Editing existing rules
For a policy to become effective, it must be deployed. Policies are deployed by pressing the Deploy button from the policies view in the administration section of Guaranteed State.
Note that deployment affects all visible policies that are enabled. You can enable or disable a policy from this screen by selecting it and then pressing the Disable or Enable button (which will change caption as appropriate based on the current state of the policy).
Deleted policies and deployment
If a policy is deleted, then pressing Deploy will also cause any endpoint that receives the deployment to remove the policy and to cease to enforce it.
Disabled policies and deployment
If a policy is disabled, then pressing Deploy will also cause any endpoint that receives the deployment to remove the policy and to cease to enforce it.
If the policy is subsequently re-enabled, then the next time Deploy is pressed, it will be sent out again and become effective.
In this initial release of Guaranteed State, you are prompted to deploy a policy as soon as you create it. However, deploying a new policy where any of the following is true will not result in any action being taken at the endpoints:
- The policy is not associated with any rules
- The policy has not been associated with a management group
- All rules associated with a policy are disabled
However, once a policy has been deployed, re-deploying the policy will always affect the endpoints to which the policy was previously deployed. In the case where a re-deployed policy meets any of the above criteria, it will cease to be effective at the endpoints
If the change removes a policy from any management groups, endpoints affected by this change WILL receive a policy update. For example, suppose you had a policy P1 assigned to management group MG1 and you then re-target P1 to management group MG2 instead and re-deploy it. All the endpoints which ever received policy P1 previously will have that policy removed if they now fall outside management group MG2.
The distribution of policies to endpoints is staggered. The stagger period associated with this activity is designed to avoid excessive network traffic. It is not related to the agent stagger parameter which is defined during agent installation.
Verifying policy at the endpoint
We can also confirm that the policy was downloaded and applied at the endpoints by examining the Tachyon agent log on the endpoint. Here we see that the policy was downloaded and successfully applied
If we now start the registry editor on the endpoint, we can see that the key and value exist.
Having done this you can now click the Explore button. This launches the standard Tachyon Explorer page but note that the device coverage for any question or action has been set automatically.
Please refer to Using Explorer to investigate devices in Guaranteed State.