About the execution of Managed Software Delivery policies
When a Managed Software Delivery policy runs on a managed computer, it performs a series of tasks that are grouped into the following phases:
When you schedule a Managed Software Delivery policy, you can assign different schedules for compliance and remediation. For example, you can schedule the compliance status to be reported during the day and the remediation to occur only during a maintenance window.
See About policy applicability, compliance, and remediation.
The ability to separate compliance and remediation also allows for the offline execution of Managed Software Delivery policies. When the compliance check determines that a remediation is required, the policy downloads the appropriate package. Remediation can occur even if the client computer is not connected to the server because the client computer already has the package that it needs.
See About deferring the execution of software remediation.
Table: How the compliance phase of Managed Software Delivery works
Step |
Action |
Description |
Step 1 |
Policy execution |
Starts the policy's compliance process at the scheduled time on the client computer. |
Step 2 |
Applicability check |
(Windows only) Determines whether the client computer has the correct environment for an installation of the software. If the computer does not have the correct environment, the policy execution stops. The applicability check runs for each software resource in the Managed Software Delivery policy that is associated with an applicability rule. |
Step 3 |
Compliance check |
Evaluates the software resource's unique identifier or detection rule to determine whether the software resource is installed on the client computer. The software resource's unique identifier is used when the software resource is not associated with a detection rule. The compliance check runs for each software resource in the Managed Software Delivery policy. This compliance check determines whether the software is in the correct state. The correct state of a software resource can mean that it is installed or that it is not installed. If all the software in the Managed Software Delivery policy is in the correct state, it is compliant. Therefore, remediation is not needed and the policy execution stops. If any or all of the software is not in the correct state, it is out of compliance. Therefore, remediation is required and the policy execution continues. |
Step 4 |
Package download |
Downloads the package for each software resource or task in the Managed Software Delivery policy that requires a package. The package download might not be required when the remediation action is to uninstall the software. In that case, the package download is skipped.
The Managed Software Delivery policy downloads the package as follows:
Download the package to the client computer.
Create a snapshot of the package that is on the client computer and compare it to the snapshot on the package server. If the package is already on the client computer because of a recurring delivery or a delivery re-attempt, its existing snapshot is used for comparison.
If the snapshots do not match, re-download the package. A mismatch can occur when some kind of interception has corrupted the package.
When the package download is successful, the compliance process is finished and the policy is ready for the remediation process. |
Table: How the remediation phase of Managed Software Delivery works
Step |
Action |
Description |
Step 1 |
Compliance check |
Determines whether the software is installed on the client computer. This compliance check ensures that the software is still in the same state as it was during the compliance process. For example, if the remediation was scheduled to run later than the compliance process, the software might have been installed or uninstalled in the interim. If the remediation is still required, the process continues. |
Step 2 |
Remediation action |
Installs, uninstalls, or performs any other remediation action that the software requires. If the Managed Software Delivery policy contains multiple software resources and tasks, they are executed in the order in which they appear in the policy. You can override the policy's remediation settings and schedule for individual software resources and tasks within the policy. |
Step 3 |
Compliance check |
Determines whether the software resource is installed on the client computer. This compliance check provides the information for reporting the results to Notification Server. |
Step 4 |
Report to Notification Server |
The Symantec Management Agent on the client computer reports the results of the Managed Software Delivery process to Notification Server. You can obtain information about the results from the compliance reports and the delivery reports in Software Management Solution. See Running a Software Management Solution report. |
See About advanced software deliveries.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)