Configuring auto-remediation options
To edit the general deployment options:
1. Launch GFI LanGuard.
2. From the computer tree, right-click a computer/computer group and select Properties.
3. Select the Agent Status tab and from Auto remediation settings, click Change settings...
General auto-remediation settings
4. Select the action to take after receiving scan results from the agent. Click Configure auto-remediation options...
Before deployment options
5. Configure Before Deployment options described below:
| Option | Description |
|---|---|
| Wake up offline computers | Start computers if they are turned off. For more information refer to Configuring Wake-on-LAN on scan targets. |
| Warn user before deployment (show message) | Displays a message on the target machine to warn the user before deploying software. |
| Wait for user’s approval | Wait for user’s approval before deploying software. |
| Messages | Click Messages to select the end-user’s computer language and define the warning message. For more information refer to Configuring auto-remediation messages. |
| Administrative shares | Make a copy of the software on the default network shares. |
| Custom shares | Make a copy of the software in a custom share. Key–in the folder name in the text box. |
| Remember settings | Saves your configured settings and uses them during the next remediation job. |
After deployment options
6. Click After Deployment tab. Configure After Deployment options described below:
| Option | Description |
|---|---|
| Do not reboot/shutdown the computer | Leave scan target(s) turned on after remediating vulnerabilities, even if patches require a reboot to be installed completely. |
| Reboot the target computers only if required | GFI LanGuard reboots a target machine only if at least one patch requires a reboot. If no patches require a reboot, a reboot is not executed. |
| Reboot the target computers | Always reboots computers after remediating vulnerabilities. |
| Shut down the target computers | Target machine will shut down after deploying software. |
| Immediately after deployment | Reboots/shuts down computers immediately after remediating vulnerabilities. |
| At the next occurrence of | Specify the time when the computers reboot/shut down. |
| When between | This option enables you to specify time and day values. If the remediation job is completed between the specified times (start time and end time), the computer(s) will reboot/shut down immediately. Otherwise, the reboot/shut down operation is postponed until the next entrance into the specified time interval. |
| Let the user decide | Click Preview to view a screenshot of the dialog in the user manual. This dialog opens on the end-user’s computer after remediating vulnerabilities. For more information refer to Configuring end-user reboot and shut down options. |
| Show notification before shut down for | Shows a custom message on the end user’s computer for a specified number of minutes before reboot/shut down. |
| Delete copied files from remote computers after deployment |
Deletes the downloaded patches / service packs after they are deployed. |
| Run a patch verification scan after deployment |
Verifies deployed patches, scanning target when the deployment process is complete. NOTE
|
| Remember settings | Saves your configured settings and uses them during the next remediation job. |
7. (Optional) Select Advanced tab. Configure the options described below:
| Option | Description |
|---|---|
| Number of deployment threads |
Specify the maximum number of processing threads allowed to start when deploying software updates. The number of threads determines the number of concurrent deployment operations an agent can handle. |
| Deployment timeout (seconds) |
Specify the time (in seconds) an agent attempts to deploy an update. If the specified time is exceeded, the agent stops the unresponsive deployment and starts a new deployment thread. This feature enables you to stop the process thread so that if an update is taking longer than normal deployment time, the remediation operation continues without jeopardizing the rest. |
| Deploy patches under the following administrative account | Select this option to use a custom administrative account to log and deploy patches on target machines. The account selected must have Log–on as service privilege on the target computers. For more information on how to configure an account with log–on as service privilege, refer to http://go.gfi.com/?pageid=LAN_LogonService.
|
8. Click OK to apply changes.