Video Screencast Help

Managed Delivery Policies Best Practices

Created: 25 Mar 2011 • Updated: 25 Mar 2011 | 5 comments

I was wondering what the best practice is for creating managed delivery policies. I want software to install right away on new machines but only check once a day after that. I find that every now and then the management agent can bog down the client computer while it runs through all it's compliance checks.

In 6 I used to use run once ASAP and then remove option a bunch. This doesn't really exist in the new release.

Comments 5 CommentsJump to latest comment

mclemson's picture

The best practice would be to use a Quick Delivery Task to deliver the software to that machine.  You could create a Client Job that chains together these various Quick Delivery Tasks, reboots, scripts, registry fixes, group policy updates, etc. to ensure a system is fully up-to-date post-imaging and before delivering to the user.

Also this is a fine read on managed software deliveries:
https://www-secure.symantec.com/connect/articles/symantec-software-management-70-best-practices

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com

noodleNT's picture

Quick Delivery Tasks do not update based on a filter. So say I run a Quick Delivery Task to pin some items to a users taskbar for all Windows 7 machines. If I then manage a new Windows 7 machine, I have to remember to run this task again. Worthless in my opionion.

DustinW's picture

I'm in the same boat as you, noodleNT, and I agree that Quick Delivery Tasks simply do not cut it when what we are looking for is complete automation. Out of curiosity, how many managed delivery policies does it take to bog down your clients with compliance checks? I've just begun manual migration from 6 to 7.1, and I don't see the slowdown you're referring to - yet - and I'm running my compliance checks hourly. Perhaps set them at two-hour intervals, and stagger them so that they don't all run at once?

mclemson's picture

I'd certainly vote for a 'Force Update' feature which does the following:

  • Immediately process all Managed Software Deliveries (check, download, install)
  • Immediately process patch inventory and then patch, then reboot, and repeat this process until no patches are available (though it would have to handle an infinite loop if a patch fails install repeatedly)
  • Immediately process Full or Delta inventories, Software or Hardware (administrator would define this and the above settings in a task)

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com

Wallo's picture

In Version 6 you could execute policies via the command line as long as you knew the GUID of the policy.

I believe you can still do this in 7.X, but I've not tested it myself.  Maybe check into that?  You could then create a job in Deployment Solution that executes after the image is loaded on which pushes out the NS agent then executes the tasks/policies one after the other?