About Policy Applicability, Compliance, and Remediation

Managed Software Delivery can intelligently perform the applicability, compliance, and remediation actions that let you not only deliver software but also manage it. These actions ensure that you deliver the correct software to the correct computers and that the software remains in the correct state on the computers.
When you schedule a Managed Software Delivery policy, you can assign different schedules for compliance and remediation. For example, you can schedule the compliance process to occur during the day and the remediation to occur only during a maintenance window.
The compliance process and remediation process in Managed Software Delivery are especially effective when you schedule the policy to run on a recurring basis. The recurring policy ensures that the software remains in the correct state on the client computers.
Applicability, compliance, and remediation actions
Action
Description
Applicability
The applicability check determines whether the client computer has the correct environment for an installation of the software. If the computer does not have the correct environment, the policy execution stops.
Compliance
A compliance check uses the software resource’s unique identifier to determine whether the software is installed on the client computer. For Windows-based software, you can define a detection rule that contains additional information about the software and makes the detection process even more accurate.
The compliance check always checks for the presence of the software on the client computer. The check returns True if the software is installed and False if the software is not installed. The correct state of a software resource can mean that it is installed or that it is not installed. A Managed Software Delivery policy is considered compliant if all the software resources that it contains are in the correct state on the client computer. If the software is not in the correct state, it is considered to be out of compliance.
Remediation
Remediation is the act of fixing any software that is out of compliance on the client computer. The nature of the remediation depends on the command-line action that the Managed Software Delivery policy performs. For example, an installation command runs when the compliance check returns False, and an uninstall command runs when the compliance check returns True.
Examples of how the type of command line determines the remediation action are as follows:
  • Installation command line
    You want to install Symantec AntiVirus 2008 on all managed computers that do not have it installed. You create the Managed Software Delivery policy and select an installation command line. When the policy runs, the compliance check determines whether Symantec AntiVirus 2008 is installed.
    If the software is installed, the check returns True. Because the correct state of the software is to be installed, the software is considered to be compliant and the policy execution stops. If the software is not installed, the check returns False. The software is out of compliance and must be installed.
  • Uninstall command line
    You want to ensure that Solitaire is not installed on any managed computers. You create the Managed Software Delivery policy and select an uninstall command line. When the policy runs, the compliance check determines whether Solitaire is installed.
    If the software is installed, the check returns True. Because the correct state of the software is to be uninstalled, the software is out of compliance and must be uninstalled. If the software is not installed, the check returns False. The software is considered to be compliant and the policy execution stops.