System Management Overview


See the following to learn about or perform system management related tasks:

Viewing Details for an Individual Policy or Group


  • To view policy details, click Edit Policy next to the policy name. This will bring up the Edit Policy page where you can view details about the selected policy. (Learn more about Managing Policies.)
  • To view group details, click Edit Group next to the group name. This will bring up the Edit Group page where you can view details about the selected group. (Learn more about Managing Groups.)

Managing Policy and Group Assignments


From the System Management page, you can manage how policies and groups are assigned to each other. From here you can also remove one or more policy or group assignments.

Assigning Policies to a Group

You can assign a policy or mulitiple policies to a group.

  1. From the System Management page, click the name of the group to highlight it in the list.
  2. Find the policy or policies that you want to assign to the group and click Assign.
  3. Click Save Changes.

Assigning Groups to a Policy

You can assign a group or multiple groups to a policy.

  1. From the System Management page, click the name of the policy to highlight it from the list of policies.
  2. Find the group or groups that you want to assign to the policy and click Assign.
  3. Click Save Changes.
  4. To schedule the policy for immediate remediation, click Execute Policy Now. A message bar at the top will show if the policy was successfully applied.

Unassigning a Policy from a Group

You can unassign or remove a policy from a group.

  1. From the System Management page, click the name of the group that you want to edit. This will show any assigned policies.
  2. Click Unassign to remove a policy assignment.
  3. Click Save Changes.

Unassigning a Group from a Policy

You can unassign or remove a group from a policy.

  1. From the System Management page, click the name of the policy that you want to edit. This will show any assigned groups.
  2. Click Unassign to remove a group assignment.
  3. Click Save Changes.

Determining Which Policies are Assigned to Which Groups


You can view policy and group assignments from the System Management page.

Viewing What Policies Are Assigned to a Group

You can view which policies are assigned to a group.

  1. From the System Management page, click the name of the group. When policies are already assigned, connecting lines indicate which policies are assigned to the group.
    Group Assigned to Policies
  2. To edit the assignments, you can click Assign or Unassign next to a policy.
  3. Click Save Changes.

Viewing What Groups Are Assigned to a Policy

You can view which groups are assigned to a policy.

  1. From the System Management page, click the name of the policy. When groups are already assigned, connecting lines indicate which groups are assigned to the policy.
    Policy Assigned to Group
  2. To edit the assignments, you can click Assign or Unassign next to a group.
  3. Click Save Changes.

Execute Policy Now

While you are viewing the Policy to Group assignments, you can decide to immediately execute the policy.

  1. From the System Management page, click the name of the policy.
  2. To immediately execute the policy, click the Execute Policy Now button.

  • A message confirms the successful operation.

note

If you choose to run a policy manually, notifications will not be sent to the users. If notifications are required, we recommend creating a schedule instead.

Searching and Filtering for an Individual Policy or Group


  1. From the System Management page, enter the name of the policy or group into the corresponding filter search bar.
  2. If you know the policy or group is not in use, you can use the Unused Policy or Unused Groups tile to filter the view. For example, click the Unused Policies tile to filter and view only policies that are not in use.

Managing Groups


You can organize and manage system updates using Groups. It is possible to arrange groups by department or geography, or whatever makes sense for your organization. You can use groups to form a test group. Patches can then run against this group for a specified period of time after which those same patches can be rolled to another group or into production automatically. Software can also be deployed by group.

Viewing Groups

You can view a list of all groups in your organization.

  1. From the System Management page, use the Filter Groups field to search for groups.
  2. Click the Unused Groups tile to toggle between all groups and the groups that are not in use.

Creating a Group

You can create a new group.

  1. From the System Management page, click Create Group.
  2. Enter a Name for your new Group. This field is required.
  3. To change the scan interval, click the Scan Interval drop-down menu. The default is 24 hours. The scan interval indicates how often Automox re-inventories a device for hardware, software, system information, and available patches.
  4. Add a note, if required.
  5. To choose the group structure, click the Parent Group drop-down menu and select from existing groups. Selecting anything other than Default creates a subgroup. Subgroups help to better distinguish different groups in the Automox console. There is no policy inheritance between a Parent Group and any Subgroups.
  6. For easier management, go to Choose Color and select a color to identify the new group.
  7. From the OS Patch Management section, select how you want to handle patching for the devices in this group.
  8. Click the plus icon to add devices to the group now, if desired. You can also add devices later.
  9. Click Create Group.

Assign Devices to a Group

You can assign a device to a group.

note

Administrative privileges required. The deployment tool or target device must have administrative privileges in order to successfully deploy and install the Automox Agent.

  1. From the System Management page, find the group you want to add a device to and click Edit Group.
  2. From the Devices area, click the plus icon to open the Assign Devices to Group dialog window.
  3. Select the check box next to the device you want to add to the group. Click Assign Devices to Group.
  4. Click Update Group.

Removing Devices from a Group

You can remove devices from a Group.

  1. From the System Management page, find the group you want to edit and click Edit Group.
  2. From the Devices area, find the device that you want to remove and click the x in the Remove column.
  3. Click Update Group.
  4. This device will automatically go into the “Default Group”.

Viewing Devices Assigned to a Group

You can view devices assigned to a group.

  • From the System Management page, find the group you want to view details for and click Edit Group.
  • The list of devices is available in the Devices area of the page.

Filtering Groups

You can use the search filter to view a list of groups from the Devices page and the System Management page.

