Summary

How to define a policy in Guaranteed State.

For details of policy objects you can use to create your own policies, please refer to Tachyon Product Packs reference

On this page:

Defining a policy

You define a policy from Guaranteed State->Administration->Policies.

Click New Policy, enter a name and description for the policy and click Save.

The Managing Rules section explains how to create and add rules for the new Policy.


Policies

New Policy

Managing rules

Policies need rules in order to be of any use. The following headings show how to define rules, caveats for editing rules and how to associate rules with policies.

Defining a rule

You define a rule from Guaranteed State->Administration->Rules. Click New Rule then enter a name and description.

Defining a rule

In the Triggers section we're going to define that the rule should be evaluated periodically, every 30 seconds. In the search window we choose Periodic (seconds) and set the number of Seconds to 30.

You can add multiple Triggers using the add triggers plus sign, in this example we'll just use one.

Do not specify a period less than 30 seconds. The rule may be accepted by the management interface but the Tachyon client will not apply it.

Setting triggers

In the Precondition section, we will not define a precondition rule, but you can review the available choices, if you do want to set one. 

Preconditions

In the Check section, we'll define a check rule that requires that there is a value MyValue in the registry hive HKLM and subkey SOFTWARE\MyApp. Its value should be of type REG_DWORD and it should be 0.

If any part of the Subkey is missing, or the Name or Value fail to match this check rule, then the fix rule will be applied.

Check

In the Fix section, the fix rule will be identical to the check rule. This means that if the registry is not consistent with the check rule, it will be made consistent.

If any part of the Subkey does not exist, or the Value or Name is missing or has a different value or type, then all of these discrepancies will automatically be corrected and the registry value made to be consistent with the check rule.

Then click Save.


Fix

Editing existing rules

You can edit a rule by selecting it with the checkbox on the left and then selecting Edit Rule .

Editing existing rules

Cloning a rule

You can clone (copy) a rule by selecting it with the checkbox on the left and then selecting Clone Rule. When you do this, a copy of the rule is made.

You will be prompted to enter a new name for the cloned rule. After this you can modify any property of the cloned rule and save it.

Cloning a rule

Viewing Rule Details

You can view the rule details for a rule by clicking the View Details link displayed on the rules page under the Details column, showing:

HeadingDescription
DescriptionRule description entered when the rule was created.
CheckThe verification that a device has a particular state.
FixThe defined desired state for the device and the enforcement that state.
TriggersThe definition of the conditions causing a rule to be evaluated.

Viewing Rule Details

Enabling and disabling rules

You can enable and disable rules by selecting the rule with the checkbox on the left and then selecting Disable Selection, if the rule is enabled, or Enable Selection, if the rule is disabled.

Disabled rules are shown with a disabled icon against them.

A disabled rule ceases to have effect within any policy that refers to that rule, when that policy is redeployed. In effect, a disabled rule acts as if the rule is not part of the policy.

You must redeploy any policies which contain a disabled rule for the change to become effective on any devices targeted by the policies.

If you enable a previously disabled rule then the rule becomes active again. You must redeploy any policies containing the rule for the change to become effective on any devices targeted by the policies.

Enabling and disabling rules

Disabled rule

Associating a rule with a policy

You associate a rule with a policy from Guaranteed State→Administration→Policies by selecting the policy using with the checkbox on the left, then selecting Edit Policy.

The available rules are on the left of the page. We select the rule(s) we want to associate with the policy using the checkboxes and then clicking  the  button.

When we have selected all the rules we wish to associate, we click Save.


Associating a rule with a policy