In this article, you will learn everything you need to know about the settings you can perform on the HEIMDAL client-side products from the HEIMDAL Dashboard -> Endpoint Settings. To go to the Endpoint Settings, you have to log in to the HEIMDAL Dashboard, click the Endpoint Settings button (top-right corner), and select a Group Policy.
1. Endpoint Settings
2. General
3. Patch & Assets
ENDPOINT SETTINGS
In the Endpoint Settings, you have a section dedicated to Linux endpoints where you can create and manage Group Policies that are applied to the endpoints inside your organization. In the Linux GP tab, you can see all the Group Policies, you can edit their priorities according to your needs (by using drag & drop), you can enable/disable them or you can duplicate them.
Reseller Master GP Distribution
Reseller Master GP Distribution is a feature that allows resellers to deploy a Reseller Group Policy to all the customers that have selected to opt-in to the Reseller Master GP. The Reseller Master GP Distribution feature can be activated only from the Reseller account and enables the Opt-in Reseller Master GP functionality on the reseller's customers. A reseller can create one or multiple Reseller GPs.
Opt-in Reseller Master GP allows the customer (or the reseller) to apply the Group Policy settings configured by the Reseller in the Reseller Master GP. This GP cannot be edited or disabled by an Enterprise customer, but its priority can be changed in the Group Policy list.
The Download button allows you to download an Excel file with all the Group Policies and the settings in each Group Policy.
GENERAL
In the General tab, you can configure Group Policy settings that refer to GP assigning, check intervals, thresholds, and other additional settings.n
Policy Name - set the name of the Group Policy;
Priority - shows you the priority of the Group Policy in the Group Policy list. It can be set by using Drag and Drop in the GP list;
Policy check interval - sets the Group Policy check interval that is automatically performed by the HEIMDAL Agent to communicate with the HEIMDAL Dashboard and servers. The default time for the Policy check interval is 180 min ;
Licensing check interval - sets the HEIMDAL license check interval that is automatically performed by the HEIMDAL Agent;
Proxy Settings
This feature is designed to allow the HEIMDAL Agent to communicate with the HEIMDAL Dashboard if the endpoint(s) is/are placed behind a Proxy Server. It allows you to specify the proxy settings by adding the needed information in the displayed fields.
Proxy Settings - the user needs to manually add the Proxy information for the Host, Port, Domain, Username, and Password;
Additional Settings
Include in Release Candidate Program - enforces the update of the HEIMDAL Agent to the latest HEIMDAL Release Candidate (Beta) version available on the HEIMDAL Servers;
PATCH & ASSETS
3RD PARTY SOFTWARE
The Patch & Asset Management - 3rd Party Software module allows the user(s) to install or update a specific 3rd Party Application from the list of applications managed by HEIMDAL Security.
3rd Party Software - turn ON/OFF the 3rd Party Software module;
General Settings
Infinity Management - turn on/off the Infinity Management module to deploy your own 3rd Party Applications/Patches from the stand-alone patch management system. The patches can be configured in the Infinity Management module and applied to any Group Policy;
Keep all applications up-to-date - all current and future 3rd Party Applications that are included in our 3rd Party Software list will be added to automatic update;
Update non-Heimdal supported packages - allows you to update non-Heimdal packages installed on the endpoint.
Manage Applications
Show only Infinity Management applications - displays the 3rd Party Applications added in Infinity Management only;
Install - enable the selected 3rd Party Application(s) to be installed on the endpoint(s) if it is not already installed. If the 3rd Party Application is already installed, it will not do anything;
Update - enable the automatic update of the selected 3rd Party Application(s);
Check interval - allows you to set the time interval when the HEIMDAL Agent checks for newly available patches;
Patching Schedule - allows you to set a scheduler for the 3rd Party Application patching module;
- You can select one or more days in a week when Heimdal™ Patch & Assets can install the 3rd Party Application(s)/Patches;
- You can select one or more days in a month when Heimdal™ Patch & Assets can install the 3rd Party Application(s)/Patches;
- You can also select a specific interval of any day to exclude the 3rd Party Application patching.
Applications Blocklist
This feature allows you to uninstall a specific 3rd Party Application(s) to restrict the usage of unwanted applications or to get applications removed from all machines that are applying the current Group Policy. This feature removes most of the applications that Patch & Asset Management is monitoring and also uninstalls other 3rd Party Applications that are present on the endpoints but not managed by Patch & Asset Management module.
To uninstall a 3rd Party Application you need to specify the name of the application.
- the example below targets all packages used by the VLC Media Player;
- the HEIMDAL Agent will uninstall the following packages: aVLCb, aVLC, VLCb;
- using the Starts with option will remove any package named: VLC, VLCb.
Example:
- If you want to uninstall a 3rd Party Application that is in the 3rd Party Software list, you need to make sure that the tickboxes for Install and Update are unticked in order to be able to add the 3rd Party Application in the Application Blocklist.
OPERATING SYSTEM UPDATES
The Patch & Asset Management - Operating System Updates module allows the HEIMDAL Dashboard Administrator(s) to view, download and deploy available Operating System Updates that are specific to any endpoint in your environment. Patch & Assets allows you to select to suppress the reboot of the endpoints after completing the Operating System Updates installation or to schedule when the endpoints will reboot (to complete the installation of the Operating System Update).
Operating System Updates - turn ON/OFF the Operating System Updates product. The System Updates and Security Updates can be deployed by the module. Other updates can be deployed using the Infinity Management module.
OS Vulnerability reporting only - will only display the updates available for the endpoints in your environment without applying them. This option is enabled by default for new Group Policies.
General Settings
Suppress and install everything - allows you to enable/disable the automatic download and installation of all the available Linux Updates (those that require a reboot the complete the installation process and also those that do not require a reboot);
Installation by category - allows you to enable/disable the automatic download and installation of specified Linux Updates categories. Categories can be selected from the drop-down menu:
Check interval - allows you to set the time interval when the HEIMDAL Agent checks for new available Linux Updates:
OS Schedule - allows you to configure the deployment of the available Linux Updates by selecting a day/multiple days during the week or during the month (and a timeframe that applies to the selected day(s)). Choosing a week of the month will make the HEIMDAL Agent will apply the same functionality for all selected days of the week. The scheduler can be made Active during the time selection or Inactive during the time selection:
Copy changes to other policies
Pressing the Update GP button displays a pop-up message that allows you to save the changes to the current Group Policy, specific Group Policies or all Group Policies.
Current Group Policy - saves the changes to the current Group Policy;
Specific Group Policies - allows you to select the Group Policies where the new settings should be applied to;
All Group Policies - allows you to apply the new settings to all of the Group Policies.
Corner cases
- Schedulers - changing an existing scheduler in the Group Policy and copying the changes to another Group Policy or multiple Group Policies will not work if the module is disabled (if the change doesn't also enable the module).
Example: GP1 has the 3rd Party Software enabled and you change the time interval in the Patching Scheduler. In this case, copying the new Patching Scheduler settings to GP2 will not be possible if 3rd Party Software is disabled in GP2; - Schedulers - changing an existing scheduler and copying the changes to another Group Policy or multiple Group Policies that don't use a scheduler will not work/apply;
- Patch & Assets -> 3rd Party Software - copying changes for regular 3rd Party Applications work, however, the changes that affect 3rd Party Applications that are added to Infinity Management are NOT copied if the Infinity Management option is disabled (and it does not enable Infinity Management);