Policies (with Policy Inheritance)

Policies are templates for Asset settings that you can use to set preferences, customize upgrades, or change settings in bulk. This feature also makes adding new Assets easy. You can create a Policy and specify your Asset settings, then simply apply that Policy to Assets as you see fit. Then you can modify changes to the Policy and it will change the settings of all related Assets in bulk.

Table of Contents

• Getting Started
  • Add a Policy
  • Edit a Policy
• Policy Categories
  • Antivirus
    • Disable Antivirus
    • Bitdefender
    • Emsisoft
    • Webroot
  • Backups
  • Miscellaneous
    • Device Language
    • Device Uninstall Code
  • Monitors
    • Alerts
    • Drive Monitoring
    • Event Logs
    • Offline Alerts
    • Processes & Services
    • Resource Usage
  • Remote Access
    • Syncro Remote Access
    • ScreenConnect (BYO)
  • Scripting
    • Script Schedules
    • Setup Scripts
  • System Tray
  • Third-Party Updates
  • Windows Updates
• Policy Modules
  • Asset RMM Policies
  • Agent Contact Forms
  • Third Party Patch Management
    • Add or Edit a TPPM Policy
  • Event Log Monitoring
  • Process & Service Monitoring
  • Windows Updates
• Assigning Policies to Assets

 

Getting Started

You can access Polices a few different ways.

• Click the Policies tab (it may be under the More tab).
• Click the Assets & RMM tab, then in the upper right, click View > Policies.
• Go to Admin > RMM Settings - Policies.

This brings you to the Policies page that lists all your policies. Here is what each thing does.

1. Add a new Policy.
2. Bulk assign a policy to customers at their top level folder—either all of them, or just the ones without a policy in their top level folder.
3. Access the various Policy Modules.
4. Click a name to edit the Policy. Syncro includes four example policies. Feel free to modify or delete them.
5. Creates a copy of the policy and prepends "Copy of" to its name. Feel free to change its name, make other changes, then click Save Policy.
6. Deletes the Policy. Be careful because it immediately deletes the Policy once you click it.

 

Add a Policy

1. Click a Policy name to edit it, or in the upper right click New Policy to add a new one.
2. Once the New Policy screen appears, enter a Name.
   
3. In the left menu, click a Category you want to add to the Policy.
4. Click the dropdown that appears and select the desired Section.
5. Configure the items in the section. Note that there are three states for items (similar to Windows Local Group Policy Editor, with states of Enabled, Disabled, or Not Configured).
   1. Enabled — Those Items in the Section with a checkbox enabled or value entered. This will override any of the same disabled Items in parent policies.
   2. Disabled — Those Items with a checkbox disabled or blank value. This will override any of the same enabled Items in parent policies.
   3. Ignored — Sections that have not been added to the Category (that is, those items still listed in the Section dropdown, #4 above) are treated like they do not exist. If any parent policy above this one has a certain Section with Items enabled or disabled, assets in this policy will inherit whatever those are.
6. If you didn't mean to add the Section, click the X in its upper right.
7. Repeat to add more Categories and Sections. As you do, in the left column you will see the number after the Category increase.
8. Once you have added all desired Items to the Policy, in the upper right click Save Policy.

After adding a policy, you can assign it to Customer Assets.

 

Edit a Policy

When you edit an existing policy, it defaults to the Policy Overview that lists only those Sections that have been explicitly added or disabled. All Assets attached to a Policy will also change their settings to match it automatically.

1. Policy Name at the top.
2. On the left is a navigation panel to access specific policy Categories, with a number in parenthesis indicating the number of Sections enabled/disabled for that Category. Click one to access it. Policy Overview is a read-only view of exactly what this policy does.
3. Once you click a Category in the left (other than Policy Overview), you can then change the Sections and Items in it.
4. After making any changes, in the upper right click Save Policy.
5. You can then click Back to Policies to return to the Policies page.

---

 

Policy Categories

1. Once you click a policy Category in the left nav, there is a dropdown at the top that lets you add Sections not already activated, unless they all have been activated, in which case the dropdown will not be shown.
2. For those Sections already activated, there is an X in the upper right of each to delete them.
3. If a policy Item is checked in a parent folder, an unchecked box in the current policy is considered disabled by Syncro, effectively overriding the same policy Item in any parent policy above it. A policy Item is ignored only if it has not been added to a policy at all, or if it only exists in the current policy and nowhere above it.
   
