Altiris ITMS 8.6 RU2 released

Now the second update for Release 8.6 of the Symantec IT Management Suite (ITMS 8.6 RU2) has been released. The update can be installed immediately via the Symantec Installation Manager (SIM).
We are happy to support you with this update, please contact us.

→ You can conveniently find these release notes and other useful documents on Altiris at:
Altiris Links & Downloads

Here we have compiled the new features for you.

These new features were realized with Release 8.6 RU2:

New Symantec Management Platform Features

Modern Device Management – macOSThis release introduces Modern Device Management (MDM). This feature leverages capabilities built into the operating system to manage end user machines without the need to install an agent on each client.
In this initial release, ITMS leverages MDM on macOS 11 and 12 devices for device enrollment, the distribution of profiles containing system configuration elements, applications to be installed, and the ability to perform actions such as shutdown, restart, lock of even erase on MDM-managed devices.
To complement this new feature, ITMS includes five new MDM-related reports:
Installed Profiles by Computer
– MDM Enrollment by Endpoint
– MDM Managed Profiles Summary
– MDM Manually Installed Profiles Summary
– MDM Servers.
These new reports can be accessed from within the Endpoint Management Workspaces UI by selecting Quick Tasks > Reports.
A full configuration guide is available in the ITMS help under Modern Device Management.
Symantec Management Console Windows Browser SupportThis release marks a change in the browsers supported for accessing the web-based Symantec Management console from Windows PCs. Google Chrome and Microsoft Edge are the only officially supported browsers for Windows; Internet Explorer will is no longer supported.

System Restart as Last Action Performed in a Maintenance Window

8.6 RU2 adds an option to restart a Windows computer at the end of a maintenance window if a pending reboot is detected. Further options are available to determine how a given restart is handled – whether or not to allow the user to defer the reboot, whether to notify them or not, and even the option to force running applications to close.
These options focus on ensuring that a reboot is performed as the last action within a maintenance window regardless of which other actions are completed within the maintenance window.

User Reboot Options Added to Power Control Task

Your Power Control tasks can now include prompts for users to reboot their PCs to install required software updates.

RedHat Enterprise Linux – System Detection

Red Hat Enterprise Linux (RHEL) systems from version 8.0 forward will no longer use the Red Hat Enterprise designations of Linux Server, Workstation, or Desktop.
Going forward, these RHEL systems will be referenced in ITMS based on their role, rather than their OS type:
– Red Hat Enterprise Linux 8 (Server Role)
– Red Hat Enterprise Linux 8 (Compute Node role)
– Red Hat Enterprise Linux 8 (Workstation role)
If the role is unset, the computer will be treated as having the Server role by default.
On any RHEL 8.0 or above system, the current role can be verified by running the subscription-manager role command.

Support Multiple Lines of Text in Task UI

The task description field has been expanded to several lines of text, which now displays beneath the title. The text can either be displayed by clicking on it, or it can appear as a browser tooltip when mousing over the title.

Support CNG Encryption

ITMS certificate management now includes support for certificates in CNG format.

Upgrades Prevented With Expired License

This release introduces new functionality to ensure that customers are only permitted to upgrade to versions of ITMS released prior to the expiration of their support/maintenance contract or subscription. If your contract has expired and you attempt to upgrade to a newer version of ITMS, the Symantec Installation Manager will cancel the upgrade and advise you contact Broadcom to renew your contract. 

New Symantec Management Agent Features

Expanded list of supported platforms or functions for Symantec Management Agent.

