Policy replication lets you create an exact replica of an existing policy and execute the replicated policy on another manager. If a policy is marked as read-only, you must uncheck the read-only option in the policy dialog box to make the policy changes.
You must have the Create All Policies rights on the target manager to be able to replicate a policy. If the policy already exists on that manager, the modify policy rights are also required.
The policy version is incremental. When you replicate a policy for the first time, the version of the policy is displayed as 1. You may replicate a policy on the target manager as read-only if you do not want the replications to be modified on any manager.
Note: |
To successfully replicate a policy, the SU version of the source manager and the target manager must be the same. |
You can also replicate policies from a Windows source manager to a UNIX target manager. In such a scenario, you must register the Windows agent to the UNIX manager for a successful policy run. However, if you do not register the Windows agent to the UNIX manager and a policy run fails, the failure is not considered for compliance calculation. The same is true for a 32-bit source manager and a 64-bit target manager, or vice versa.
To replicate a policy
Right-click a policy and click Replicate from the menu that appears.
In the Replicate Policy panel, select the manager from the Available manager(s) list box and click >> to add the manager. The managers that you have selected appear in the Selected manager(s) list box.
To select multiple managers, select a manager and then press the Shift key on your keyboard while you select the other managers.
In the Manager Logon panel, do one of the following:
Check the Use credentials by which manager is connected to the ESM console check box if you want to use the existing credentials.
If you check this option, the Access name and Password fields become unavailable.
In the User name and Password fields, provide the credentials to use when you connect to the manager on which you replicate the policy.
In the Manager Logon panel, click OK, and then in the Replicate Policy panel, click Next.
In the Policy name conflicts section of the Replicate Policy panel, do one of the following:
Click Overwrite the existing policy without backup if you want to overwrite an existing policy on the target manager in case of policy name conflicts.
Click Take a backup to take a backup of the policy on the target manager in case of policy name conflicts.
By default, the Backup file name text box displays the policy name, the policy version, the current datestamp, and the timestamp. You can also manually type the backup file name. You can enter your own backup file name in the text box.
The backup file is stored at C:\Program Files\Symantec Security Manager\Symantec ESM Enterprise Console\Policy Backup\<target manager name>. You do not have an option to save the backup file at a location other than the default location.
Check the Overwrite if a backup file by the same name already exists check box if you want to overwrite a backup file in case of file name conflicts.
If the target manager contains a policy by the same name, then the policy contents are overwritten by the policy that you want to replicate. When you click the Take a backup option, Symantec ESM takes a backup of the existing policy on the target manager. The policy backup files are stored in the <INSTALLDIR>\Policy Backup\<MANAGERNAME>\ folder. If this location contains a backup file by the same name, then you may choose to overwrite the existing backup file. If you do not choose to overwrite the existing backup file, the replication process terminates with a file name conflict error.
In the Template/Word File Name Conflict section, do one of the following:
Click Abort replication to terminate the policy replication process if the template or word files of the policy are already present on the target manager.
Click Preserve old files to continue replication without overwriting the template or word files on the target manager.
Click Overwrite the existing files to overwrite the template or word files of the policy that contains the same name on the target manager.
A message prompt displays the success or failure of the policy replication.
In case of a policy replication failure, you can view the error log from the ESMConsole.log.
To preserve the customized color coding, you should choose to overwrite existing templates on the target manager.