Viewing Details for an Individual Policy or Group


  • To view an individual policy, identify the policy you want details about and click Edit Policy. The Edit Policy page is displayed. (Learn more about the policy details page)
  • To view an individual group, identify the group you want details about and click Edit Group. The Edit Group page is displayed. (Learn more about the group details page)

Assigning Policies and Groups to Each Other


From the System Management page, you can assign a policy to a group or a group to a policy. You can also assign multiple groups to a policy, or assign a policy to multiple groups.

Assigning a Policy to a Group

  1. Click the group to highlight it in the list.
  2. Find the policy that you want to assign to the group and click Assign
  3. Click Save Changes.

Assign Policies to Groups

  1. Click the policy to highlight it from the list of policies.
  2. Find the group that you want to assign to the policy and click Assign
  3. Click Save Changes.
  4. To schedule the policy for immediate remediation, click Execute Policy Now. A message bar at the top will show if the policy was successfully applied.

Unassigning Policies and Groups

To change policy and group connections, from the System Management tab find the group or policy that should be edited. Click Unassign to remove the group or policy assignment.

Determining Which Policies are Assigned to Which Groups


From the System Management tab, you can view which policies are already assigned to a particular group. There are two ways to view this information, which are described here:

  • Click the name of the group. When policies are already assigned, connecting lines indicate which policies are assigned to the group.
    Group Assigned to Policies
  • Click Assign and Unassign next to each policy. Scroll down and hit the Save Changes button

Searching and Filtering for an Individual Policy or Group

From the System Management tab, you can view which groups are assigned to a particular policy. There are two ways to view this information:

  • Click the name of the policy. When groups are already assigned, connecting lines indicate which groups are assigned to the policy.
    Policy Assigned To Group
  • Click Assign and Unassign next to each group. Scroll down and hit the Save Changes button.

Execute Policy Now

While you are viewing the Policy to Group assignments, you can decide to immediately execute the policy.

  • Click Execute Policy Now. This schedules the policy for immediate remediation.

  • A message confirms the successful operation.

note

If you chooose to run a policy manually notifications will not be sent to the users. If you are looking to test ed user notifications we recommend setting the schedule 15 minutes after you want to test on a small test group of machines.

Searching and Filtering for an Individual Policy or Group


  1. Enter the name of the policy or group into the search bar above the list.
  2. If you know the policy or group is not in use, you can use the Unused Policy or Unused Groups tile to filter the view. For example, click the Unused Policies tile to filter and view only policies that are not in use.

Managing Groups


You can organize and manage system updates using Groups. It is possible to arrange groups by department or geography, or whatever makes sense for your organization. You can use groups to form a test group. Patches can then run against this group for a specified period of time after which those same patches can be rolled to another group or into production automatically. Software can also be deployed by group.

Viewing Groups

To view a list of all groups in your organization, follow these steps:

  1. Go to System Management.
  2. Use the Filter Groups field to search for groups.
  3. Click Unused Groups to toggle between all groups and the groups that are not in use.

Creating a Group

To create a new group, follow these steps:

  1. Go to System Management and click Create Group.
  2. To change the refresh interval, click the Refresh Interval drop-down list. The default is 24 hours. The refresh interval indicates how often Automox re-inventories a device for Hardware, Software, System Information, Available patches.
  3. Add a note, as required.
  4. To choose the group structure, click the Parent Group drop-down list and select from existing groups. Selecting anything other than Default creates a subgroup. Subgroups are meant to help visualize groups in the Automox console. There is no policy inheritance between a Parent Group and any Subgroups.
  5. For easier management, go to Choose Color and select a color to identify the new group.
  6. Click the plus icon to add devices to the group now, if desired. You can also add devices later.

Assign Devices to a Group

To create a new group, follow these steps:

note

Administrative privileges required. The deployment tool or target device must have administrative privileges in order to successfully deploy and install the Automox Agent.

  1. Go to System Management.
  2. Find the group you want to add a device to and click Edit Group.
  3. From the Devices area, click the plus icon to open the Assign Devices to Group dialog.
  4. Select the check box next to the device you want to add to the group. Click Assign Devices to Group.

Removing Devices from a Group

To remove devices from a group, follow these steps:

  1. Go to System Management.
  2. Find the group you want to add a device to and click Edit Group.
  3. From the Devices area, find the device that is to be removed and click the x in the Remove column.
  4. Click Update Group.
  5. This device will automatically go into the “Default Group”

Viewing Devices Assigned to a Group

To view devices assigned to a group, follow these steps:

  1. Go to System Management.
  2. Find the group you want to add a device to and click Edit Group.
  3. The list of devices is available in the Devices area of the page.

Filtering Groups

You can use the search filter to view a list of groups from the Devices page and the System Management page.

  • From the Devices page, go to the search field and enter Group. The list of groups automatically pre-populates with the existing group names. Scroll down to select the desired group.
  • From the System Management page, enter the names into the Group search field to view the desired group.

Policies


You can create patch, software, and custom configuration policies that are enforced regardless of geographic location.

Viewing Policies

You can view a list of all policies in your organization from the System Management page.

