Compliance Remediation Objects

Each Compliance Action Rule contains one or more Remediation objects. A Remediation object runs a specified application or script to make the endpoint computer compliant. It can also send alert messages to users.

After a Remediation object is created, you can use the same object in many Action rules.

To create a new or change an existing Remediation object:

1. In the Edit Properties window of a Compliance Action, click View Objects List.
2. Select the Remediations tab and click New.
3. In the Remediation Properties window, fill in these fields:

   Option	Description
   Operations
   Run Custom File	Run the specified program or script when an endpoint computer is not compliant.
   Download Path	Enter the temporary directory on the local computer to download the program or script to. This path must be a full path that includes the actual file and extension (*.bat or *.exe). This parameter is required. The endpoint client first tries to access the file from the specified path. If the client fails, it downloads the file from the URL to the temporary directory and runs it from there. To run multiple files, use one of the popular compression programs such as WinRAR to produce a self-extracting executable that contains a number of .exe or .bat files.
   URL	Enter the URL of an HTTP or file share server where the file is located. Enter the full path that includes the actual file with one of the supported extensions (*.bat or *.exe). This field can be left empty. Make sure the file share is not protected by a username or password.
   Parameters	If the executable specified in the URL runs an installation process, make sure that the executable holds a parameter that specifies the directory where the program should be installed. If the executable does not hold such a parameter, enter one here.
   MD5 Checksum	Click Calculate to generate a MD5 Checksum, a compact digital fingerprint for the installed application or the remediation files.
   Run as System	Apply system rights for running the executable file. Not all processes can run with user rights. System rights may be required to repair registry problems and uninstall certain programs.
   Run as User	Apply user rights and local environment variables for running the executable file.
   Messages
   Automatically execute operation without user notification	Run the executable file without displaying a message on the endpoint computer.
   Execute operation only after user notification	Run the executable file only after a user message opens and the user approves the remediation action. This occurs when Warn or Restrict is the selected action on a compliance check.
   Use same message for both Non-Compliant and Restricted messages	Select that the same text be used for both messages. A Non-Compliant message tells the user that the computer is not complaint and shows details of how to become compliant. A Restricted message tells the user that the computer is not compliant, shows details of how to achieve compliance, and restricts computer use until compliance is achieved.
   Message Box	Displays selected non-compliant and restricted messages. The message box is available only by selecting the Execute only after user notification setting. Click Add, Remove, or Edit to add a message, and remove or revise a selected message. Note: User cannot prevent the remediation application or file from running.