Patch Policy Document
Use the Patch Policy Document to view and manage policy settings. Policy information appears on the right side of the page.
- Status – Active or Suspended.
- Updates – Number of patch updates available.
- Policy ID – Unique identifier for this policy.
- OS, Severity, Category, Type – Inclusion criteria.
- Site - Name of the site where the policy is stored.
- Next Refresh (Active policies) – Time of next auto-refresh, if enabled.
- Modified – Time when the policy was last changed.
- Source: Operator name.
- Refreshed - Date of last policy refresh.
- Keyword Exclusion - Contents with the keyword in the title will be excluded.
Schedules Tab
The Schedules tab displays a list of policy schedules in the order of creation. Click a schedule name to display it's summary page.
- Name – Schedule name.
- Frequency – Deployment interval.
- Targets – Number of targeted devices or computer groups. Click the link to display the target list. The Add Targets control appears when a schedule has no targets; click the link to add them.
- Added by – This column represents the operators who had added targets to the schedule and in the case of Target By Property It is the operator who had set the condition.
- Next Deployment – The time the schedule's Multiple Action Groups is issued to the BigFix root server. It is subsequently adjusted to accommodate endpoints in all time zones, ensuring the policy executes at the correct time in each location.
Use the toggle switch in the right side panel to Activate/Suspend a policy. You cannot refresh or edit an active policy. Some Schedules tab controls are inactive until the policy is Suspended.
- Add Schedule
- Activate/Suspend
- Refresh Policy
- Edit Policy
- Delete
Schedule Summary Page
Click a schedule to display the Schedule summary and its controls. To change the schedule you must suspend its policy. This is not required when adding or removing targets.
- Pre-cache Downloads – The time when policy patches are pre-cached.
- Stagger Start Time – Amount of time to stagger patching time to reduce network load.
- Bypass Errors – Ignore Multiple Action Group (MAG) failures and proceed to the next action. For more information about patch policies and MAG processing, see Monitoring Deployed Policies.
- Retry on Failure – number of times to retry if a patch fails to install, and the retry interval.
- Force Restart – Force a restart on completion, and the interval to wait before restarting.
- Add/Edit Targets
- Edit Schedule
- Delete
Content (Custom/External) Tab
Displays patches for the selected policy. Patches used for auditing, corrupt patches, and patches with no default action are not included in patch policies. Superseded patches are flagged but not deployed; they will be removed from the patches list once the policy has been refreshed.
To exclude individual patches from the policy, check the Exclude box to the left of the title. A device that has been targeted using a computer group (either a manual or dynamic group), cannot be individually excluded.
- Included – displays included patches.
- Excluded – displays excluded patches, including both dynamic and manual exclusions.
- New – displays patches that will be added to the policy once it is refreshed.
- Applicable Patches – lists patches associated with the devices the logged in user has permission
to operate on. For example, suppose a NMO is
authorized to patch Windows machines, but not Linux
machines. When viewing a policy that includes both
Windows and Linux patches:
- When the Applicable patches box is checked the NMO will see only Windows patches.
- When the Applicable box is clear the NMO will see both Windows and Linux patches.
- Master Operators (MOs), with unlimited permissions, will see the same patches whether the Applicable Patches filter is selected or not.
- Activate/Suspend
- Refresh Policy
- Edit Policy
- Delete