Patch Policy Documents

Use the Patch Policy Document to view and manage policy settings. Policy information appears on the right.

  • Status – Active or Suspended.
  • Updates – Number of patch updates available.
  • Policy ID – unique identifier for this policy.
  • Severity, Category, OS, Type – inclusion criteria.
  • Site - name of the site where the policy is stored.
  • Next Refresh (Active policies) – Time of next Auto-refresh, if enabled.
  • Modified – time policy was last changed.
  • Created by: operator name.

Schedules Tab

The Schedules tab displays a list of policy schedules in order of creation. Click a schedule name to display it's Summary page.
Patch Policy Schedules tab

  • Name – Schedule name.
  • Repeat – Deployment interval.
  • Targets – Number of targeted devices or computer groups. Click the link to display the target list. The Add Targets control appears when a schedule has no targets; click the link to add them.
  • Next Deployment: The time the schedule's Multiple Action Groups will be issued to the BigFix root server. It is subsequently adjusted to accommodate endpoints in all time zones, ensuring the policy executes at the correct time in each location.

Click the Suspend button to refresh or edit an Active policy. Some Schedules tab controls are inactive until the policy is Suspended.

Schedules Tab controls:
  • Add Schedule
  • Activate/Suspend
  • Refresh Now
  • Edit Policy
  • Delete Policy
Note: Non-master operators need Activate/Suspend Policy permission to activate or suspend the policy and they need Refresh Policy permission to refresh the policy. For more information on permissions, see The WebUI Permissions Service. Non-master operators also need write access to the site where the policy is stored to activate/suspend or refresh the policy.

Schedule Summary Page

Click a schedule to display the Schedule summary and its controls. To make changes to a schedule you must suspend its policy. This is not required when adding or removing targets.

  • Pre-cache Downloads – The time when policy patches are pre-cached.
  • Stagger Start Time – Amount of time to stagger patching time to reduce network load.
  • Bypass errors – Ignore Multiple Action Group (MAG) failures and proceed to the next action. For more information about patch policies and MAG processing, see Monitoring Deployed Policies.
  • Retry on Failure – number of times to retry if a patch fails to install, and the retry interval.
  • Force Restart – Force a restart on completion, and the interval to wait before restarting.
Schedule Summary controls:
  • Edit Targets
  • Edit Schedule
  • Remove Schedule

Patches Tab

Displays patches for the selected policy. Patches used for auditing, corrupt patches, and patches with no default action are not included in patch policies. Superseded patches are flagged but not deployed; they will be removed from the patches list once the policy has been refreshed.

To exclude individual patches from the policy, check the Exclude box to the left of the title. A device that has been targeted using a computer group (either a manual or dynamic group), cannot be individually excluded.

  • Included – displays included patches.
  • Excluded – displays excluded patches, including both dynamic and manual exclusions.
  • New – displays patches that will be added to the policy once it is refreshed.
  • Applicable Patches – lists patches associated with the devices the logged in user has permission to operate on. For example, suppose a Non-Master Operator (NMO) is authorized to patch Windows machines, but not Linux machines. When viewing a policy that includes both Windows and Linux patches:
    • When the Applicable patches box is checked the NMO will see only Windows patches.
    • When the Applicable box is clear the NMO will see both Windows and Linux patches.
    • Master Operators, with unlimited permissions, will see the same patches whether the Applicable Patches filter is selected or not.
Patches Tab controls:
  • Activate/Suspend
  • Refresh Policy
  • Edit Policy
  • Delete Policy
Note: Buttons in the policy document appears only when the respective permissions are granted to the non-master operators.