This article provides a step by step guide to creating a simple scheduled task in the console. Before executing the steps in this article, it is necessary to have a console, at least one endpoint, and functional communication between the two.
For more information, please refer to these articles:
Scheduled tasks provide the mechanism to automatically launch searches to be conducted by Windows and Mac clients. On Windows and Mac, searches can be executed as the currently logged on user, which provides the end user with access to the client user interface to view search results and perform remediation. Additionally, searches can be executed as the local system account which allows a search to run without requiring or allowing any user interaction.
This article contains the following sections:
- Creating a Policy
- Configuring a Schedule
- Assigning Endpoints
- Configuring Settings
- Additional Resources
To create a new policy, select the Policies button from the ribbon and select Create to display the Policy Wizard. Provide a unique name to identify the policy and an optional description. The select the policy type and click Next. There are three types of policies, System, User Default, and Scheduled Task. For this example, a Scheduled Task policy will be used. Scheduled Task policies define settings that are only used during searches executed according to the scheduled defined within the policy. Once the policy type is selected, it cannot be changed.
When a System policy is assigned to an endpoint a Scheduled Task policy is also assigned to the same endpoint, when the search executes, the settings in the System policy will take precedence over any settings defined in the Scheduled Task policy.
After the policy has been created, it is necessary to specify the endpoints on which to execute the scheduled task. Any combination of endpoints and tags can be specified and the list can be modified at any time. To add an endpoint, select the Endpoint tab of the Policy Wizard and then add check marks next to the endpoints and/or tags to which the policy will apply. To select a single endpoint, expand All Endpoints by clicking the arrow to the left of All Endpoints and then click the checkbox next to the desired endpoint. For this example, select a single Windows endpoint. If no endpoints appear in the list, then the requirements for this article have not been met and it is necessary to return to the overview, view the requirements and the associated documentation, and complete the necessary configuration. Click Finish to create the policy and advance to the next step.
The settings specified in the policy control the behavior of the client only for searches executed according to the schedule specified in the policy. In this example, only a single setting is described and therefore all other settings will either be those specified in a System policy applied to this endpoint or the application default.
To set the values for settings, expand the policy by clicking the arrow to the left of the policy name and click on Settings. The available settings will appear in the right pane and it is possible to navigate to individual settings by clicking the arrows to the left of a settings folder or by using the search box in the toolbar. For this example, the representation Settings\ScheduledTask\ExitOnComplete means to expand Settings, expand ScheduledTask, and then double-click on ExitOnComplete to open the edit setting dialog.
- Exit application upon completion of the search (Settings\ScheduledTask\ExitOnComplete): Set this value to, "Only exit when no results" to leave the user interface open on the endpoint after the search unless there are no results for the search. When scheduling a task to run as the currently logged on user, the default is to always leave the user interface open at the end of the search to allow the user to view the search results and perform any necessary remediation. However, it is often desirable to only display the user interface if there are results for which the user must take action. Note, when scheduling a task to run under the local system account, there is no user interface available so the client will automatically exit when the search when complete regardless of this setting.
The scheduled task specifies when the search will execute, under what user context, and if other instances of Identity Finder should be terminated to run this task. It is possible to specify multiple tasks in a single policy and to specify different task options for each task; however, to create tasks that run with different settings, it is necessary to create multiple Scheduled Task policies.
To create a scheduled task, expand the policy by clicking the arrow to the left of the policy name, click on Scheduled Tasks, and then click the Add Task button on the toolbar of the right pane. In the Add New Task dialog, perform the following steps:
- Provide a unique name for the task in the, "Name:" field.
- Set the task to execute once by selecting the radio button, "One time."
- Set the task to execute today by clicking the calendar icon to the right of, "Start:" and clicking today's date.
- Set the task to execute in 5 minutes by typing the time into the text field to the right of the calendar icon. Use the format, "2:55 PM" (without the quotes).
- Set the task to run under the user context of the currently logged on user by selecting the radio button, "Locally Logged On User."
- Set the task to run as soon as possible if the scheduled start time is missed by checking the box, "Run task as soon as possible after a scheduled start is missed." Enabling this setting will allow the task to run if the policy is received by the client after the scheduled start time, if the machine is off when the task time occurs, or if there is no currently logged on user when the task time occurs.
- Click Add to create the task and close the Add New Task dialog.
Once the policy is applied to the endpoint, the endpoint will execute the policy according to the schedule and configuration options.
Once a policy has been created and assigned to endpoints, the console application must process this policy, make it available to the endpoints, and then the endpoints must download and apply the policy. Depending on a variety of factors including the complexity of the policy, the available system resources, the other processing requests queued on the console and the polling interval on the client, this process can take up to 2 hours.
Because the steps in this article are likely to be performed before any clients are reporting search results to the console, the client will likely have this sample policy within 10 minutes because the default polling interval is set to 5 minutes.
To determine if the endpoint has applied the policy, expand the policy name, click Endpoints, and view the State column. If the value reads, "Applied", then the endpoint has applied the policy. If the value reads, "Never Applied" or "Outdated" for a long period of time (as noted above), there may be a communication issue between the client and the console that requires troubleshooting.
At the scheduled time or as soon as possible thereafter, the task will launch the search on the specified endpoint. If a user is logged onto the system at the time, they will see the client application open, launch the search, and automatically minimize to the system tray. Once the search completes, if there are results, the Search Summary dialog will be displayed. If there were no results, the client will automatically exit as per the ExitOnComplete setting configured in the policy.
This article covered a limited scope to introduce scheduled task functionality. There are additional configuration options covered in other documents and articles: