What is the difference between a policy action and a regular action?

Hi all …

What is the difference between a policy action and a regular action?

–Mark

a “policy” has no end date, it is still technically an “action”.

2 Likes

A policy is also normally set to reapply so that if the change is reverted, it will be remade.

2 Likes

Policy actions can also be used in some pretty creative ways to dynamically configure your client based on its environment.

With the core protection module, policy actions are used to adjust firewall rule sets depending on the network the client is on. Because it’s a policy action with unlimited re-application, the firewall ruleset changes can just use BigFix.

2 Likes

This brings up a good point.

Make sure you don’t have 2 policy actions that conflict and end up in an infinite loop of reapplication.

1 Like

So basically a policy is created in the exact same way that any action is … what distinguishes this as a policy is that the action has no end date and if applicable, is enforced if it is somehow reverted. Thanks all.

OK, so if I were to schedule a ILMT Software Scan to run every 15 days (the Initiate Software Scan task to be precise), this would be considered a policy?

–Mark

1 Like

I don’t know that “policy action” has a definite and formal definition, so that might fit in, but I would almost consider that to be more of a “scheduled task” rather than a “policy action”. It is a minor distinction, but I normally think of a “policy action” as making a configuration once, and it never runs again unless that configuration is reverted. This is contrasted with something that is expected to run periodically like the ILMT Software Scan. I’m not really sure this distinction is entirely meaningful though.

It is a distinction that is good. There is a re-application period for an action like the scan you mention but a policy action will only re-apply if it goes non relevant and becomes relevant again. A scheduled action will re-run on a set schedule.

1 Like

Oh right, that distinction is important when it comes to the difference between these two things, which do very different things:

OK, thanks all. I was under the misguided conception that here was some difference in the way BigFix treated this, but there really isn’t. I’m good now :smile:

–Mark

Under the covers there isn’t really a difference to the BigFix infrastructure itself. The difference is in the relevance that controls the way that the action is reapplied if able and relevant.

There is something called the Client Compliance API that does work differently, I assume, but in ways I don’t understand at all. It is definitely a blind spot for me in the whole picture of BigFix and what it can do.