Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Manually Launch a Managed Software Policy via the Command Line

Created: 02 Mar 2013 | 6 comments

Dear All,

I am assuming that this is possible!

I have a number of Managed Software Policies that are deployed to our machines. There schedule is set to run at "Machine Startup" with an "Immediate" remidation if the detection rule returns "Not Detected". I have also allowed the users to launch any of these items manually.

This works great and I am very happy with it!

That said inevitably there are times that the machine is not compliant as software X couldn't be installed due to an update that was running in the background or someother reason at startup. When the users phones I would like to be able to remotely launch the "Managed Software Policy" via the console on their machine so that reevulates the detection rule and installs if needed.

I have fiddled with the "Emergency Policy Update" and thsi works how I want it too but that means that ALL machines that are in the filter run it which is not needed and overkill.

Does any body know of a command that I can launch on the agent maybe giving the managed policy GUID so that it is launched, I could then create a task to send this to a machine from the NS.

Thanks,

 

Operating Systems:

Comments 6 CommentsJump to latest comment

andykn101's picture

You could download and use the Remote Altiris Agent Diagnostics tool:

http://www.symantec.com/docs/HOWTO21449

One thing I do often is to apply the Policy to a target of machines without the particular piece of software and have it run once and then daily. Once it installs successfully the detection rule initially stops it running again and then, once inventory picks up the software, it drops out of the target

Authorised Symantec Consultant (ASC) with Endpoint Management Limited, an Authorised Symantec Delivery Provider based in the UK.

Connect Etiquette: Please "Mark as Solution" posts that fix your problem.

m.taylor's picture

Why not just use a Quick Delivery task? If your plan is to use a task to kick this software's install off anyway this would be easier and have it's own way of reporting so you can audit its use to look for patterns/issues.

Pascal KOTTE's picture

Yep, forcing the run from RAAD, or a remote control is the simplest option I see.
Except 1 thing.
I often use a daily 12h12 pm schedule.
Because some users sleep or hybernate their computer, never restart, or rarely.
Also, best not slowing more computers on startup, because that is the reason why user are sleeping their pc instead :)
But sure, most required update must run on startup, in case pc was down from a long time... No other choice.

~Pascal @ Kotte.net~ Do you speak French? Et utilisez Altiris: venez nous rejoindre sur le GUASF

Aiglon College's picture

The reason do not want to use a task is that it is another thing to manage.

Say you have 20 pieces of software that are applied via a policy then you have 20 policies to keep up to date whenever software needs to changing. If you then duplicate this for another 20 normal tasks just then you have to keep them up to date as welland inevitably we forget....

I have tried using the RAAD and it works but it requires a manually intervention from me away from the console, I was looking for a solution inside the console.

Thanks,

Aiglon College's picture

Ok The easiest way I have found is to right click on a software product and then choose "quick delivery task" under "Actions".

At least then a new task is created if there is a new software package that has been assigned to a product.

Would still be interested in a solution though if anybody has any more ideas...

Thanks,

Pascal KOTTE's picture

OK for 1 software to force deploy, it is a quick building task, can be reused later, so should care to avoid "rebuild" multiple times the same "task" :( 

What can be done, is to build it by default on each new Software component as soon as production validated. So you can test using the task, and integrate in a "policy" if task is OK (as a software component, not reusing this task). And move them in a Sub-folder "PRODUCTION SOFT-MANAGED on-demand TASKs"

Also suggest to "duplicate" the "install" task to edit and build the "removal" task, so we can apply to the test computer and validate the policy run is OK, before applying in production.

NOTICE you are able to use a "task" with the "advanced" target (not quick apply), to select the "urgent" option to force the run also out of a defined "maintenance Window" (if some were applied).

~Pascal @ Kotte.net~ Do you speak French? Et utilisez Altiris: venez nous rejoindre sur le GUASF