A remote action security policy can contain exceptions, which allow or deny remote automatic actions for specific source and target nodes. These exceptions override your choices on the General tab.
After you the deploy the remote action security policy to a management server, the management server evaluates the remote automatic actions in incoming messages against the exceptions. It evaluates the exceptions in the order that you specify, and applies the first exception that matches. If no exception matches, the management server allows or denies the action according to your choices on the General tab.
Specify source nodes. You can either select specific nodes or node groups, or specify a pattern that matches the names of many nodes or node groups.
To change an existing match string, click it in the list, and then click Edit....
To allow actions if the target node is the same as the node that sent the message, in the Target tab, select the on source node check box.
Normally, if the target node of an automatic-action is the same as the node that is sending the message, the agent runs the action immediately on the node, and the management server receives the action response. However, in some cases the agent does not run the action automatically and the management server is responsible for starting the automatic-action remotely. This can happen, for example, if the action contains variables that the management server must resolve, or if a message passes through the message stream interface on the agent. This check box enables you to allow this type of remote action.
Click Deny to disallow remote automatic actions when the source and target node match the criteria in this exception.
Click Allow to allow remote automatic actions when the source and target node match the criteria in this exception.
Optional. HTTPS agents run policies that the management server secures using certificates. If someone tampers with an policy or the action that it contains, the policy becomes invalid. To allow remote automatic actions from HTTPS agents only, select the Only certified check box. No remote automatic actions from DCE agents are allowed.
Optional. Add further exceptions. To reorder the exceptions, click an exception in the list, and then click Move Up or Move Down.
Related Topics: