Patch for Windows, powered by Shavlik

Configuring General Settings for a Ivanti Patch for Windows Agent Policy

There are a number of general settings to configure for a Ivanti Patch for Windows Agent policy. You must configure these settings before installing the agents on the desired target machines.

 

See an icon in the notification area

The agents can be configured to run invisibly on each target machine, or you can elect to install an icon in the notification area of each machine that provides the users of the machines a certain amount of control over the service.

If you want to allow users to control certain aspects of the Ivanti Patch for Windows Agent service, enable this option. Users will be able to launch the client-based program by double-clicking the icon.

If you do not enable this option, the icon will not appear in the notification area and the agent interface will not run unless it is launched by the user. When the agent interface is run the user will have no control other than to watch what is happening.

The notification area icon will not be visible on the target machine for any currently logged on user until the next time the user logs on, or if the user starts the Ivanti Patch for Windows Agent program using the Windows Start menu.

Perform manual operations

Enables a user on a target machine to manually initiate an operation such as a patch scan.

Cancel operations

Enables a user on a target machine to stop an operation that is in progress.

Logging level

Specify the amount of logging you want the agent to perform. The options are:

Basic: Records Error, Informational, and Warning message types in the log. This is the default value.

All: Records Error, Informational, Warning, and Verbose message types in the log. Logging all message types is typically only necessary when performing troubleshooting tasks.

The log files will reside on each agent machine in the following location: C:\ProgramData\LANDESK\Shavlik Protect\Logs

Maximum log size

Specify the maximum log size. Specifying a very large log size will enable you to record a longer log history but it will of course require more system resources. The default value is 5 MB.

If the log file becomes full a new log file is opened and logging will continue. If the second log file becomes full, the first log file is deleted and a new log file will be created. This means there will always be a maximum of two log files on the console.

Check-In interval

Specifies how often the agents will check in (synchronize) with the console. At each check-in the agent refreshes its license and looks for any policy changes. It also checks if it is assigned a distribution server. If it is assigned a distribution server it will use it to download the latest engine components and data definition files. If it is not assigned to a distribution server then the agent downloads the engines and data files from the Web. If an agent machine is offline when the next check-in interval occurs, the agent will immediately check in when network connectivity is restored.

Agent licenses must be refreshed at least once every 45 days or they will expire.

Minutes: Use this option if you want the agents to check in more than once a day, or if you don't care what time of day the agents will check in with the console and with the distribution server. Valid values are from 10 - 600 minutes.

Days: Use this option to specify the number of days between check-ins. You can also use this option to specify a specific time of day for the check-in (for example, late at night when there is more network bandwidth available).

Distribute check-ins over (minutes): Staggers the exact time the agents will check-in so as not to overtax the console (and the default website or the optional distribution server) with simultaneous requests. The valid range is from 1 - 999. As a general rule, the greater the number of agents, the longer the randomized check-in window should be. Values under 30 minutes are not recommended for large environments. The value should, however, be larger than the check-in interval.

Engine, data, and patch download location

Specifies if a distribution server will be used by the agents when downloading the latest engine components, data definition files, and patches. The agents will look for updated files every time they perform a scan. The available options are:

Vendor over Internet: Specifies that the agents will download the files from the default websites. A distribution server will not be used.

Distribution Server: Specifies that a distribution server will be used. You must specify which server(s) to use.

If the agents are being used to deploy custom patches then you must specify the use of a distribution server. This is because there is no download URL for custom patches, meaning the agents cannot pull the custom patches from a vendor and must therefore be able to pull them from one or more distribution servers.

Specific: You can select the name of an existing distribution server. You must have previously configured one or more distribution servers in order for the names to be pre-populated in this box. For more information see Configuring Distribution Servers.

By Agent IP range: If you have multiple distribution servers defined for your network, each distribution server is typically assigned to service a particular IP address range. The distribution server used when downloading files to a target machine will be determined by the target machine's IP address. See Assigning IP Addresses to Servers for more details.

Use vendor as backup source: If the designated distribution server is not available, the agent will download the latest engine components and data files from the default websites.

Network

 

Sync with the Protect Cloud: Specifies that the agent will have the option to use Protect Cloud to retrieve the latest agent policy information, enabling it to perform synchronization via the cloud. This check box is only available if your console is registered with Protect Cloud. When you click Save and update Agents, a copy of the agent policy and all necessary components will be written to the Protect Cloud service.

Agent listens for updates on port: Specifies that the agent will listen to the console for policy updates. If an agent's policy is updated, or if it is assigned a different policy, the console will issue a "check in now" command to the agent. The agent will immediately download the new or updated policy from the console. Only agent machines that are online and able to communicate with the console will be able to receive the command.

Port: Specifies the port used by the agent on the target machine when communicating with the Ivanti Patch for Windows console. The default value is 4155.

Internet proxy credentials: If the agent machines must authenticate themselves to a proxy server when accessing the Internet, you must provide the proper credentials to the agents. Select the credential (the domain\username and password pair) used to authenticate the agent to the proxy server. To define a new credential click New.

Only shared credentials are contained in this list. If the credential you are looking for is not listed it probably means it is not defined as a shared credential. See Defining Credentials for information on how to share a credential.

Save and update Agents

Saves all changes to the policy file and stores it on the console. Also updates any agent machines that are currently assigned this policy as follows:

If an agent machine is online and configured to listen for policy updates, the updated policy will be pushed out to that machine immediately.

If an agent machine is online but is not configured to listen for policy updates, the updated policy will be pushed out the next time the agent checks in with the console.

If an agent machine is not currently online, the updated policy will be pushed out the next time the agent checks in with the console.

The Agent Policy Editor will be closed.

Cancel

Indicates you want to exit the Agent Policy Editor without saving your most recent changes. A "Do you want to save your changes?" prompt will appear that gives you a second chance to save your changes. If you click Yes the policy will be saved and the associated agents updated (the same as Save and Update Agents).  If you click No the Agent Policy Editor will be closed without saving your changes.

 


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other