Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 11930 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Automating Policy Creation

Shmed

I can't find too much online about this, but I have seen one thread on here suggesting that whatI wnt to do is 'not advisable'.

Having said that, I am now intrigued, and want to explore the possibilities anyway.

So, I can see that there is a table dbo.policies, and I can see there is a stored procedure (dbo.policyadd).

I can see that the policy configuration is held in the 'policyXML' column and I can see that there are a number of different XML schemas depending on the PolicyType.

It seems that the stored procedure will create a new Identity Tag if the parameter is passed as blank or null, but it can't handle a blank CorrelationID.

This leads me to believe that there is more to creating a policy than simply adding it into the dbo.policies table.

Assuming that I could create the policies, I would then look to maintain an XML template for each policy type, and 'inject' that into the database when creating the server in the first place to provide simple and consistent builds.

Can someone please dissuade me from my quest by stating that it is simply not possible/supported? And can someone please also satisfy my curiosity by enlightening me as to what I am missing from the puzzle?

Thanks :)

:49894


This thread was automatically locked due to age.
  • 0

    So, just to add more to this:

    I have found a correlationID field in the dbo.computerpolicystates table, but I can't see how this link is created. New policies that I create from within the SEC are created with a CorrelationID enclosed in {}. 

    I can't work out how the CorrelationID is created??

    :49896
  • 0

    So, the CorrelationID GUID is created by the SEC software. I can create a random GUID in Powershell, and pass it to the stored procedure to create the policy. 

    Just need to pass the PolicyXML in and it's job done.....

    :49898
  • 0

    Hello Shmed,

    why do you want to create policies externally? Perhaps you'd rather tackle a programming challenge than perform tedious, deadly dull administrative tasks with a GUI - or perhaps you want to sport a T-shirt flashing I created my policies automatically in a state of grace :smileytongue:

    Apart from the challenge to get the metadata and database relations (and potential related records) right there's also the policies' contents. Figuring out the schema is only a minor part - the real challenge is what has to go into the various tags. Are you thinking of using "template" policies (perhaps more than one for a specific type) for a number installations (e.g. you are a partner/consultant and want to simplify setup at the customer site)? If so, which changes to the default policies do you have in mind or in which way do they fall short?

    Christian

    :49932
  • 0

    Hi Christian, sorry I didn't see that this had any replies....

    Basically, I really dislike performing the same task repeatedly, so was hoping to create an automated deployment method that could be tweaked through a spreadsheet/xml file. The plan was to create the script to import policies based on settings maintained within a spreadsheet. I would then create a macro within the Excel sheet to export the settings to properly formed XML ready for import during depoloyment. This would allow the leg work to be performed from the desktop, then like you say, the deployment task would be menial.

    I actually managed to get a Powershell script to create the policies using a template XML file (harvested from manually creating the policy once).

    I have since decided that the task is probably OTT given the number of policies I actually need to create, and also the risk that the XML structure might change with subsequent releases.

    Cheers :)

    :51120
  • 0

    Thanks. Settings updated :)

    :51204