Compliance Job - Autoremediation

The Autoremediation panel lets you enable automatic remediation of any compliance rule failures that a Compliance Job discovers.

Some typical uses for autoremediation are:

  • Fixing noncompliance — Each compliance rule definition can specify a BLPackage to deploy if a component fails the rule and remediation is required. When you enable autoremediation, BMC Server Automation automatically collects and deploys the BLPackages needed to correct compliance rule failures. You can select the component templates to automatically remediate.
  • Initial server provisioning — After installing an operating system on a new server, you can install mandatory software by running a Compliance Job. The job compares the new machine to an ideal master. The Compliance Job then automatically deploys the software packages needed to make the new machine match the master.

When you choose to autoremediate Compliance Job results, the remediation jobs start immediately after the Compliance Job completes. The Compliance Job is not considered complete until all remediation jobs complete. If you prefer, you can manually create and deploy the package needed to remediate the results of a Compliance Job. For information, see Manually remediating compliance results.

BMC Recommendations

Before running remediation job against Windows 2008 R2 DC or Windows 2008 DC, please backup the following GPO policy files:
  •  Default Domain security policy located at: \\localhost\SYSVOL\<Domain name>\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf
  •  Default Domain Controller security policy located at: \\localhost\SYSVOL\<Domain name>\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf
      

For more information about remediation jobs and remediation packages, see About remediation packages and remediation jobs.

This panel contains the following fields and screen elements for setting up autoremediation:

Remediate after compliance analysis completes

Enables automatic remediation of compliance rule failures.

Remediation name

A name for the remediation job.
BMC Server Automation generates a default name for the remediation job based on the Compliance Job name, the remediation name, and the date. If the job generates a Batch Job, the name you enter here is also assigned to the Batch Job.

Save package in

The depot folder where you want to store the BLPackages that are generated by the remediation job.

Save remediation/deploy job in

The job group where you want to store any Deploy Jobs (and potentially a Batch Job) that this procedure generates.

Template

A list of component templates for which autoremediation is enabled at the template level (on the General tab of each individual component template). From this list, you can select the component templates to automatically remediate.

Keep each local property name unique in remediation package

Indicates whether the remediation package can include duplicate property names for individual compliance rules that fail.

If you select this option, each property is indexed so that all references to a particular property are retained, even though property names are the same. In addition, the default value for each property is retained.

If you clear this option, property names are left untouched. However, the default value assigned to the property becomes the value of the property for the first failed compliance rule that is merged into the remediation package.

Use servers as remediation target

Indicates whether Deploy Jobs should target the servers (or other devices) associated with the components that are the targets of this Compliance Job. If you clear this option, the Deploy Jobs use the components that are targets of this Compliance Job as the targets for the remediation job.

Where to go from here

Compliance Job - Default Notifications

Was this page helpful? Yes No Submitting... Thank you

Comments