PM10 Reset policy to default

How do I reset my policy to default in PM10?

I recently upgraded to PM10. In doing so I managed to lose my PM domain structure so I imported my structure from active directory instead. I thought that this would also mean that my policy settings would be reset, but apparently this is not true.

After the upgrade, when I run polutil dump policy.txt on one of the old clients (FSAV7) I can see that the dumped policy contains settings specific to the clients original pre-upgrade policy. However, the settings are not actually applied to the client.

I just want to start afresh.

Find more posts tagged with

Comments

MJ-perComp

Hi,

if you started from scratch, imported the old admin keys and imported the structure from AD you get an empty structure with no hosts. The settings are inherited from root.

The old clients already have a valid policy so they just continue to use it and try to get a new one from the PM. Prerequisite to this is, that the new PM is using the SAME Admin-keys that were used when the host got installed.

The old host do not know anything about their location in the domain structure. When they connect to a PM they ask for a new policy (or will send an autoregistartion request and/or a status depending on the version). From this information the PM determines where to put the host, if you have advised it to autoimport a host. PM will automatically generate a valid policy for this host.

Now at which point does your setup NOT work?

Does a new host get a policy?

Do the old hosts reject the policy?

anything logfile.log?

APe

I said i imported my AD STRUCTURE into PM after my exisitng STRUCTURE was lost, and from that you derived that I somehow thought that PM settings were somehow stored in AD??? Wow.

The old structure no longer exists. But when I manually moved my clients into the new PM Domain structures, which are now a quasi-representation of my AD OU's and completely different to the previous PM domain structure, i would have thought that the existing clients would become disjoint from previously applied PM domain policies. This does not appear to be the case as I pointed out they still recieved settings which no longer exist in any managable domain policy element.

And I'm sorry, are you telling F-Secure customers not to whine? Exactly who the heck are you?

MJ-perComp

Hi,

the current AD import creates a domain structure and autoimport rules. A host that get installed for the first time will automatically be sorted into that.

All hosts communicate with the PM using a UID (GUID from9.1), but that is unknown in the AD. That is why from there you can not recover your structure completely and also the AD does not know the settings.

@Dmitriy: CS 7 is no longer supported (by means of if you have trouble do not whine), nevertheless there should not be any problems managing them. Nevertheless upgrading to 9.11 would be my recommendation as well!

APe

Thanks Dmitriy, I wasn't aware of that. I'm upgrading the clients to FSAV9.10 so that should resolve the issue.

And thanks to you MJ-perComp for your policy reset procedure and your condescension, although you could perhaps allude to what you believe the misconception is???

Dmitriy

@APe wrote:

After the upgrade, when I run polutil dump policy.txt on one of the old clients (FSAV7) I can see that the dumped policy contains settings specific to the clients original pre-upgrade policy. However, the settings are not actually applied to the client.

If you really have FSAV7 clients, please note that PM10 only supports 8-series products and newer.

MJ-perComp

Hi,

seems you donot only face a problem with your PM but also have a total misunderstanding in the conception.

Anyway...

copy the old Commdir, Admin.pub and admin.prv to a safe place

uninstall PM10

then remove(or rename) "%F-Secure%\Management Server 5"-Folder

reinstall PM10, when asked if you want to use an existing commdir point to the backup you took before.