  • From the Devices page, go to the search field and enter Group. The list of groups automatically pre-populates with the existing group names. Scroll down to select the desired group.
  • From the System Management page, enter the names into the Group search field to view the desired group.

Managing Policies


You can create patch, software, and custom configuration policies that are enforced regardless of geographic location.

Viewing Policies

You can view a list of all policies in your organization from the System Management page.

  • Use the Filter Policies field to search for a specific policy.
  • Click Unused Policies tile to toggle between all policies and the policies that are not assigned to any devices.

Creating a Policy

You can create new patch policies from the System Management page. Select the Create Policy button. There are three different types of policies, which are described here.

  1. Patch Policies, which patch some or all of the software that Automox natively supports. The following subcategories of patching are available. The different types of a patch policy are: Patch All, Patch All Except, Patch Only, Manually Approve, and By Severity.
  2. Required Software Policy: You can install and patch software packages that do not have native support from Automox.
  3. Custom Policy: You can create policies that are capable of performing numerous tasks such as enforcing password rules, setting up system configurations, or managing custom software. These different types of patch policies are described in the following sections.

Creating a Patch Policy

You can create a Patch policy from the Create Policy dialog window. Follow these steps for each of the subcategories of patches:

  1. From the System Management page, click Create Policy.
  2. Click the type of policy you want to create. The options are:
    1. Patch All
    2. Patch All Except
    3. Patch Only
    4. Manually Approve
    5. By Severity
  3. In the Policy Info area, configure the following:
    1. In the Name field, enter a name for the policy.
    2. In the Notes field, enter any notes if required.
    3. Toggle the Policy Status to On or Off. This will enable or disable patching. If you want to pause patching, select Off.
    4. Toggle the Automatic Reboot switch. Automatic Reboot restarts the machine if a reboot is required to complete patching. Select No if you do not want the device to reboot after patching.
  4. The Policy Scope area will differ for each of the subcategory types of policies.
    1. Patch All: This policy will be applied to all supported software. This includes all operating system patches and supported third-party software. (From the Dashboard, you can view the details of this patch by selecting Pending Updates.)
    2. Patch All Except: For this type of policy, you can select all packages that you do not want patched. Use the search and filter options to find these packages. Mark the check box next to each package that you want to exclude from the patch. Your selections will appear on the right.
    3. Patch Only: For this type of policy, you can select all packages that you want patched. Use the search and filter options to find these packages. Mark the check box next to each package that you want to include in the patch. Your selections will appear on the right.
    4. Manually Approve: For this type of patch, the scope area remains empty until it is associated with a device or group of devices.
    5. By Severity: For this type of patch, you can select the severity level you want to have included in the patch update: Low, Medium, Critical, or Other. You can select multiple severities. The severity level are defined by the CVE score.
  5. For Schedule, set the months, weeks, days, and time that the patch will run on the device(s). A calendar preview is provided next to your selection. Selected days/weeks/months are indicated in blue while dates that will not have a patching window are shown in black.
  6. (Optional) Mark the Notifications check box to notify users about a pending patch update. The Policy Status must be On.
  7. (Optional) Assign this policy to a group by selecting the plus icon in the upper right of the page and selecting the desired group(s). Click Add Group. The group can also be newly created now or assigned later.
  8. Click Create Policy.

Creating a Required Software Policy

You can create a policy that will patch and install designated software. This policy will allow you to automate your third-party software patching.

  1. From the System Management page, click Create Policy.
  2. From the Required Software Policy section, click the OS for the software policy you want to create.
  3. In the Policy Info area, configure the following:
    1. In the Name field, enter a name for the policy. This field is required.
    2. In the Notes field, enter any notes, if required.
  4. Complete the Identify Package section before uploading the installation file. To do this, enter the required package name and version information as it will appear on the endpoint. This makes it easier to determine if remediation is necessary on the assigned endpoint.
  5. Click Upload File to upload the installation file for the software update.
  6. Use the Installation Command field to create a script for the software installation. This is required if a script is not found on the device.
  7. In the Schedule area, set the months, weeks, days, and time that the patch will run on the device.
    The Schedule Preview provides a calendar view of the software policy schedule.
  8. (Optional) Assign this policy to a group by selecting the plus in the upper right of the page and selecting the desired group(s). Click Add Group. The group can also be newly created now or assigned later.
  9. Click Create Policy.

Creating a Custom Policy

You can create a custom policy to perform tasks such as enforcing password rules, setting up system configurations, or managing custom software for Windows, Mac, or Linux environments. To create a custom policy, follow these steps:

  1. From the System Management page, click Create Policy.
  2. From the Custom Policy section, click the OS for the custom policy you are creating.
  3. In the Policy Info area, configure the following:
    1. In the Name field, enter a name for the policy. The field is required.
    2. In the Notes field, enter any notes, if required.
  4. In the Evaluation Code area, enter a script for the custom policy you are creating. You can also select on the right from pre-packaged scripts. To use a pre-packaged script, click on the name of the script. It will automatically populate the field.
  5. In the Remediation code area, enter remediation logic to execute when the evaluation code above returns non-compliance. If a pre-package script was selected in the previous step, this field is automatically populated.
  6. If relevant, you can also upload a software installation file for your custom policy.
  7. In the Schedule area, set the months, weeks, days, and time that the patch will run on the device.
    The Schedule Preview provides a calendar view of the patching schedule.
  8. (Optional) Assign this policy to a group by selecting the plus in the upper right of the page and selecting the desired group(s). Click Add Group. The group can also be newly created now or assigned later.
  9. Click Create Policy.