Update Jobs

Use Update Jobs policies to deploy, modify, or remove job definitions on endpoints from a central place.

How it Works

Agents process policies with PolicyType "JobUpdate". The policy’s Extension tells the agent which job file to add/update/delete under Jobs/{JobId}.json.

Step-by-step: Create an Update Jobs policy (via Advanced JSON)

Navigate to Endpoint Privilege Manager → Policies

Click Create Policy Button

This will spawn the Create Policy modal form.

Define Policy Attributes

Choose a aptly discriptive name for your new policy.

Choose any existing policy type available in the UI for your new policy(this is just a starting template since Update Settings is set in JSON).

Choose a status for your new policy. We recommend monitor mode when initially setting up a policy.

Add one or more Controls by clicking on the "Add Control" button and then selecting the controls that you would like to see applied to your new policy.

Choose a User Group, a Machine Collection, and an Application Collection.

Configure Policy Targeting

Configure any targeting you want in the UI (collections/users/machines/apps/platforms). Who or What does your policy apply to?

Open the Policy’s Advanced Mode (JSON view)

To open the Policy's Advanced Mode, click on the "Advanced Mode" link in the bottom left corner of the Policy Form.

Redefine Policy Type in JSON

Define Extension Fields

Set: Extension fields as described in the Required Etension Fields section of this document

Save the Policy

Required Extension Fields

Extension.JobId — job identifier; agent writes/deletes Jobs/{JobId}.json
Extension.Action — "Add", "Update", or "Delete"
Extension.JobJson — required for Add/Update; omit for Delete

ID requirement: JobJson must include an internal id matching JobId.

Example JSON Snippets

Example 1: Add a Job (JobUpdate / Action=Add)

{
  "PolicyName": "Update Jobs - Add Maintenance Job",
  "PolicyType": "JobUpdate",
  "PolicyId": "REPLACE_WITH_ID",
  "Status": "on",
  "Actions": {
    "OnSuccess": {
      "Controls": [
        "NOTIFY"
      ]
    },
    "OnFailure": {
      "Command": ""
    }
  },
  "NotificationMessage": "A job was added to this endpoint via policy.",
  "NotificationRequiresAcknowledge": false,
  "RiskLevel": 20,
  "Operator": "And",
  "Rules": [
    {
      "RuleName": "UserCheck",
      "ErrorMessage": "This user is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckUser()"
    },
    {
      "RuleName": "MachineCheck",
      "ErrorMessage": "This Machine is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckMachine()"
    }
  ],
  "UserCheck": [],
  "MachineCheck": [],
  "ApplicationCheck": [],
  "DayCheck": [],
  "DateCheck": [],
  "TimeCheck": [],
  "CertificationCheck": [],
  "Extension": {
    "JobId": "my-maintenance-job",
    "Action": "Add",
    "JobJson": "{\n  \"id\": \"my-maintenance-job\",\n  \"name\": \"My Maintenance Job\",\n  \"description\": \"Runs periodic maintenance actions.\",\n  \"enabled\": true,\n  \"schedule\": {\n    \"type\": \"interval\",\n    \"minutes\": 60\n  },\n  \"tasks\": [\n    {\n      \"type\": \"command\",\n      \"name\": \"Example Task\",\n      \"command\": \"echo Maintenance job ran\"\n    }\n  ]\n}"
  }
}

Notes

Extension.JobJson is a string containing the full job JSON.
Make sure the inner job JSON includes "id": "my-maintenance-job" matching JobId.

Example 2: Update an Existing Job (JobUpdate / Action=Update)

{
  "PolicyName": "Update Jobs - Update Maintenance Job",
  "PolicyType": "JobUpdate",
  "PolicyId": "REPLACE_WITH_ID",
  "Status": "on",
  "Actions": {
    "OnSuccess": {
      "Controls": [
        "NOTIFY"
      ]
    },
    "OnFailure": {
      "Command": ""
    }
  },
  "NotificationMessage": "A job was updated on this endpoint via policy.",
  "NotificationRequiresAcknowledge": false,
  "RiskLevel": 20,
  "Operator": "And",
  "Rules": [
    {
      "RuleName": "UserCheck",
      "ErrorMessage": "This user is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckUser()"
    },
    {
      "RuleName": "MachineCheck",
      "ErrorMessage": "This Machine is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckMachine()"
    }
  ],
  "UserCheck": [],
  "MachineCheck": [],
  "ApplicationCheck": [],
  "DayCheck": [],
  "DateCheck": [],
  "TimeCheck": [],
  "CertificationCheck": [],
  "Extension": {
    "JobId": "my-maintenance-job",
    "Action": "Update",
    "JobJson": "{\n  \"id\": \"my-maintenance-job\",\n  \"name\": \"My Maintenance Job\",\n  \"description\": \"Runs periodic maintenance actions (updated schedule).\",\n  \"enabled\": true,\n  \"schedule\": {\n    \"type\": \"interval\",\n    \"minutes\": 30\n  },\n  \"tasks\": [\n    {\n      \"type\": \"command\",\n      \"name\": \"Example Task\",\n      \"command\": \"echo Maintenance job ran (updated)\"\n    }\n  ]\n}"
  }
}

Notes

Updates typically replace the job file contents with whatever you provide in JobJson, so include all required fields for your job schema.

Example 3: Delete a Job (JobUpdate / Action=Delete)

{
  "PolicyName": "Update Jobs - Delete Maintenance Job",
  "PolicyType": "JobUpdate",
  "PolicyId": "REPLACE_WITH_ID",
  "Status": "on",
  "Actions": {
    "OnSuccess": {
      "Controls": [
        "NOTIFY"
      ]
    },
    "OnFailure": {
      "Command": ""
    }
  },
  "NotificationMessage": "A job was deleted from this endpoint via policy.",
  "NotificationRequiresAcknowledge": false,
  "RiskLevel": 20,
  "Operator": "And",
  "Rules": [
    {
      "RuleName": "UserCheck",
      "ErrorMessage": "This user is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckUser()"
    },
    {
      "RuleName": "MachineCheck",
      "ErrorMessage": "This Machine is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckMachine()"
    }
  ],
  "UserCheck": [],
  "MachineCheck": [],
  "ApplicationCheck": [],
  "DayCheck": [],
  "DateCheck": [],
  "TimeCheck": [],
  "CertificationCheck": [],
  "Extension": {
    "JobId": "my-maintenance-job",
    "Action": "Delete"
  }
}

Notes

For Delete, omit JobJson.

What Will Typically be Edited in Real Use

PolicyId: keep the one generated by the UI.
Status: "on"/"off" depending on rollout.
UserCheck / MachineCheck: populate the arrays using your console’s normal targeting entries.
Extension.JobId: the filename key (ends up as Jobs/{JobId}.json on endpoints).
Extension.JobJson: stringified full job definition for Add/Update.

Validate on an Endpoint

Add/Update: confirm Jobs/{JobId}.json exists and matches your provided job JSON.
Delete: confirm Jobs/{JobId}.json is removed.

PreviousHTTP Access NextUpdate Settings

Last updated 8 days ago