Setting up remediation for a predefined Host Integrity requirement
Last Updated July 15, 2019
If the Host Integrity check on a client shows that a requirement failed, you can configure the policy to restore the necessary files. The client restores files by downloading, installing, or running the required applications to meet the requirement. The client computer can then pass the Host Integrity check.
You set up remediation in the same dialog box in which you add a predefined requirement. You specify both the path from which the client downloads the remediation files and how the remediation process is implemented.
You can also enable users to have some control over when they remediate their computers. For example, a restart may cause users to lose their work, so users may want to delay remediation until the end of the day.
After the download, installation, or execution of a command to restore a requirement, the client always retests the requirement. Also, the client logs the results as pass or fail.
To set up remediation for a predefined Host Integrity requirement
In the console, open a Host Integrity policy, and add a predefined requirement.
In the Add Requirement dialog box, click Install the <requirement type> if it has not been installed on the client.
Click Download the installation package.
In the Download URL text box, type the URL from where the installation file gets downloaded to the client computer.
In the Execute the command text box, do one of the following tasks:
If you want the client user to run the installation, leave the text box blank.
If you want the installation to run automatically, type %F%.
The %F% variable represents the last downloaded file. You can use any command that can be run from Start > Run. For example, to install a patch for Vista, type the command %Systemroot%\system32\wusa.exe /quiet /norestart %F%.
Optionally set the options to delay or cancel remediation, and then click OK.