  • Use the Filter Policies field to search for a specific policy.
  • Click Unused Policies to toggle between all policies and the policies that are not assigned to any devices.

Creating a Policy

You can create new patch policies from the System Management tab. Select the Create Policy button. There are three different types of policies, which are described here.

  1. Patch Policies, which patch some or all of the software that Automox natively supports. The following subcategories of patching are available. The different types of a patch policy are: Patch All, Patch All Except…, Patch Only, Manually Approve, and By Severity.
  2. Required Software Policy: You can install and patch software packages that do not have native support from Automox.
  3. Custom Policy: You can create policies that are capable of performing numerous tasks such as enforcing password rules, setting up system configurations, or managing custom software. These different types of patch policies are described in the following.

Creating a Patch Policy

You can create a Patch policy from the Create Policy dialog. Follow these steps for each of the subcategories of patches:

  1. Go to System Management and click Create Policy.
  2. Click the type of policy you want to create. The options are:
    1. Patch All
    2. Patch All Except
    3. Patch Only
    4. Manually Approve
    5. By Severity
  3. In the Policy Info area, configure the following:
    1. In the Name field, enter a name for the policy.
    2. In the Notes field, enter any notes if required.
    3. Toggle the Policy Status to On or Off. this will enable or disable patching. If you want to pause patching, select Off.
    4. Toggle the Automatic Reboot switch. Automatic reboots will restart the machine if a reboot is required to complete patching. Select No if you do not want the device to reboot after patching.
  4. The Policy Scope area will differ for each of the subcategory types of policies.
    1. Patch All: This policy will be applied to all supported software. This includes all operating system patches and supported 3rd party software. View a list of supported operating systems and supported 3rd party software.
    2. Patch All Except…: For this type of policy, you can select all packages that should not be patched. Use the search and filter options to find these packages. Mark the check box next to each package that you wish to exclude from the patch. Your selections will appear on the right.
    3. Patch Only: For this type of policy, you can select all packages that should be patched. Use the search and filter options to find these packages. Mark the check box next to each package that you wish to include in the patch. Your selections will appear on the right.
    4. Manually Approve: For this type of patch, the scope area remains empty until it is associated with a device or group of devices.
    5. By Severity: For this type of patch, you can select the severity level you want to have included in the patch update: Low, Medium, Critical, or Other. You can select multiple severities. The severity level are defined by the CVE score.
  5. For Schedule, set the months, weeks, days, and time that the patch will run on the device(s). A calendar preview is provided next to your selection. Selected days/weeks/months are indicated in blue while dates that will not have a patching window are shown in black.
  6. (Optional) Mark the Notifications check box to notify users about a pending patch update. The Policy Status must be On.
  7. (Optional) Assign this policy to a group by selecting the plus icon in the upper right of the page and selecting the desired group(s). Click Assign Groups. The group can also be newly created now or assigned later.
  8. Click Create Policy.

Creating a Required Software Policy

You can create a policy that will patch and install designated software. This policy will allow you to automate your 3rd party software patching.

  1. Go to System Management and click Create Policy
  2. Click the OS for the software policy you are creating.
  3. In the Policy Info area, configure the following:
    1. In the Name field, enter a name for the policy.
    2. In the Notes field, enter any notes if required.
  4. Click Upload File to upload the installation file for the software update.
  5. In the Identify Package area, click the drop-down list of Check For Package to select which package to install. Since this selection is required, it is best to have an installation of the 3rd party software already on a managed device. The package can also be extracted from any uploaded installation file.
  6. Use the Installation Command field to create a script for the software installation. This is required if a script is not found on the device.
  7. In the Schedule area, set the months, weeks, days, and time that the patch will run on the device.
    The Schedule Preview provides a calendar view of the software policy schedule.
  8. (Optional) Assign this policy to a group by selecting the plus in the upper right of the page and selecting the desired group(s). Click Assign Groups. The group can also be newly created now or assigned later.
  9. Click Create Policy.

Creating a Custom Policy

You can create a custom policy to perform tasks such as enforcing password rules, setting up system configurations, or managing custom software for Windows, Mac, or Linux environments. To create a custom policy, follow these steps:

  1. Go to System Management and click Create Policy.
  2. Click the OS for the custom policy you are creating.
  3. In the Policy Info area, configure the following:
    1. In the Name field, enter a name for the policy.
    2. In the Notes field, enter any notes if required.
  4. In the Evaluation Code area, enter a script for the custom policy you are creating. You can also select on the right from pre-packaged scripts. To use a pre-packaged script, click on the name of the script. It will automatically populate the field.
  5. In the Remediation code area, enter remediation logic to execute when the evaluation code above returns non-compliance. If a pre-package script was selected in the previous step, this field is automatically populated.
  6. If relevant, you can also upload a software installation file for your custom policy.
  7. In the Schedule area, set the months, weeks, days, and time that the patch will run on the device.
    The Schedule Preview provides a calendar view of the software policy schedule.
  8. (Optional) Assign this policy to a group by selecting the plus in the upper right of the page and selecting the desired group(s). Click Assign Groups. The group can also be newly created now or assigned later.
  9. Click Create Policy.