Example procedure for remediating compliance
The following example describes a simple procedure for remediating compliance failures.
For additional, more complex, remediation examples, see the following topics:
- How to pass local parameter values to a compliance remediation package
- How to use Compliance with site-specific values
To remediate compliance
- In the hierarchical display of job results, choose the item to remediate:
- To remediate individual servers, right-click the server in the Server view and select Remediate.
- To remediate one failed check on an individual server, right-click the check in the Server view and select Remediate.
- To remediate an individual check across all servers, right-click the check in the Rules view and select Remediate.
- To remediate all noncompliant checks across all servers, right-click Server View and select Remediate.
- To remediate individual servers, right-click the server in the Server view and select Remediate.
- In the Remediate Job Result dialog box, enter the following information, and then click OK:
- Name for the remediation package
- Location in the Depot workspace to save the package
- Location in your Jobs workspace to save the remediation/deploy job
- Whether or not you want to
- Keep each local property name unique in the remediation package
Use servers as the remediation target
In this example, one failed check on an individual server is selected for remediation: the check for permissions of the at.exe file on the vs-tmp-w2003 server.
The remediation package is created in the Depot and the Remediation Job is open for editing.
- You have the option to override any default Job behaviors:
- On the General tab, you can change the autogenerated name of the Job or choose a different location to save it.
- On the Targets tab, you can change the selection of targets.
- On the Job Options tab, you can change the logging level.
- On the Phase Options tab, you request simulation and set rollback features. For more information about these options, see Creating and modifying Software and BLPackage Deploy Jobs.
- On the General tab, you can change the autogenerated name of the Job or choose a different location to save it.
- Press OK.
You can now view the newly created depot package and job.
- To run the new job, right-click the job and select Execute.
The job is displayed in the Tasks in Progress view. - After the job has completed executing, right-click the job and select Show Results.
The job run status is displayed. You can track the job as it passes through the Simulate, Stage, and Commit phases.
- Rerun the compliance analysis and verify that the remediated check is compliant.
Was this page helpful? Yes No
Submitting...
Thank you
Comments
Log in or register to comment.