Print Download PDF Send Feedback

Previous

Next

Compliance Remediation Objects

Each Compliance Action Rule contains one or more Remediation objects. A Remediation object runs a specified application or script to make the endpoint computer compliant. It can also send alert messages to users.

After a Remediation object is created, you can use the same object in many Action rules.

To create a new or change an existing Remediation object:

  1. In the Edit Properties window of a Compliance Action, click View Objects List.
  2. Select the Remediations tab and click New.
  3. In the Remediation Properties window, fill in these fields:

    Option

    Description

    Operations

     

    Run Custom File

    Run the specified program or script when an endpoint computer is not compliant.

    Download Path

    • Enter the temporary directory on the local computer to download the program or script to. This path must be a full path that includes the actual file and extension (*.bat or *.exe).
    • This parameter is required.
    • The endpoint client first tries to access the file from the specified path. If the client fails, it downloads the file from the URL to the temporary directory and runs it from there.
    • To run multiple files, use one of the popular compression programs such as WinRAR to produce a self-extracting executable that contains a number of .exe or .bat files.

    URL

    • Enter the URL of an HTTP or file share server where the file is located.
    • Enter the full path that includes the actual file with one of the supported extensions (*.bat or *.exe).
    • This field can be left empty.
    • Make sure the file share is not protected by a username or password.

    Parameters

    If the executable specified in the URL runs an installation process, make sure that the executable holds a parameter that specifies the directory where the program should be installed. If the executable does not hold such a parameter, enter one here.

    MD5 Checksum

    Click Calculate to generate a MD5 Checksum, a compact digital fingerprint for the installed application or the remediation files.

    Run as System

    Apply system rights for running the executable file. Not all processes can run with user rights. System rights may be required to repair registry problems and uninstall certain programs.

    Run as User

    Apply user rights and local environment variables for running the executable file.

    Messages

     

    Automatically execute operation without user notification

    Run the executable file without displaying a message on the endpoint computer.

    Execute operation only after user notification

    Run the executable file only after a user message opens and the user approves the remediation action. This occurs when Warn or Restrict is the selected action on a compliance check.

    Use same message for both Non-Compliant and Restricted messages

    Select that the same text be used for both messages.

    A Non-Compliant message tells the user that the computer is not complaint and shows details of how to become compliant.

    A Restricted message tells the user that the computer is not compliant, shows details of how to achieve compliance, and restricts computer use until compliance is achieved.

    Message Box

    Displays selected non-compliant and restricted messages. The message box is available only by selecting the Execute only after user notification setting. Click Add, Remove, or Edit to add a message, and remove or revise a selected message.

    Note: User cannot prevent the remediation application or file from running.