Oct 2012 | 9 comments
Hello,
I have symantec endpoint protection manager12.1.100in which i have created many groups. now i want to create a sepearate live update policy for one of the group to schedule it for getting updates on a specified time. Can you just help me out woth this??
Also, can you please let me know the difference between shared and non-shared policies ?
Regarsd,
Anish
Discussion Filed Under:
Comments 9 Comments • Jump to latest comment
open a sepm console, click on policy tab, create a new LU policy and configure it according to your requirement.
shared policy means the policy is shared by more than 1 group
non shared policy it is only policy used by the specific group.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Find the attach thread
https://www-secure.symantec.com/connect/forums/system-running-slow
Hope it can help you
Hi,
About shared and non-shared policies
Configuring a LiveUpdate Settings policy
http://www.symantec.com/business/support/index?page=content&id=HOWTO27359
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Hi,
Thanks for the Post.
Please let me know the difference between the following two methods of creating Live update policies for a specific group.
1st Method :- Click on clients, go to group , within that group, go to policies tab, Click on LiveUpdate settings policy , edit settings , server settings , checking both the 'use the management server' and 'use a live update server'-'use the default Symantec live update server' and then on 'schedule' tab, changing the schedule time as per our convenience.
2nd Method:- Click on Policies, go to live update , Add new policy , server settings , checking both the 'use the management server' and 'use a live update server'-'use the default Symantec live update server' and then on 'schedule' tab, changing the schedule time as per our convenience. Also, to understand the group for which we want to make the changes, mentioning the group update provider for that group.
Iam confused with this two methods of scheduling Live update policy settings. Does this both ways have the same effect ?
Regards,
Anish
HI,
Check this artical
Symantec Endpoint Protection Manager 12.1 - LiveUpdate - Policies explained
http://www.symantec.com/business/support/index?page=content&id=TECH178257
Setting
Description
Internal or External LiveUpdate Server
Select one of the following options:
• Use the default management server
Downloads the content updates from the Symantec Endpoint Protection Manager. This option is recommended for most organizations. The option is the simplest and requires no configuration other than applying the policy to a group. Select this option if you use a Group Update Provider.
• Use a LiveUpdate server
Downloads the content updates from either the default Symantec LiveUpdate server over the Internet, or from an internal LiveUpdate server. You can specify multiple internal LiveUpdate servers for failover support.
If you enable both options, clients try to retrieve updates from both sources. You typically do not enable both options unless you have a specific reason. If the server provides named update versions to clients, and the clients have previously downloaded the latest updates from a LiveUpdate server, the clients do not download and install the named (previous) versions.
Group Update Provider (GUP)
Use one or more Group Update Providers
Specifies one or more computers to act as a LiveUpdate server for the group. For example, you might want to create a Group Update Provider to conserve bandwidth to clients in a remote location over a slow link. In this scenario, the Group Update Provider downloads the latest updates from the server. The Group Update Provider then updates the clients in the group. If the Group Update Provider is offline, the clients contact the server for the updates.
The Group Update Provider can reside in any group.
Note: The Group Update Provider is available only for Windows clients.
Third Party Management (TPM)
Enable third-party content management
Enables third-party tools such as Microsoft SMS to provide updates to client computers securely.
To use this feature, you must set up the Symantec Endpoint Protection Manager to use as a staging server for content. This staging server does not require that the clients be connected to it. Configure the server to download updates on a periodic schedule. If you use continuous, the server downloads the latest updates when they are posted.
By default, the updates appear in the Default group's clients' content outbox folders. These folders are organized by content type. You can then pick up one or more content packages from the content outbox folder and deliver it to the client's inbox folder.
To ensure that only third-party management tools update client computers, disable the other LiveUpdate server options on this page.
Note: Third-party content management settings are applied to Windows clients only.
LiveUpdate Proxy Configuration
Configure a proxy server to use for LiveUpdate from the default Symantec LiveUpdate server or from a specified internal LiveUpdate server.
This proxy server is used only for LiveUpdate and not for any other external communications.
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
when you performed the first method, the policy you've created is only effective within that group and no other group/s can enherited that policy. but when you performed the second method, the policy you've created will be effective to your assigned group/s. this policy can be enherited and effective to any of your group if they were assigned.
hopefully helps..
did the above threads answered your question?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hello,
In SEPM, go to clients--> highlight corresponding group---->policies click on the liveupdate policy which you want to make as non-share policy, it will promt three options, select create a non-shared policy. Then, it will open the policy edit window, do the required changes and click ok.
The new non-shared policy will be assigned to that group. This policy cannot be assigned to any other group. If you want the same non-shared policy in other group, you have to do the same procedure there also.
OR
In SEPM go to Policies tab, create the Liveupdate policy, right click assign to required group.
You can also assign a policy from clients-->corresponding group---->polices tab also. For this click on task and go for replace policy.
Check these Articles:
Symantec Endpoint Protection Manager 12.1 - LiveUpdate - Policies explained
http://www.symantec.com/docs/TECH178257
About shared and non-shared policies http://www.symantec.com/docs/HOWTO55183
Performing tasks that are common to all security policies
http://www.symantec.com/docs/HOWTO55049
Hope that helps!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
HI,
have you received your answer ?
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Would you like to reply?
Login or Register to post your comment.