   If a feature is enabled, same thing—it will override any parent feature above it that is disabled.

These are all the categories you can add/modify on a policy.

 

Antivirus

You can only select one option from the dropdown.

Disable Antivirus

Explicitly disable AV for this policy.

Bitdefender

See our Bitdefender Gravity Zone Integration article. Click the here link to enable it.

Emsisoft

See our Emsisoft Integration article.

Webroot

See our Webroot Integration article. Click the your Settings link to enable it.

 

Backups

If you see To enable Syncro Backups on this account click here, go ahead and do that. However, if you are currently a trial Syncro user, Backups are not available until you become a paying customer.

Once you select Syncro Backups from the dropdown, you will see a message that "This will deploy Syncro Backups to assets assigned this policy. You will be charged at a rate of $5 per asset." Click Close.

The Enable Syncro Backups checkbox is enabled, which of course you can uncheck to explicitly disable for this policy.

See Syncro Backups for more info.

 

Miscellaneous

Device Language

Set the language for the supported device.

Device Uninstall Code

You can require a 4-digit Uninstall Code for end-users to enter to uninstall Syncro from the control panel. This helps ensure your customers are unable to uninstall the Syncro agent unless you want them to. Just check the box and type in your desired code. It must be comprised of integers only, no longer than four digits.

With this enabled, your customers will see a prompt similar to this with your company's branding when they try to uninstall Syncro from the control panel:

If you uncheck Require a code to uninstall the Syncro Agent, it will override any parent policies that require the code. With this setting disabled, your customers will be able to uninstall whenever they would like.

You can always uninstall the Syncro Agent by deleting the asset in Syncro, regardless if an uninstall code is enabled on the device.

 

Monitors

Under Add a Monitor, click the Select dropdown and select one or more of the following, then configure them.

• Alerts
• Drive Monitoring
• Event Logs
• Offline Alerts
• Processes & Services
• Resource Usage

Alerts

Click the Add Trigger dropdown to add as many triggers as you like, which display alerts when an agent syncs, then check/uncheck the Alert and Auto-Resolve checkboxes as desired. Click the red X to delete any triggers.

The following triggers are available:

• Antivirus Installed
• Application Crashes
• Device Manager Issues
• Firewall Enabled
• HD SMART Failure
• HDD Fragmentation
• Recent Blue Screen

When Auto-Resolve is enabled (only available for select triggers) and an alert fires off, the system will automatically resolve the alert once whatever triggered it is fixed. The Alert will still show in the Device Activity for historical purposes.

Drive Monitoring

This sets the thresholds for low storage alerts on one or more drives. Any number of drives can be simultaneously monitored by free space in GB, or as a percentage.

1. Alert for Low Hard Drive Space is turned on by default.
2. If desired, turn on Auto-resolve Low Hard Drive Space alert.
3. Select a drive letter A-Z, System Drive (has the OS on it), or All Other Drives (will monitor the other drives where the OS is NOT present).
4. Enter a number and select if the number represents GB or %.

Drives listed here that do not exist on any given asset will be ignored.

Drives not implicitly listed here will not alert for low storage space.

Monitors added at the current level do not override those in parent levels, rather, they add to them. For example, if you add a monitor for the D drive at the current level and one of the parent levels has a C drive monitor, then assets at the current level and below will monitor both the C and D drives.

Highly Recommended: Get notified when something is Auto-Resolved by adding a Notification Center rule - RMM Alert - was auto-resolved.

Event Logs

Click the dropdown and select one or more event log alerts.

The following presets are available:

• Preset - Hard Drive Monitoring
• Preset - Server Network Services
• Preset - Windows Backup
• Preset - Exchange Server
• Preset - Battery Backup (UPS)

To add more or edit the existing alerts, save your current policy if needed, then in the upper right, click Policy Modules > Event Log Monitoring.

