Accepted Solutions
Theoretically, yes.
Here are two ways to accomplish this, first is to run the installer from the download server. Create an Application Condition at Policy > Policy Elements > Conditions > Application Condition. This is where you choose the Application you would like to ensure is installed.
Create the Remediation Action that takes place if the Application is not installed at Policy > Policy Elements > Results > Launch Program Remediation. Point this to the installer source on your download server.
Create the Posture Requirement at Policy > Policy Elements > Results > Requirements
Add the rule to your Posture Policy at Policy > Posture
The other option is the two step option that you mentioned.
Create a File Condition at Policy > Policy Elements > Conditions > File Condition to check if the installer file exists.
Then go to Policy > Policy Elements > Conditions > Application Condition and create the check for the installation of the application.
From here, we will create both Remediation Actions. Go to Policy > Policy Elements > Results > File Remediations and upload the file to be downloaded to your client. This file will reside on ISE.
Next, go to Policy > Policy Elements > Results > Launch Program Remediations and reference the local installer for your application.
Create your Requirements at Policy > Policy Elements > Results > Requirements
Add to your Posture Policy. Remember, the rules are run from the top down, so you want to check if the downloaded file exists prior to checking if the application is installed.
Now, having said all that, I did not go into detail as to the permissions/ACLs/access you will need to accomplish these tasks. One of the biggest things to remember is that the client MUST have permissions to install applications or this will not work.
Theoretically, yes.
Here are two ways to accomplish this, first is to run the installer from the download server. Create an Application Condition at Policy > Policy Elements > Conditions > Application Condition. This is where you choose the Application you would like to ensure is installed.
Create the Remediation Action that takes place if the Application is not installed at Policy > Policy Elements > Results > Launch Program Remediation. Point this to the installer source on your download server.
Create the Posture Requirement at Policy > Policy Elements > Results > Requirements
Add the rule to your Posture Policy at Policy > Posture
The other option is the two step option that you mentioned.
Create a File Condition at Policy > Policy Elements > Conditions > File Condition to check if the installer file exists.
Then go to Policy > Policy Elements > Conditions > Application Condition and create the check for the installation of the application.
From here, we will create both Remediation Actions. Go to Policy > Policy Elements > Results > File Remediations and upload the file to be downloaded to your client. This file will reside on ISE.
Next, go to Policy > Policy Elements > Results > Launch Program Remediations and reference the local installer for your application.
Create your Requirements at Policy > Policy Elements > Results > Requirements
Add to your Posture Policy. Remember, the rules are run from the top down, so you want to check if the downloaded file exists prior to checking if the application is installed.
Now, having said all that, I did not go into detail as to the permissions/ACLs/access you will need to accomplish these tasks. One of the biggest things to remember is that the client MUST have permissions to install applications or this will not work.