The following operating systems are now supported for the installation of the Symantec Management Agent and solution plug-ins:
– macOS 12
Note – patch management is not supported for macOS 12 at this time.
– Red Hat Enterprise Linux 8.4
– Oracle Linux
Note – patch management is not supported for Oracle Linux at this time.
– SUSE Linux 15 SP3
– Windows 11
– Windows 10, version 21H2
– Windows 10 Enterprise LTSC 2021

Please refer to the original Release Notes for corr. Support Statements

Detailed Client Information in Symantec Management Agent

The Symantec Management Agent (SMA) user interface on Windows computers now includes the computer model/manufactureroperating systemcurrent user, and the time of last reboot. In addition, the SMA user interface can now display multiple IP addresses in cases where a computer has more than one active network interface.
This additional information can save technicians valuable time when troubleshooting issues.
No configuration change is required to enable this feature.

New Patch Management Solution Features

CVE ID Based Patching

ITMS administrators can now more easily collaborate with the security operations team by creating Windows software update policies based on CVE-ID and reporting on compliance by CVE-ID.

Office 2021 Patch Management Support

ITMS can now detect missing Office 2021 updates and install the click-to-run update from Symantec Management Platform package servers, rather than downloading content from Microsoft’s servers to each individual endpoint.
This represents a change to the content in the Patch Data component, which is used by all versions of ITMS. As such, this feature is available in all currently-supported ITMS releases.

New vendor supported in Patch Management

The Windows patch management data feed now includes support for the vendor GIT, enabling ITMS to detect and distribute missing updates for supported GIT products.
GIT is now also available in previous versions of ITMS, as this represents a change to the data feed used by all versions of ITMS.

New product supported in Patch Management

Patch Management now supports updates to the engine used by Windows Defender.
This represents a change to the content in the Patch Data component, which is used by all versions of ITMS. As such, this feature is available in all currently supported ITMS releases.

New Deployment Solution Features

Deployment Solution Supports Package Servers via Cloud-Enabled Management

When using Deployment to image or re-image machines using a Cloud Enabled Management connection, you can now to connect to package servers using that connection.

Deployment Solution – Preboot Package List Customization

This release includes granular options for what packages to include when building a WinPE image. As several packages (such as PowerShell) have prerequisites, you can also order the package list as required avoid errors. 

Define Custom OS Types

You can now define the label for each client operating system as needed. This requested feature is useful for working with operating systems that have been released, but have not yet been certified by ITMS development.

Site-Specific Initial Deployment Settings

This release adds the ability to clone Initial Deployment settings, and make copies to push to specific sites, where slight configuration variations make a common framework less desirable.

WinPE Support

Deployment Solution now supports WinPE for Windows 11 and WinPE for WIndows Server 2022.

Ubuntu Support

The ITMS Deployment Solution now provides support for Ubuntu 18.04 LTS and 20.04, including automation folders, Boot To tasks, Prepare for Image Capture tasks, Deploy Image tasks, and the Create Image task. 
Scripted OS Installation and Apply System Configuration tasks are currently not supported.

New Inventory Solution Features

Standalone Inventory – HTTPS Without Pre-Installation of Client Certificates

ITMS now supports the transmission of standalone inventory data via HTTPS without having to preinstall certificates.  Certificates can now be included in the standalone inventory package itself.

Standalone Inventory – Encryption

Standalone inventory data is now encrypted when transmitted to the Notification Server. The Notification Server can be configured to not process unencrypted data.

Standalone Inventory – Define Log Settings as Part of Package

This release adds the ability to define log settings as part of a standalone inventory package. This is useful where standalone/legacy clients are prevented from having the registry modified. You can now set a new logging level as part of a standalone inventory package, rather than having to perform a separate action to change the log settings before distributing the standalone inventory package.

With ITMS 8.6 RU2, various improvements or «fixed issues» in the following solutions were also realized:

  • Notivication Server Solution
  • Symantec Management Platform
  • Asset Management Solution
  • Deployment Solution
  • Inventory Solution
  • Patch Management Solution
  • Workflow Solution

Release Notes and User Guides

The release notes and other useful documents for Altiris can be conveniently found at:

Altiris links & downloads

As with all updates, there are a few things to consider, especially if you are running multiple clients and servers. We have profound experience in this area and would be happy to advise you on updating to the latest version. Feel free to contact us.