Previous Topic: policydeploy -fix Function—Re-execute Deployment TaskNext Topic: policydeploy -join Function—Join or Remove a Host to a Host Group

Reference GuideUtilitiespolicydeploy Utility—Manage Enterprise Policy Deploymentpolicydeploy -getrules Function—View Deployment Scripts

policydeploy -getrules Function—View Deployment Scripts

This function lets you view the selang deployment and undeployment scripts for the specified policy version.

policydeploy -getrules name[#xx] -ds file1 -uds file2 [-dms list]
-dms list

(Optional) Specifies a comma-separated list of DMS nodes to use. When you deploy or undeploy a policy, these are the DMS nodes to which the action is reported. When you store a policy, these are the DMS nodes where the policy is stored.

If you do not specify DMS nodes with this option, the utility uses the list of DMS nodes specified in the local CA ControlMinder database. To specify a list of DMS nodes in the database, you need to issue the following selang command after you create a new DMS using dmsmgr:

so dms+(new_dms_name)

Note: You need to issue the same command if you did not specify the DMS node during installation, or if you want to replace or add the registered DMS on the endpoint. However, when you specify to create an advanced policy management server during installation, the DMS is added to the database and you do not need to manually run the above command.

-ds file1

Specifies the path name of the file containing the deployment rules. These are the commands necessary to construct the policy. When you use the -getrules option, the utility creates this file.

Important! Policy deployment does not support commands that set user passwords. Do not include such commands in your deployment script file. Native selang commands are supported but do not appear in deviation reports.

-getrules name[#xx]

Retrieves the selang deployment and undeployment scripts for the specified policy version. If you do not specify a policy version, the command applies to the latest policy version.

-uds file2

Defines the path name of the file containing the rules required to undeploy the policy. These are the commands necessary to undeploy the policy. When you use the -getrules option, the utility creates this file.

When CA ControlMinder undeploys a policy, if there is no policy undeployment script stored, CA ControlMinder calculates the commands required to remove the policy.

Example: View the Deployment Scripts Associated with an IIS 5 Protection Policy

The following example shows you how to view the selang scripts associated with deploying and undeploying a policy for securing Internet Information Services (IIS) 5 web servers. The name of the policy is myPolicy.

To view the selang scripts, run the following command:

policydeploy -getrules myPolicy -ds c:\folder\deployRules.txt -uds undeployRules.txt

More information:

View the Rules Associated with a Policy