Client Management Suite

I have spent the past two days wrapping my head around the changes in Software Delivery/Managed Software Delivery (6.x/7.1) when it comes to installing software on clients.  I think with a little more testing I'll like the new way of performing software delivery.  However I have ran into some fundamental problems that I simply can't seem to find an answer for and I am hoping someone can help or point me in the right direction on these issues.

Issue 1 - Running utilities/scripts

I often found myself using 6.9 Software Delivery to run utilities/scripts on computers.  Example utilities/scripts might be an exe (created with Wise Script) to perform some work on a computer (i.e. migrate printers, configure registry settings, uninstall software, cleanup after a virus/worm outbreak, etc.).  Obviously these are utilities, not software.  Using Managed Software Delivery to perform this seems odd, as there is no software being delivered, and seems backwards to import these utilities into the Software Catalog.  What are people doing to run utilities on nodes in 7.1?  Obviously there is Quick Delivery/Tasks but I have found issues with using these mechanisms around scheduling (i.e. knowing when the computer will be available) similar to the issue I am having with Managed Software Delivery scheduling (see Issue 2 - Scheduling issues).

Issue 2 - Scheduling issues

In 6.9 Software Delivery we had "Run As Soon As Possible after the scheduled time."  7.1 is missing this, and without this feature I don't know how I can reliably deploy software.  In my 9000 node environment, a health care system, I have computers that could be: 1) only on at night, 2) only on during the day, 3) desktops and laptops that can often be in a low power state (S3/S4) at any time due to utilizing power management to save on energy consumption.  If I want to deliver software to all my computers (and I want to avoid using WOL), how can I reliably setup a schedule (compliance schedule)?  I have tried using various schedules including Schedule Windows and what I have found is that if a computer misses (because it's in a low power state, turned off, etc.) a schedule or the start of a Schedule Window, it simply reschedules it for the next scheduled time or start of next scheduled window.  So if I have a computer that is only on from for example 2AM - 6AM, unless I have a Scheduled time in that time period, the software will never install on that computer.  Am I missing something?  If I had "Run As Soon As Possible after the scheduled time" I wouldn't be running into this issue.  What is the purpose of a Schedule Window if it only uses the Start of the window to do anything?  I have tried using the "During window, check every:" option, which helps address part of the problem, but I have found that if I don't have a valid "compliance check" defined, the software delivery job runs multiple times during the Schedule Window (I was hoping it would only run once per Schedule Window).  It seems odd to me that Symantec had removed Run As Soon As Possible... from Software Delivery in 7.1 but added it to Patch Management.  Adding it to Patch Management should have been an indication that this is a needed feature, not only in patching, but also in delivering software.

I look forward to any comments and suggestions.

Eric

For part 2, there is a "Run Once ASAP" option.  However, if you want to run it more than once, you need to set a scheduled time in the past.  You can also specify a window if you want the window as well.

Your best practice for a Managed Software Delivery is that you use a software resource that contains a valid detection check.  The detection check (performed on the compliance schedule) checks to see whether the software is present.  If the software is present, remediation will not occur for an install action, but will occur for an uninstall action.  If the software is not present, remediation will occur for an install action, but will not occur for an uninstall action.  The compliance schedule is separate from the remediation schedule to allow you to pre-stage the content by downloading it to the client cache prior to remediation.

For your remediation check, if you want a software to install only once, use the 'Run Once ASAP' option.  If you want the software to remain installed, you can add a scheduled window -- run remediation every 4 hours, for example.  However, if you want the system to run the install immediately if it ever does not have the software present, you should have a scheduled time in the past, e.g. yesterday at 00:00.  With this behavior, a newly-provisioned system that receives an updated configuration would see that it has an overdue compliance check for CutePDF Writer, the detection check evaluates to false, and remediation occurs immediately since it's overdue.

Does this answer your question about the second part?

For issue #1, you can try using a copy file task, which allows you to execute a command when the copy is successful.  A quick delivery task may work best after the scheduling issues are worked out -- hopefully the above post gets you there.  And you could also combine these solutions with a Run Script task.  For example, you could copy a file and then run a script (two tasks) as part of a job (jobs contain tasks you've already created).

Regarding scheduling problems, remember that tasks occur only at the time they are scheduled, and only work if the client can talk to the NS.  A policy has more flexible scheduling options and can work even if the client cannot talk to the NS.  For example, a policy would allow a client to download an .exe utility during the day, cache it, and then execute it at 8 p.m., even if that computer were disconnected from the network.  A task would tell the client at 8 p.m. to download the .exe and execute it, but the .exe is not cached locally.

Does any of this work for you about the utilities?

Thanks for the response Mike.