Professional Documents
Culture Documents
The Distribution and Patch agent settings dialog allows you to control how LANDESK Management Suite
installs packages, runs scans, and repairs files.
General settings
On the General settings page, enter a name that will be associated with the settings you specify on all of
the pages in this dialog. This name will appear in the Agent settings list in the console.
Network settings
Use this page to customize how distribution packages will impact your network traffic.
Attempt peer download: Allow packages to download if they are already on a peer in the same
subnet. This will reduce network traffic. For example, if you have several satellite offices, you
could select one device at each office to receive the package over the network. Then, the other
devices at each office would get the package directly from the first device instead of
downloading it from the network.
Attempt preferred server: Allow automatic redirection to the closest package shares. This will
reduce the load on the core server.
Allow source: Download from the core server if the files aren't found on a peer or preferred
server. If the files are not in one of those locations and this option is not selected, the download
will fail.
Use multicast: Uses targeted multicast to send files to multiple devices simultaneously. Enter a
value for the amount of time to wait on each subnet before the download begins.
Bandwidth used from core or preferred server: Specify the percentage of bandwidth to use so
you don't overload the network. You can limit bandwidth by adjusting the maximum percentage
of network bandwidth to use for the distribution. The slider adjusts the priority of this specific
task over other network traffic. The higher the percentage slider is set, the greater the amount
of bandwidth being used by this task over any other traffic. WAN connections are usually slower,
so it is most often recommended to set this slider at a lower percentage.
Bandwidth used peer-to-peer: Specify the percentage of bandwidth to use locally. This value is
typically higher than the bandwidth used from core or preferred server because of physical
proximity.
Send detailed task status: Click to send information about the task to the core server. This
increases network traffic, so if you select this option to help troubleshoot a particular issue, you
may want to clear it once you resolve the issue.
Use the Policy sync schedule page to specify when the client will check the core to see if there are
any packages available for download.
Policy sync schedule
o Event-driven
When user logs in: Click to run policy sync once a user has logged in.
When IP address changes: Click to run policy sync when the IP address
changes.
Max random delay: Specify an amount of time to delay the scan in
order to avoid downloading the package on all of the devices at the
same time, which could flood the network.
o Schedule-driven
Use recurring schedule: Click to only download distribution packages during
a specified time frame. The default is to check once a day.
Change settings...: Click to open the Local scheduler command dialog, where
you can create a different schedule.
Notification
Use the Notification page to specify what information to display to the user and what actions the user
can take.
User message
Use this page to create a custom message that the user will see if you select Notify user before
downloading or Notify user before installing/removing on the Notification page.
Distribution-only settings
Use this page to specify what to show the user and how long to defer an installation. These options are
dependent on the settings you select on the Notification page. You can also use the Distribution only
settings page to select the location for virtualized applications.
Feedback
o Display full package interface: Click to show the user everything that the installation
displays. This option is for power users only.
o Show successful or failed status to end user: Click to only show the user the outcome of
the installation.
Defer until next logon: Click to allow users to postpone the installation until the next time they
log on to the device.
o Defer for a specific amount of time: Specify the maximum amount of time the user can
defer the installation.
Limit number of user deferrals: Click to enter a maximum number of times
the user can defer the installation.
Select the location to store LANDESK virtualized applications
o Client Destination: Click to install the package in a new environment instead of installing
the package on the device.
Enable LDAP group targeting: Click to target your distribution to the groups that you have set up
on your Microsoft domain instead of targeting devices and user names from LANDESK.
Allow LDAP resolution via CSA: Click to target your distribution to objects in your Microsoft
Domain while going through the Cloud Service Appliance.
Offline
Use this page to specify what to do if a managed device can't contact the core server during a package
installation.
Wait until the device can contact the managed core server: Click to stop the installation until the
device is able to contact the core server.
Install the package(s) offline: Click to create a scheduled task that downloads the files onto the
device but doesn't install them.
Logged off user options
Use this page to specify whether to install if the user is logged off a device.
Download options
Use the Download options page to specify whether a client should download the patch and then install
it or run the installation from the server.
Run from source: Click to install the patch from the preferred server or the core. This option is
useful if the client machine does not have enough memory to download the patch.
Download and execute: Click to download the patch to the client and then install it. This option
reduces the load on the server.
