Action1 5 Documentation 5 Staying Compliant with Policies

Staying Compliant with Policies

 

Action1 RMM enables you to manage your endpoints in a smart way. Unlike one-off actions, policies are recurring activities that you can track and control along the way. With policies, you can assess compliance with certain rules and automate response steps if necessary, for example ensure an antivirus app is installed on all computers and force deployment to those that miss it. Policies enable you to check your IT infrastructure state, see compliant endpoints and automatically help others to keep up with them.

Most commonly, Action1 policies are used for patch management and continuous update delivery since they enable you to automate deployment routines, set a timetable, and leave it operating on auto-pilot.

Policy or Action?

Answer the following questions:

  • Is it a recurring activity?
  • Are you interested in seeing results for the entire system instead of activity outcomes for individual endpoints?
  • Do you want to comply with rules and guidelines?

If you answer Yes to these questions, then there is a high chance you should create a policy instead of an action. The policy not only performs an administrative activity but also confirms whether the endpoints are compliant with the rules.

For example, create a policy that ensures that Slack is installed on all workstations in the Employee group. Action1 will check these workstations every day and install Slack on the workstations that miss it for some reason. For those that have Slack installed, the policy will return “compliant” status. Or, set up a policy to check the number of days since the password has been changed and force reboot of the endpoints whose owners should update their passwords because they are long overdue.

Routines You Can Verify and Automate with Policies

  • App installation
  • App uninstallation
  • Update deployment
  • Reboot
  • CMD or PS1 script execution
  • Any scheduling

Ideas for Creating Policies

  • Automatic patch management—create a policy to check that your endpoints have the latest KBs and hotfixes installed and eventually deploy missing updates.
  • Office tools—create a policy that verifies all the necessary tools are installed on your employees’ workstations.
  • Malicious apps management—create a policy that ensures no malicious software is installed. It scans your system for suspicious apps and uninstalls them if necessary.
  • Desktop management—create a policy that ensures all workstations have the same desktop settings. It will run an update script on workstations that don’t meet specified conditions.
  • Administration—create a policy that checks vital metrics for system (e.g., the number of failed login attempts, days since last computer reboot or password change) and force actions on endpoints that don’t match your desired result.
Creating a new policy

Creating a Policy

  1. Navigate to Patch Management / Policies. Alternatively, select New Policy on top of the screen.
  2. Select + New Policy and specify an action.
  3. Provide details about the action to be executed. The steps are similar to the one-time actions.
    • Reboot (see Restart Endpoints Remotely for detailed instructions)
    • Run Script. First, provide the condition script (CMD or PowerShell) to be executed on the endpoint to check if it is out of compliance; specify the met exit codes. Provide the main script (CMD or PowerShell) to be executed if the condition script exits with doesn’t meet the success exit code. The main script is meant to bring the endpoint into policy compliance. For example, check the number of days since has shutdown and force shutdown is the number of more than 90 days. Feel free to select one of the scripts from the Script Library or save a new script to reuse it later. (see Run Scripts Remotely for detailed instructions)
    • Deploy App (see Deploy Software with App Store for detailed instructions)
    • Deploy Update (see Roll Out and Deploy Updates for detailed instructions)
    • Uninstall App (see Review and Manage Installed Apps for detailed instructions)
Creating a Run Script policy
  1. On the Select Endpoints step, select Add Endpoints. Action1 enables you to add endpoints individually, or you can specify an entire endpoint group.
  2. On the Frequency step, provide a policy name and define how often you want to check your endpoints and apply the policy. For example, you can verify the policy compliance every X hours, every day, every week, or every month. Set the missing schedule time frame setting so that the powered-off endpoints can catch up with a policy. Make sure the time frame doesn’t exceed the frequency of the policy execution, i.e., don’t set it to 3 days for policies running on a daily basis.

On the Patch Management / Policies page, review the policies with status, last run and next run for each policy.

On the Patch Management / History page, see execution details. Select View Results to see information per endpoint.