This function assigns or unassigns the specified policy to one or more hosts or host groups.
This function has the following format:
policydeploy -assign[-] name -hnode|-ghnode list [-dms list]
Assigns the specified policy to one or more hosts or host groups.
Unassigns the specified policy from one or more hosts or host groups.
(Optional) Specifies a comma-separated list of DMS nodes to use. When you deploy or undeploy a policy, these are the DMS nodes to which the action is reported. When you store a policy, these are the DMS nodes where the policy is stored.
If you do not specify DMS nodes with this option, the utility uses the list of DMS nodes specified in the local CA ControlMinder database. To specify a list of DMS nodes in the database, you need to issue the following selang command after you create a new DMS using dmsmgr:
so dms+(new_dms_name)
Note: You need to issue the same command if you did not specify the DMS node during installation, or if you want to replace or add the registered DMS on the endpoint. However, when you specify to create an advanced policy management server during installation, the DMS is added to the database and you do not need to manually run the above command.
Defines a comma-separated list of host groups (GHNODE objects) that you want to assign the policy to.
Defines a comma-separated list of hosts (HNODE objects) that you want to assign the policy to.
Example: Assign an IIS 5 Protection Policy
The following example shows you how to assign a policy for securing Internet Information Services (IIS) 5 web servers. We will review the policy and the latest (fourth) version of policy IIS5 and then assign the policy to a host group called IIS5Servers. Policy IIS5 is stored on the crDMS@cr_host.company.com DMS node.
hosts crDMS@cr_host.company.com
You can now query our DMS via selang.
sr GPOLICY IIS5
The selang window lists the properties of the IIS5 policy, including the Final Policy, which is the latest version of the policy that you can assign (finalized).
sr RULESET IIS5#04
The selang window displays the IIS5#04 RULESET object, including the deployment and undeployment rules that relate to the fourth version of the IIS5 policy.
policydeploy -assign IIS5 -ghnode IIS5Servers
This assigns the IIS5 policy to all hosts in the IIS5Servers logical host group, and in turn deploys the fourth version of the IIS5 policy on these hosts.
Example: Unassign an IIS 5 Protection Policy
The following example shows you how to unassign an assigned IIS 5 policy from the web servers that we assigned it to in the previous example.
In a command prompt window, run the policydeploy utility:
policydeploy -assign- IIS5 -ghnode IIS5Servers
This unassigns the IIS5 policy from all hosts in the IIS5Servers logical host group, and in turn undeploys the version of the IIS5 policy that is deployed on these hosts.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|