Offline Alerts

This will notify you if the Agent has been offline for the number of minutes entered. The Re-arm after tells the system to notify you again after a certain amount of minutes entered. Note: Leaving the fields blank makes them disabled.

Processes & Services

Process and Service Monitors allow you to manage alerts and automation around starting, stopping, and running Processes and Services. You will first need to create some Process and Service Monitoring Policies, then click Add Monitor and select one from the dropdown.

Resource Usage

Allow you to set monitoring for CPU and Memory usage over a certain percentage for an average period of time. Pick one or both from the dropdown, then enter the percentage and for how long.

The Resource Usage alerts will include the highest processes that triggered the alert so you know what is contributing to that alert.

 

Remote Access

Syncro Remote Access

This is for using Splashtop to remotely access assets.

Enable And Deploy Splashtop For Assets On This Policy: When enabled, this will deploy and install Splashtop on the devices in the policy when enabled. Disable this if you do not want Splashtop installed when deploying the Syncro agent.

Note: This is only for Splashtop included with your Syncro subscription. For those using the Bring Your Own Splashtop version, you will see a separate section to enable that in a Policy.

Require Client Permission For Remote Access: Enable on a policy to allow customers to approve or deny remote access to their computer.

Once enabled, customers can choose to accept remote access, allow remote access for 24 hours, or deny remote access.

Technician Identifier: Select how you want your company or technician's name displayed when remoting into an Asset.

You can limit who can and cannot enable Remote Access in Admin > Security Groups by turning on the Policies - Edit Attended/Unattended setting.

Enabling this setting will allow technicians to turn Remote Access on/off on the policy. Disabling the setting will hide the Remote Access option from the policy settings as if it did not exist.

ScreenConnect (BYO)

In order for this option to appear, you must first configure ScreenConnect. You can then check Install & Manage ScreenConnect to have ScreenConnect installed with the Policy.

 

Scripting

Script Schedules

You can automatically apply a script schedule to any Asset with this Policy, and removing the script from this list will also remove it from any Asset applied with this Policy for easy changes.

Click Add Entry, select a Script and Frequency (from every 15 minutes to monthly), optionally check Skip Offline Assets, and enter any additional parameters. Repeat to add additional schedules.

Setup Scripts

Policies can automatically run a script on an Asset whenever the Policy is applied to an Asset (including fresh installs and when switching to a new Policy).

Click Add Entry, select a Script and when it will run:

• If Never Run — This will run the script if the Asset has never run the script before.
• Always — This will run the script every time an Asset is applied with this Policy.
• If Not Run Within Past... — This will run the script if the Asset has not run the script in X many days, where you can set X to any positive integer.

Enter any additional parameters, and when you have multiple scripts, use the hamburger icon to drag and rearrange the order in which the scripts run.

 

System Tray

Click System Tray Section in the dropdown where it will then have Hide System Tray checked by default. If you uncheck it, you can then click Add to pick which Menu Type you want (see the list below), the Menu Title it displays, and enter or select additional options. Use the hamburger icon to drag and rearrange the order of the items.

• URL — Send customers to a specific URL of your choosing.
• Customer Online Portal — Sends customer to the Customer Portal.
  Note: Asset must have an assigned contact that has a portal user setup already in order to be directed to the full customer portal. Assets without assigned contacts or with assigned contacts who do not already have a portal user configured will be directed to the new ticket creation page.
• Download a file — Allow customers to download a file. Note: The URL must be a direct download link.
• Send Email — This lets customers send an email directly to an address of your choosing.
• Execute a CMD — Lets customers run simple command line strings.
• Display some text — Display custom text on the System Tray.
• Insert Divider — Adds a separating divider on the System Tray to help with organization.
• Agent Contact Form — After you build one or more Agent Contact Forms, select the one you want for customers to create ticket requests. Any tickets created from this option will be automatically assigned to the contact on the asset. If there is no Assigned Contact on the asset, the ticket will be created without an Assigned Contact.
• Live Chat — Fill in the Unavailable Message to be displayed if no one answers the chat request, then optionally select which Technician to assign the chat to.

 

Third-Party Updates

Select Third-Party Updates in the dropdown, then select which policy to use in the dropdown. To manage and create the policies shown in the dropdown, click Third-Party Patch Policies.

