Create configuration policies and assign them at the Customer, Folder, or Agent levels to ensure compliance across your end-user devices.
This article describes:
To set up your policies, see Set up configuration policies
How configuration policies work
- Admins can create and assign policies to Customers, Folders, and Agents.
- A technician can assign policies to individual Agents only, as long as they have the required permissions for that customer.
- One policy can be assigned per Customer, Folder, or Agent.
- Once created or saved, the policy will be immediately applied to all assigned Customers, Folders, and/or Agents, as per the inheritance and supersession rules explained below.
- If you have disabled 'Windows local updates' within the associated automation profile, the policy will only apply to updates managed via Atera. Otherwise, the policy will apply to all updates.
- To ensure device compliance, the policy will be applied every 12 hours.
- Configuration Policies override the "Reboot if needed" option found in IT Automation profiles. For example, if you have set up a Configuration Policy with "Restart outside of active hours", the agent will reboot only after working hours have ended.
Important note: Configuration policies created in Atera will not override a policy configured by a domain Group Policy Object (GPO).
Policy inheritance and supersession
- Policy inheritance applies at the Folder and Agent levels.
- If assigned at the Customer level, all unassigned Folders and Agents under that customer will inherit the policy.
- If assigned at the Folder level, all unassigned Agents under that Folder will inherit the policy.
- Policies assigned at a Folder level will override any assigned to the parent Customer.
- Policies assigned directly to an Agent will override any assigned to the parent Folder and/or Customer. Policy supersession applies at the Folder and Agent levels for all policies applied at any level above.
- Deleted policies will be removed from all associated Agents without reverting the configurations they had previously set. To revert those configurations, we recommend reverting to device settings within your policy's toggled configuration(s) before deleting the policy.
Note: More configurations coming soon! Have any you'd like to see? Let us know
Windows Update Restarts
Windows Update Restarts are required to ensure that your devices are running the most recent and secure versions of Windows. It's critical to manage these restarts in order to minimize disruption for end users. The following options provide flexibility in scheduling and controlling restarts after Windows updates have been installed:
Revert to device settings
Select this option to apply the Windows default settings to the devices.
Disable auto-restart with logged-on users
Select this option to disable device restarts for any user who is currently logged-on.
Note: The device will not restart if the user logs out after the automation has run.
Restart outside of active hours
Select this option to set the active hours in which devices will not restart.
- The active hours are based on the local system settings.
- Applies to Windows 10, Windows Server 2022, and above.
Restart after the selected time period
Select this option to schedule device restarts anywhere from 15 – 180 minutes after Windows updates are complete.
Note: Applies to Windows 10, Windows Server 2022, and above.
Notify logged-on users before restart
Select this option to send a toast notification to your end users informing them of a pending restart. You can specify how often the notification should be sent (in minutes) until the user restarts the device. You can also force a restart after a specified number of prompts, as well as customize the message that appears in the toast notification.
Troubleshooting for Windows Update Restarts
If your end users are not seeing the toast notification for Windows Update Restarts, it could be due to one of the following reasons:
'Update/Restart required notifications' are turned off
If your end users have disabled the "Update" or "Restart required" notifications in their system settings, they will not receive toast notifications on their devices.
1. Navigate to Settings on the Windows device and click the Update & security icon.
2. Click Windows Update on the left-hand tab.
3. Scroll down on the right-hand side and click Advanced options. The Advanced options menu appears.
4. Toggle on the option for 'Update notifications,' 'Restart required notifications,' or 'Notify me when a restart is required to finish updating', depending on the Windows version you have on your device. This should allow the Atera toast notification to appear when setting up the configuration policy to notify logged-in users before a restart.
Note: The method for enabling notifications for a restart after a system update may vary depending on the version of Windows you are using. If the above method is not applicable for your Windows device, you can try the following: Navigate to Settings > System > Notifications and actions. Scroll down to find 'Restart required' under the 'Notifications from apps and other senders' section. Turn on the toggle switch for 'Restart required.'
Existing group policy (domain or local) settings are blocking toast notifications
If the issue persists even after enabling update notifications, it could be due to group policy settings that are preventing toast notifications from being sent.
1. . Press the Windows key + R to open the Run dialog box. Then type in "gpedit.msc" and press Enter to open the Local Group Policy Editor.
2. Navigate to User Configuration > Administrative Templates > Start Menu and Taskbar > Notifications.
3. Check if the "Turn off toast notifications" policy is enabled. If it is, double-click on it to open its properties.
4. Select "Disabled" or "Not Configured" and click Apply to save the changes.
5. Repeat steps 1-4 for the "Turn off toast notifications on the lock screen" policy.
6. Restart the device and check if toast notifications for Windows Update Restarts now appear.