What is the difference between a policy action and a regular action?

mtrain · January 13, 2016, 10:27pm

Hi all …

–Mark

jgo · January 13, 2016, 10:57pm

a “policy” has no end date, it is still technically an “action”.

jgstew · January 13, 2016, 11:19pm

A policy is also normally set to reapply so that if the change is reverted, it will be remade.

strawgate · January 13, 2016, 11:26pm

Policy actions can also be used in some pretty creative ways to dynamically configure your client based on its environment.

With the core protection module, policy actions are used to adjust firewall rule sets depending on the network the client is on. Because it’s a policy action with unlimited re-application, the firewall ruleset changes can just use BigFix.

jgstew · January 14, 2016, 12:08am

This brings up a good point.

Make sure you don’t have 2 policy actions that conflict and end up in an infinite loop of reapplication.

mtrain · January 14, 2016, 10:48pm

So basically a policy is created in the exact same way that any action is … what distinguishes this as a policy is that the action has no end date and if applicable, is enforced if it is somehow reverted. Thanks all.

OK, so if I were to schedule a ILMT Software Scan to run every 15 days (the Initiate Software Scan task to be precise), this would be considered a policy?

–Mark

jgstew · January 14, 2016, 10:55pm

I don’t know that “policy action” has a definite and formal definition, so that might fit in, but I would almost consider that to be more of a “scheduled task” rather than a “policy action”. It is a minor distinction, but I normally think of a “policy action” as making a configuration once, and it never runs again unless that configuration is reverted. This is contrasted with something that is expected to run periodically like the ILMT Software Scan. I’m not really sure this distinction is entirely meaningful though.

AlanM · January 14, 2016, 11:03pm

It is a distinction that is good. There is a re-application period for an action like the scan you mention but a policy action will only re-apply if it goes non relevant and becomes relevant again. A scheduled action will re-run on a set schedule.

jgstew · January 15, 2016, 12:54am

Oh right, that distinction is important when it comes to the difference between these two things, which do very different things:

mtrain · January 15, 2016, 1:39pm

OK, thanks all. I was under the misguided conception that here was some difference in the way BigFix treated this, but there really isn’t. I’m good now

–Mark

jgstew · January 17, 2016, 7:45pm

Under the covers there isn’t really a difference to the BigFix infrastructure itself. The difference is in the relevance that controls the way that the action is reapplied if able and relevant.

There is something called the Client Compliance API that does work differently, I assume, but in ways I don’t understand at all. It is definitely a blind spot for me in the whole picture of BigFix and what it can do.