See Third Party Patch Management for full details.

 

Windows Updates

Using Syncro's Windows Patch Management, you can ensure Assets are updated regularly. Select Windows Updates in the dropdown, then click Add Windows Updates Policy and select which policy to use in the dropdown. To manage and create the policies shown in the dropdown, click Windows Update Policies.

See Windows Patch Management for more info.

 

Policy Modules

When you are on any of the Policy Modules, in the upper right click Policy Modules to access the following. You won't see the one you are currently on in the dropdown.

 

Asset RMM Policies

This is the page you see when you click the Policies tab.

 

Agent Contact Forms

https://www.youtube.com/watch?v=QaVpXhT1aVc

This brings you to the Contact Form Policies page, where you can create different forms customers use to contact you that are accessible from the system tray. You could potentially create a different form for every customer!

Click New Contact Form Policy to add one, click a form's name to edit it, or the three dots to the right of a form to edit, clone or delete it.

We supply an Example Agent Contact Form which is helpful to learn what to put in a form.

The Form Field Settings section lets you require certain fields.

The Generated Ticket Settings section lets you preset the Assignee, Issue Type (required) and Custom Field Type for tickets created if desired.

When finished, click Save Contact Form Policy or Update Contact Form Policy.

Now when you add an Agent Contact Form to the System Tray in a policy, you can select from the forms you built here. You can even add multiple Forms the same policy that serve different purposes. A few things to note.

1. If a Contact is attached to the Asset, the Contact's information will be auto-completed within the Contact Form, and the ticket will be automatically assigned to the contact on the asset. If the client decides to edit this information, the updated Contact information will be attached as a private note on the ticket so your team knows what the client submitted. It will not override the current contact information. Similarly, if there is no Contact assigned to the Asset, the ticket will be created without an Assigned Contact, and whatever contact information the client completes within the Contact Form will be attached to the Ticket in the form of a private note.
2. The Ticket will be associated with the Customer the Asset is attached to (or the Contact if there is a Contact attached to the Asset).
3. Customers will be given the option to attach a screenshot to the request form.

 

Third Party Patch Management

Set third party applications to install or update on their own as a component of the Policy for the installed Agent. Third Party Patch Management (TPPM) Policies are attached Policies and are applied when an Asset is added to the Policy. TPPM Policies can also be used across Asset Policies if you want to have similar software patching across offerings.

Also, you can set whether or not Syncro manages Windows updates based on a schedule so that Windows updates do not interrupt your customer's business.

1. Add a new TPPM Policy.
2. The policies to which this is assigned.
3. Click the policy name or pencil icon to edit.
4. Delete.

Add or Edit a TPPM Policy

1. Give the policy a Name.
2. Click the appropriate radio button for each app.
3. To add additional applications for patching from the Chocolatey repository, below the included apps click Add Application, enter the app name, click the correct name, change the App Name if desired, and click Add Application.
   Note: Chocolatey will not install until a TPPM policy is applied to the policy assigned to the asset.
4. Below Schedule Specification, select when to start updating the apps and how often.
5. When finished, click Save.

When the Syncro agent is deployed on a device, the programs and updates chosen in the TPPM Policy will run at the first scheduled update. The software won't be installed or updated immediately after the Syncro agent is installed.

 

Event Log Monitoring

Event Log Policies enable you to easily monitor Assets for problematic events. To add or edit them,

1. On any policy page, in the upper right click Policy Modules > Event Log Monitoring. This will take you to the Event Log Policies page.
   
2. In the upper right click the New Event Log Policy button, or click a policy name to edit it.
3. Give it a Name.
   
4. To create a custom query, in the upper right click New Event Log Query. Fill in the details and click Create Event Log Query.
5. Type in the filter list field to narrow down the queries.
6. Click to edit a custom query.
7. Check the boxes of the queries you want to include.
8. For queries with a number after them, click the arrow on the right to expand the query.
9. When finished, scroll to the bottom and click Save Event Policy.

 

Process & Service Monitoring

See our Process and Service Monitoring article.

 

Windows Updates

See our Windows Patch Management article.

 

Assigning Policies to Assets

See our Policy Inheritance article.