Previous Topic: policydeploy -store Function—Store a PolicyNext Topic: pwextractor Utility—Extract Privileged Account Passwords

Reference GuideUtilitiespolicydeploy Utility—Manage Enterprise Policy Deploymentpolicydeploy -upgrade Function—Upgrade or Downgrade a Policy Version

policydeploy -upgrade Function—Upgrade or Downgrade a Policy Version

This function upgrades a policy to its latest finalized version on the defined hosts, or downgrades a policy to a specified policy version on the defined hosts.

This function has the following format:

policydeploy {-upgrade name | -downgrade name#xx} [-nodelist hnode_list|-ghnode name] [-list] [-dms name]
-dms list

(Optional) Specifies a comma-separated list of DMS nodes to use. When you deploy or undeploy a policy, these are the DMS nodes to which the action is reported. When you store a policy, these are the DMS nodes where the policy is stored.

If you do not specify DMS nodes with this option, the utility uses the list of DMS nodes specified in the local CA ControlMinder database. To specify a list of DMS nodes in the database, you need to issue the following selang command after you create a new DMS using dmsmgr:

so dms+(new_dms_name)

Note: You need to issue the same command if you did not specify the DMS node during installation, or if you want to replace or add the registered DMS on the endpoint. However, when you specify to create an advanced policy management server during installation, the DMS is added to the database and you do not need to manually run the above command.

-downgrade name#xx

Downgrades a policy to the specified policy version on the defined hosts.

-ghnode name

Defines the name of the host group for the operation you want to perform.

-list

(Optional) Lists the hosts that have a version of the specified policy deployed, that is not the version specified. If you use -upgrade the implicitly specified version is the latest available.

-nodelist hnode_list

Defines a comma-separated list of hosts (HNODE objects) that you want to perform the operation for.

-upgrade name

Upgrades the specified policy to its latest finalized version on the defined hosts.

Example: Upgrade an IIS 5 Protection Policy

The following example shows you how to upgrade a policy. We will first review the deployment to see which hosts do not have the latest version of this policy deployed.

  1. In a command prompt window, run the policydeploy utility: 
    policydeploy -upgrade IIS5 -list

    This lists the hosts that have an older version of the IIS5 policy deployed.

  2. Upgrade all of these hosts to the latest version of the policy: 
    policydeploy -upgrade IIS5

Example: Downgrade an IIS 5 Protection Policy

The following example shows you how to downgrade a policy. We will first review the deployment to see which hosts have a deployed policy that has earlier versions.

  1. In a command prompt window, run the policydeploy utility: 
    policydeploy -downgrade IIS5#3 -list

    This lists the hosts that have a version of the IIS5 policy deployed that is later than version 3.

  2. Downgrade all of these hosts to the third version of the policy: 
    policydeploy -downgrade IIS5#3

More information:

Downgrade Assigned Hosts to a Particular Policy Version