Subscription Level Settings for Patch Management
Learn more about the Bypass Execution Policy, Defer Cloud Agent Scans, and Download Patches from the Internal Repository subscription-level settings in Patch Management.
Super users or users with the patch manager role and users with permission to manage the patch management licenses can configure these subscription-level settings.
Bypass Execution Policy |
Defer Cloud Agent Scans |
Download Patches from the Internal Repository |
Enabling the Bypass Execution Policy
For Windows deployment jobs, you can choose to enable or disable the PowerShell Execution Policy Bypass to override the default policy for Run Script and Install Software pre-actions and post-actions. For more information, see About Pre-Actions and Post-Actions.
Upon overriding the default Policy, the signed and unsigned scripts are executed without showing any warnings or messages.
- Go to Configuration > Setup tab.
- Turn the Bypass Execution Policy toggle On. A confirmation message is displayed. Once you confirm that you want to enable the Bypass Execution policy by clicking Yes, the Bypass Execution policy is enabled.
When the Bypass Execution Policy is enabled, the default policy configured by the administrator is overridden. For more information, see About Execution Policies.
Note:
- The Process, CurrentUser, and LocalMachine execution policy scopes are supported.
- UTF-8 encoded scripts are supported. - Click Apply.
Disabling the Bypass Execution Policy
- Go to Configuration > Setup tab.
- Turn the Bypass Execution Policy toggle Off. A confirmation message is displayed. Once you confirm that you want to disable the Bypass Execution policy by clicking Yes, the Bypass Execution policy is disabled.
- Click Apply.
When the Bypass Execution Policy is disabled, the default policy configured by the administrator is applied. For more information, see About Execution Policies.
Enabling the Defer Cloud Agent Scans
You can enable or disable the Defer Cloud Agent setting to prioritize patch deployment over the cloud agent's other scans if they overlap the ongoing patch deployment.
In the case of Windows deployment or rollback jobs, if the job is running and the VM scan is triggered, it's halted until the job execution is completed on the assets, and then the VM scan resumes.
However, if the VM scan is already running and the Windows deployment or rollback job starts, the job is not prioritized over the VM scan. The job begins after the VM scan is completed.
- Go to Configuration > Setup tab.
- Turn the Defer Cloud Agent Scans toggle On. A confirmation message is displayed. Once you confirm that you want to enable the Defer Cloud Agent Scans by clicking Yes, the Defer Cloud Agent Scans is enabled.
- Click Apply.
Disabling the Defer Cloud Agent Scans
- Go to Configuration > Setup tab.
- Turn the Defer Cloud Agent Scans toggle Off. A confirmation message is displayed. Once you confirm that you want to disable the Defer Cloud Agent Scans by clicking Yes, the Defer Cloud Agent Scans is disabled.
- Click Apply.
Enabling Download Patches from the Internal Repository
At times, it's not possible to open the vendor URLs to download patches due to some constraints, one of which is the Air Gap Network. Also, despite using a proxy configuration like a VPN, it's not possible to download patches from the vendor URLs.
In such cases, you need to enable the Download Patches from the Internal Repository setting to allow cloud agents to download the patches from the internal repository server.
This setting applies only to Windows and Mac platforms.
- Go to the Configuration > Setup tab.
- Turn the Download Patches from the Internal Repository toggle On.
- Enter the name of the internal repository server and the URL in the Name and URL fields, respectively, and click Add.
Note: Irrespective of whether the patch supports single or multiple languages, you can configure one single repository server and URL for all those patches. However, you must ensure that the patches are stored in the respective language-specific folders. For more information, see Configure Internal Server Repository URL.
- Click Apply.
Your internal server associated with the URL is configured. The cloud agent can download patches from the specified URL.
You can choose to download Patches from the configured Internal Repository while creating Windows and Mac deployment jobs.
Good to Know
- You can configure multiple internal repository servers.
- You can edit the URL but can't delete it.
Disabling Download Patches from the Internal Repository
- Go to the Configuration > Setup tab.
- Turn the Download Patches from the Internal Repository toggle Off.
- Click Apply.
Additional Resources
Configure Internal Server Repository URL