Management and Security
Assigning targets to a task
Once you've added a script to the Scheduled tasks pane, it becomes a task that you can assign targets to by dragging them from the network view onto the task. Targets can include individual devices, device groups, LDAP objects, LDAP queries, and inventory queries. Queries and groups are powerful options that enable you to have a dynamic list of devices that can change for recurring tasks. For example, as the device target list from a query changes, any tasks using that query automatically target the new devices in the list.
If a device is targeted more than once, such as when two target queries have overlapping results, the core server detects the duplication and won't run the task multiple times for the same device.
When using queries to select task targets, the query doesn't run until the task has started. The Scheduled task properties dialog won't show the target devices until after the task is launched.
You can also add targets directly from the task properties Targets page. Targeting from this page gives you a single point of access to all available target types and possible targets. Just select the target type you want and click Add.
Additional task information
Multiple Endpoint Manager users can add targets to a scheduled task. However, in the Scheduled tasks pane, each Endpoint Manager user will only see targets within their scope. If two users with scopes that don't overlap each add 20 targets to a task, each user will see only the 20 targets they added, but the task will run on all 40 targets.
Each task needs a set of targets to run on. Tasks can have two types of targets—static and dynamic:
- Static targets: A list of specific devices or users that doesn't change unless you manually edit it. Static targets can be LDAP users or devices from Directory Manager or devices from the console's network view.
- Dynamic targets: A dynamic list of target devices that policy-based distribution tasks check periodically for any changes. As new devices meet the query criteria, recurring tasks using those queries get applied to the new devices. Dynamic lists include query results and LDAP groups/containers or network view groups.
You can specify static policy targets in these ways:
- Network view devices: A static set of devices from the core database.
- LDAP users or devices: A static set of user and/or device objects.
You can specify dynamic policy targets in these ways:
- Network view group: A dynamic set of devices from the core database.
- LDAP group/container: A dynamic set of user, device, or group objects.
- Database query: A set of devices generated by a query against the core database.
- User group: A group of users selected from an LDAP-compliant directory.
- LDAP query: A set of users, devices, or both, generated by a query on an LDAP-compliant directory.
In order for devices to receive policies that are targeted through Active Directory, they have to be configured to log in to the directory. This means that they need to have all the correct device software installed, and they need to actually log in to the correct directory so that their fully distinguished name will match the name that was targeted through Directory Manager.
For each Windows device, there must be a computer account on the Active Directory domain controller. This means that the computer being used as the device must be logged into the domain where the Active Directory exists. You can't simply map a network drive using the fully-qualified Windows domain name. The policy won't take effect this way.
To use Directory Manager to create a query
- Click Tools > Distribution > Directory manager.
- Click the Manage directory toolbar button.
- Enter the directory URL and authentication information and click OK.
- Click the New query toolbar button.
- Create your query. For more information, see LDAP queries.
There are over 30 time zones in the world, and if you are a global company it can be difficult managing time-sensitive tasks that target devices in multiple time zones. For example, if your company has a maintenance window of 2 AM to 3 AM and your company has offices in both Europe and America, it would be nice if you didn't have to create separate tasks to target the devices in each time zone so the task happens during that window. Now you can easily do all this in a single task.
Among the inventory data Endpoint Manager maintains for each managed device is the time zone the device is in. If you want it to, the task scheduler can use this data to automatically run the task based on the device's time zone instead of the core server's time zone.
To use time zone awareness in a task
- Schedule a task and add targets to it.
- Right-click the task and click Properties.
- On the Target devices page, review the Targeted time zones list to see the list of targeted devices sorted by time zone.
- On the Schedule task page, select Target time zone aware so the task runs based on the target time zone.
- Save your changes and run the task. As the scheduled time arrives in each time zone, the core server runs the task on targets in that time zone.
Was this article useful?