Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 3169 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Differs from Policy Issue

Navar Holmes

I have a number of PCs that are giving "Differs from Policy".

It is only applies to the "Data Control Policy" all others are "Same as Policy".

Why wont these comply?

Now if I do a Comply to all group policies it clears up.
I just find it strange that the PCs just wont do it on their own.

Also found out the "update Computers now don't update policies.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Navar Holmes,

    PCs just wont do it on their own
    endpoints request the policies only after installation when they don't yet have received them (the status shows Awaiting policy from console ...).
    Policy compliance is evaluated on the endpoint by comparing the settings/status reported by the components to the cached policies received from the console. Normally Differs is caused either by a local change or some (sub-)component failure. The compliance-check can't assess the reason for the difference therefore it does not attempt to apply the cached policies or request them from the management server (a local admin who has changed some setting for whatever reason wouldn't be amused if it suddenly reverts). For a Central managed it is different as Central tries to enforce compliance after two hours (Central just does automatically what has to be done manually with SEC).

    Update Computers
    requests an out-of-schedule detection data and software update. It does not transfer the policies. Please note that whenever you change a policy, assign a different policy to a group, or move a computer to another group SEC tries to transfer the policies to the applicable endpoints. If an endpoint can not be reached immediately the message is enqueued and might eventually time out if it can't be sent for a few days.

    Christian

Reply
  • 0

    Hello Navar Holmes,

    PCs just wont do it on their own
    endpoints request the policies only after installation when they don't yet have received them (the status shows Awaiting policy from console ...).
    Policy compliance is evaluated on the endpoint by comparing the settings/status reported by the components to the cached policies received from the console. Normally Differs is caused either by a local change or some (sub-)component failure. The compliance-check can't assess the reason for the difference therefore it does not attempt to apply the cached policies or request them from the management server (a local admin who has changed some setting for whatever reason wouldn't be amused if it suddenly reverts). For a Central managed it is different as Central tries to enforce compliance after two hours (Central just does automatically what has to be done manually with SEC).

    Update Computers
    requests an out-of-schedule detection data and software update. It does not transfer the policies. Please note that whenever you change a policy, assign a different policy to a group, or move a computer to another group SEC tries to transfer the policies to the applicable endpoints. If an endpoint can not be reached immediately the message is enqueued and might eventually time out if it can't be sent for a few days.

    Christian

Children
No Data
Unfiltered HTML