This issue needs a solution.

Manually Launch a Managed Software Policy via the Command Line

Created: 02 Mar 2013
Login to vote
+1 1 Vote

Dear All,

I am assuming that this is possible!

I have a number of Managed Software Policies that are deployed to our machines. There schedule is set to run at "Machine Startup" with an "Immediate" remidation if the detection rule returns "Not Detected". I have also allowed the users to launch any of these items manually.

This works great and I am very happy with it!

That said inevitably there are times that the machine is not compliant as software X couldn't be installed due to an update that was running in the background or someother reason at startup. When the users phones I would like to be able to remotely launch the "Managed Software Policy" via the console on their machine so that reevulates the detection rule and installs if needed.

I have fiddled with the "Emergency Policy Update" and thsi works how I want it too but that means that ALL machines that are in the filter run it which is not needed and overkill.

Does any body know of a command that I can launch on the agent maybe giving the managed policy GUID so that it is launched, I could then create a task to send this to a machine from the NS.

Thanks,

 

Filed Under

Comments

andykn101
Partner
Accredited
Certified
02
Mar
2013

You could download and use

You could download and use the Remote Altiris Agent Diagnostics tool:

http://www.symantec.com/docs/HOWTO21449

One thing I do often is to apply the Policy to a target of machines without the particular piece of software and have it run once and then daily. Once it installs successfully the detection rule initially stops it running again and then, once inventory picks up the software, it drops out of the target

Authorised Symantec Consultant (ASC) with Endpoint Management Limited, an Authorised Symantec Delivery Provider based in the UK.

Connect Etiquette: Please "Mark as Solution" posts that fix your problem.

02
Mar
2013

Why not just use a Quick

Why not just use a Quick Delivery task? If your plan is to use a task to kick this software's install off anyway this would be easier and have it's own way of reporting so you can audit its use to look for patterns/issues.

Pascal KOTTE
Partner
Accredited
02
Mar
2013

no better idea

Yep, forcing the run from RAAD, or a remote control is the simplest option I see.
Except 1 thing.
I often use a daily 12h12 pm schedule.
Because some users sleep or hybernate their computer, never restart, or rarely.
Also, best not slowing more computers on startup, because that is the reason why user are sleeping their pc instead :)
But sure, most required update must run on startup, in case pc was down from a long time... No other choice.

~Pascal @ Kotte.net~ Do you speak French? Et utilisez Altiris: venez nous rejoindre sur le GUASF

04
Mar
2013

The reason do not want to use

The reason do not want to use a task is that it is another thing to manage.

Say you have 20 pieces of software that are applied via a policy then you have 20 policies to keep up to date whenever software needs to changing. If you then duplicate this for another 20 normal tasks just then you have to keep them up to date as welland inevitably we forget....

I have tried using the RAAD and it works but it requires a manually intervention from me away from the console, I was looking for a solution inside the console.

Thanks,

04
Mar
2013

Ok The easiest way I have

Ok The easiest way I have found is to right click on a software product and then choose "quick delivery task" under "Actions".

At least then a new task is created if there is a new software package that has been assigned to a product.

Would still be interested in a solution though if anybody has any more ideas...

Thanks,

Pascal KOTTE
Partner
Accredited
05
Mar
2013

OK for 1 software to force

OK for 1 software to force deploy, it is a quick building task, can be reused later, so should care to avoid "rebuild" multiple times the same "task" :( 

What can be done, is to build it by default on each new Software component as soon as production validated. So you can test using the task, and integrate in a "policy" if task is OK (as a software component, not reusing this task). And move them in a Sub-folder "PRODUCTION SOFT-MANAGED on-demand TASKs"

Also suggest to "duplicate" the "install" task to edit and build the "removal" task, so we can apply to the test computer and validate the policy run is OK, before applying in production.

NOTICE you are able to use a "task" with the "advanced" target (not quick apply), to select the "urgent" option to force the run also out of a defined "maintenance Window" (if some were applied).

~Pascal @ Kotte.net~ Do you speak French? Et utilisez Altiris: venez nous rejoindre sur le GUASF