Patch-only settings
Use the Patch-only settings page to select reboot and alternate core options when scanning, repairing,
and downloading files.
Do not disturb
Use this page to specify mission-critical processes so that a scan will not occur if those processes are
running. For example, to ensure that the scanner will not run during a presentation, you could apply the
filter so that a reboot could occur with PowerPoint open but not if PowerPoint was running full screen.
Scan options
Use this page to specify whether the security scanner will scan by group or by type of vulnerability.
Scan for
o Group: Select a custom, preconfigured group from the drop-down list.
Immediately repair all detected items: Indicates that any security risk identified
by this particular group scan will be automatically remediated.
o Type: Specifies which content types you want to scan for with this scan task. You can select
only those content types for which you have a LANDESK Security Suite content
subscription. Also, the actual security definitions that are scanned for depends on the
contents of the Scan group in the Patch and Compliance window. In other words, if you
select vulnerabilities and security threats in this dialog box, only those vulnerabilities and
security threats currently residing in their respective Scan groups will be scanned for.
Enable autofix: Indicates that the security scanner will automatically deploy and install the
necessary associated patch files for any vulnerabilities or custom definitions it detects on
scanned devices. This option applies to security scan tasks only. In order for autofix to work, the
definition must also have autofix enabled.
Schedule
Use this page to specify the time frame during which the security scanner will run as a scheduled task.
After you select the settings, this page displays a summary of the schedule.
Event-driven
o When user logs in: Click to scan and repair definitions once a user has logged in.
Max random delay: Specify an amount of time to delay the scan in order to
avoid simultaneously scanning all of the devices, which could flood the network.
Schedule-driven
o Use recurring schedule: Click to only scan and repair definitions during a specified time
frame.
o Change settings...: Opens the Local scheduler command dialog box where you can define
the parameters for the security scan. This dialog box is shared by several LANDESK
management tasks. Click the Help button for details.
Frequent scan
Use this page to enable the agent to check definitions in a specific group more frequently than usual.
This is helpful when you have a virus outbreak or other time-sensitive patch that needs to be distributed
as soon as possible. For example, you may want a client to scan every 30 minutes and at every login for
a specific group that may contain critical vulnerabilities. The frequent scan is optional.
Enable high frequency scan and repair definitions for the following group: Enables the frequent
security scan features. Once you've checked this option, you need to select a custom group from
the drop-down list.
Immediately install (repair) all applicable items: Click to enable the agent to install a patch if it locates
one in the folder that you specify.
Schedule
o Event-driven
When user logs in: Click to scan and repair definitions once a user has logged in.
Max random delay: Specify an amount of time to delay the scan in order to
avoid simultaneously scanning all of the devices, which could flood the
network.
o Schedule-driven
Use recurring schedule: Click to only scan and repair definitions during a
specified time frame.
Change settings...: Opens the Local scheduler command dialog box where you
can define the parameters for the security scan. This dialog box is shared by
several LANDESK management tasks. Click the Help button for details.
Override settings: From the drop-down box, select the settings that you wish to override with
the settings that you specify in the Distribution and Patch dialog.
o Edit...: Click to open the Distribution and Patch settings dialog for that particular setting.
o Configure: Click to open the Configure distribution and patch settings dialog. For more
information, click Help.
Pilot configuration
Use the Pilot configuration page to test security definitions on a small group before performing a wider
deployment on your entire network. For example, you may wish to install a new Microsoft patch on the
devices in only the IT group to make sure that it doesn't cause any issues before it goes out to everyone
in the organization. Using a pilot group is optional.
Periodically scan and repair definitions in the following group: Enables the pilot security scan
features. Once you've checked this option, you need to select a custom group from the drop-
down list.
Schedule
o Event-driven
When user logs in: Click to scan and repair definitions once a user has logged in.
Max random delay: Specify an amount of time to delay the scan in order
to avoid simultaneously scanning all of the devices, which could flood
the network.
Schedule-driven
o Use recurring schedule: Click to only scan and repair definitions during a specified time
frame.
o Change settings...: Opens the Local scheduler command dialog box where you can define
the parameters for the security scan. This dialog box is shared by several LANDESK
management tasks. Click the Help button for details.
Install/remove options
Use the Install/remove options to specify what the agent should do once it determines the need for a
patch
Reboot is already pending: Click this option if you want to start a patch installation regardless of
whether the device has requested a reboot.