Deployment Solution

Hi all

I'm after a bit of advice please.

We use Altiris 7.1 Software Packages combined with "Managed Software Delivery" policies to deploy software to computers within certain AD groups. This works well... however we'd like each policy to run a basic "Collect Basic Software Inventory" task at the end to update the software's compliance status in the agent and in the console.

Our Compliance check is set to once per hour during business hours, so that the software will install within an hour of putting the user's PC in the appropriate group on AD. However, Altiris for some reason runs subsequent tasks in the policy wether or not the machine is compliant.

How do I get it to only run subsequent tasks such as our Collect Basic Software Inventory if, and only if the compliance check failed and the software was just installed on the previous task?  I tried putting the software collect task under "Service Packs and Update Tasks", however the agent still runs this task even if the machine is compliant. On machines where they have multiple software items assigned to them, this can result in several copies of the collect software task running once an hour during business hours.

I'm sure I'm probably doing something wrong here, so any advice would be appreciated.

Also while I've got you, what is the best practice with regards to the compliance check schedule of these policies? At present, I set them to between 0900 and 1600, with a check every 1 hour, and repeat daily. Is this overkill? Basically I want software to install asap after putting the computer in the group, and for the software to reinstall automatically fairly quickly if it gets uninstalled for some reason.

Thanks and regards.

There is no results based behaviour like Jobs and Tasks have.

One way to get this to work is to have a second Software Release for each piece of software using the same detection rule but with a run basic inventory as the command. Add this after the main Task in the Managed Software Delivery Policy. When the Compliance check is first done all the rules evaluate first, so the install and inventory Tasks will show as noncompliant and should run in order. On the next compliance check neither should run.

One other option would be to write install.bat files for each install with a Send Basic Inventory command at the end, but this isn't ideal.

I have two schedules for compliance checking, one at 00:00 No repeat and one at 12:10 Repeat Daily. The 00:00 one ensures that the policy runs as soon as applied and the daily one just keeps it in compliance. If the user's messed up their PC they'll just have to wait.

Thanks Andy.

I find it most frustrating that even though the collect inventory task is now under the main task's "Service Packs" section, it still runs each time the compliance check runs, even if the compliance check says Compliant and the detection step says Detected. Very annoying.

Would Altiris continue to install a service pack over and over if it was in this section too?

For now, I'll go with your two compliance check schedules. 00:00 no repeat, and 09:00 daily. Thos inventory scans don't take very long, and I;ve got them set to very low resource usage, so at least they don't bother the user.

Anybody else got any more nuggets of info on this please?

Thanks.

over and over. And reinstall it if there was no detection rule or if the detection failed.

My Process:

First, create the software package through software Catolog, Add, Software Release.  A new window opens and you define the software properties, package and most important; detection rules. Also, in the add package dialogue I let the NS Automaticall generate cmd lines.

When the software is added I do not move it to managed software products.  When an item is in newly discovered / undefined software you can right click on it and under actions create Installed Software Filter and targeted software inventory. These rely on the detection rules that you for the package.

Now in Managed Software Delivery for Applied to I select my filtering rules. This is my filter for pushing Java 6u33.

As long as my detection rules are accurate, this install will not run again.

My software inventory however always runs because that I have not set up to exclude computers in filter "Computers with Java 6u33" yet.

Good idea though for minimising inventory runs, I often use the installed software filter to cut down policies on a client but had thought of it in this context.

Bizarre. A pretty major bug if you ask me. Essentially makes that service packs section of the policy completely useless. Who wants their service pack (or whatever they put there) installed over and over and over.

detection.

This isn't what happens though, and admittedly I could be missing something.

The Task I have placed under "Service Pack and Update Tools" runs each and every time the compliance check runs, wether it's compliant or not. My agent says "Compliant" and the detection check step says "Detected", yet it still runs.

So if it's an inventory task it will run each time. The same way as a service pack detection check will run each time. The only way a service pack install would run each time is if it fails each time or the detection check is faulty or missing.

"The data is updated every time the "Software Discovery" policy runs, or (depending on your version) an inventory task performing "Software" inventory, or you run a targeted inventory for this software component, or you (un-)install the software component using managed delivery."

  The targeted SW inventory uses the detection rules. Then I use the filter to exclude the machine from running the installation again.

https://www-secure.symantec.com/connect/forums/how-do-i-write-filter-using-sql-query-find-installed-applications

You'll have to take a look at the detection rule for the service pack you're having a problem with. As someone else stated it may not be there, its corrupt, or it just plain fails to detect.  After reviewing your detection rule create a targeted software inventory for the service pack and see if its detected on one of your test systems. If not, you need to take a harder look at the detection rule.

http://www.symantec.com/business/support/index?page=content&id=HOWTO59040