This function upgrades a policy to its latest finalized version on the defined hosts, or downgrades a policy to a specified policy version on the defined hosts.
This function has the following format:
policydeploy {-upgrade name | -downgrade name#xx} [-nodelist hnode_list|-ghnode name] [-list] [-dms name]
(Optional) Specifies a comma-separated list of DMS nodes to use. When you deploy or undeploy a policy, these are the DMS nodes to which the action is reported. When you store a policy, these are the DMS nodes where the policy is stored.
If you do not specify DMS nodes with this option, the utility uses the list of DMS nodes specified in the local CA ControlMinder database. To specify a list of DMS nodes in the database, you need to issue the following selang command after you create a new DMS using dmsmgr:
so dms+(new_dms_name)
Note: You need to issue the same command if you did not specify the DMS node during installation, or if you want to replace or add the registered DMS on the endpoint. However, when you specify to create an advanced policy management server during installation, the DMS is added to the database and you do not need to manually run the above command.
Downgrades a policy to the specified policy version on the defined hosts.
Defines the name of the host group for the operation you want to perform.
(Optional) Lists the hosts that have a version of the specified policy deployed, that is not the version specified. If you use -upgrade the implicitly specified version is the latest available.
Defines a comma-separated list of hosts (HNODE objects) that you want to perform the operation for.
Upgrades the specified policy to its latest finalized version on the defined hosts.
Example: Upgrade an IIS 5 Protection Policy
The following example shows you how to upgrade a policy. We will first review the deployment to see which hosts do not have the latest version of this policy deployed.
policydeploy -upgrade IIS5 -list
This lists the hosts that have an older version of the IIS5 policy deployed.
policydeploy -upgrade IIS5
Example: Downgrade an IIS 5 Protection Policy
The following example shows you how to downgrade a policy. We will first review the deployment to see which hosts have a deployed policy that has earlier versions.
policydeploy -downgrade IIS5#3 -list
This lists the hosts that have a version of the IIS5 policy deployed that is later than version 3.
policydeploy -downgrade IIS5#3
Copyright © 2013 CA Technologies.
All rights reserved.
|
|