Altiris ITMS 8.7.2. released

Release 8.7.2 of the IT Management Suite (ITMS 8.7.2) from Broadcom was published at the beginning of April 2024. The release can now be installed via the Symantec Installation Manager (SIM).
We will be happy to support you in updating to the new version. Get in touch with us.

These New Features were introduced with Release 8.7.2:

New Symantec Management Platform Features

ITMS integrates with Azure ADITMS integrates with Azure AD, also known as Microsoft Entra. To help with this integration, you can use the Using IT Management Suite with Microsoft Entra white paper shows you how ITMS integrates with Azure AD, also known as Microsoft Entra. Learn how to use the following information about this integration:
• Symantec Management Console and Software Portal Authentication, which enables support for Multifactor Authentication
• Import security roles, computer groups, and user groups
• Support for Azure AD-only environments when the local account used for Agent Connectivity Credentials
New icon in Task Instance DetailsIn Task Instance Details, tasks with conditions evaluating as false now display a new icon, instead of the failure icon.
ASDK allows you to set scoped roles to resource targetsSDK allows to set scoped roles to resource targets

• The ScopingManagementLib.CreateResourceTarget method has been updated to enable setting roles for newly created resource targets.
• The ScopingManagementLib.DoResourceTargetScoping method has been created, allowing role adjustment for existing targets.

New Symantec Management Agent Features

Administrator can now notify end users when maintenance windows are about to beginThe Administrator can now set the time when the Symantec Management Agent displays an informational message to the end user about when their Maintenance Window begins.
Use any Windows account credentials with SQL Server authentication when using the Symantec Installation ManagerYou can now specify any Windows account credentials to use with SQL Server authentication when using the Symantec Installation Manager. You can use these credentials with either new installations or an off-box upgrade. In previous releases, you could only use the current Windows account: NS AppIdentity. You can also use the new Windows Authentication option to specify the Windows credentials to use for Data Connector data sources, such as the ODBC Data Source page and the OLEDB Data Source page.
New OS SupportThe following operating systems are now supported for the installation of the Symantec Management Agent and solution plug-ins:

• Oracle Linux 8.9 Support statement
• Oracle Linux 9.3 Support statement
• Red Hat Enterprise Linux 8.9 Support statement
• Red Hat Enterprise Linux 9.3 Support statement
• Windows 11 23H2 Support statement
• ESXi 8.0

New Symantec Management Console Features

Specify how long to keep a record of task instances in the databaseThe Maximum time period to keep the task instances/summaries option in the Clean up Task Data lets you specify the maximum time period to keep the task instance summaries in the database.

The Maximum time period to keep task instances/summaries option overrides the Maximum number of working database/database summary rows option. For example, if you set Maximum time period to keep task instances/summaries to 3 Months, the clean-up does not remove the task records unless they are older than three months, even if the Maximum number of working database/database summary rows is exceeded.

The Maximum time period to keep task instances/summaries option overrides the Minimum time period to keep task instances/summaries option.

The Minimum time period to keep the task instances/summaries value cannot be larger than the maximum value.
For more information about how to set this option, see Cleaning up Task Data.
The Software Purchases list automatically sorted alphabeticallyThe Software Purchases list in the Edit > Software License page is now automatically sorted alphabetically.
Only clone items to folders where you have permission to Create ChildrenWhen you clone any item, you can only clone items to folders where you have permission to Create Children. The Select folder dialog displays only these folders that have enabled this permission.
Override Maintenance Windows for Automation PoliciesThe Automation Policy’s Edit Job/Task Input Parameters dialog has a new option that is named Override Maintenance Windows. This option lets the policy run regardless of the Maintenance Window settings.

As a default, the automation policy runs only within the Maintenance Window, or if a maintenance window has been set up and enabled. If you enable a maintenance window, the schedule is ignored and the automation policy runs when the first available maintenance window opens.

Select this option to override this behavior and use the options that you specified in this automation policy. Clear this option to abide by the maintenance windows. For more information, see Viewing Information about a Computer’s Maintenance Window.
The New Schedule dialog displays information about  the maintenance window activity of added computersThe New Schedule dialog displays information about  the following statuses in regards to the added computer’s maintenance window activity:

Active: The Maintenance Window is currently active (running) on the selected client computer.·
Not Active: The client computer has received one or more maintenance window policies, but these policies are not currently active (running).·
Not Defined: The client computer has not received any maintenance window policies.
For more information, see New Schedule Dialog Box.

New Inventory Solution Features

Inventory data now includes the System SKU Number from Windows and Linux computersThe Computer System inventory data class has been extended by populating the System SKU Number from Windows and Linux computers, where it is available.

Inventory Agent gathers information about system boot mode
The Inventory Agent can now gather information about your systems boot mode (BIOS or EFI) and its Secure Boot status. To gather this information, include the System Boot Info data class to the scope of the inventory task or policy. The System Boot Info data class is a part of Hardware Inventory, and can be enabled in the Advanced Options of the inventory task or policy under Hardware > Software > Common in the Inventory data classes tree.

All data is available in the newly added Count of Computers by Boot Mode report. This report displays the number of computers with BIOS boot mode and the number with EFI boot mode.

The Count of Computers by Boot Mode report appears in the following location:

Reports > Discovery and Inventory > Inventory > Cross-platform > Count of Computers by Boot Mode. With this report, you can drill down to see a detailed list of computers by BIOS boot mode or by EFI boot mode. The detailed list also shows the Secure Boot status for each reported machine.

New Patch Management Solution Features

New options to not create and send NSEs related to a Windows patch scanYou can decide whether to create and send Notification Server Events (NSEs) related to Windows policy and package patch scans.
For more information and links, consult the original Release Notes.

Randomize the Patch assessment start time

As an administrator, you can randomize the Patch assessment start time so that it does not cause CPU peaks. For more information, see the Configuring Windows System Assessment Scan policy topic.
New Linux channels are selected automatically for import if the corresponding OS version was previously fully selectedYou no longer need to monitor and select newly-added channels of Linux operating systems to manually import: if the corresponding OS version was previously fully selected in the Import Patch Data task UI, then new channels will be automatically selected for import.

The Patch Management solution now uses the new patch datafeed version 7.4
The new datafeed includes updated versions of the assessment and deployment tools that do not support the following EOL operating systems

• Windows XP
• Windows Vista
• Windows Server 2003
• Windows Server 2003 R2
• Windows Server 2008

There is a new error code for Windows Assessment:

9 = DoesNotMeetThePrerequisites - Assessment finished unsuccessfully because the Operating System is too old and no longer supported.

For more information, see KB article 155812: Windows Assessment Scan Exit Codes.
Improved Office 365 patching error handlingIf there are ever patching errors for Office 365, the appropriate entries are copied from the Office 365 update log to the Altiris Log to assist with troubleshooting.

New command line parameter to troubleshoot Office 365 patching after a channel change
If a channel is not successfully detected after its change, you can add a new parameter to the Office 365 update command line to troubleshoot the Office 365 update installation. This parameter is —copychannelid=true.

Initiating an Office 365 update with this parameter, it will copy the value from ‘UpdateChannel’ into ‘CDNBaseUrl’ in the Office 365 registry.

To change the command line, follow these steps:

1. Switch to the Advanced tab of the corresponding SWU policy.
2. Select the entry in the Command Line item.
3. Change to the Custom command line option in the Command-line options dialog,
4. Add a new parameter at the end of the command line.
5. Select OK to save the changes, and then select Save Changes in the SWU policy page to reconstruct it.

New Software Management Features

Default filters for Admins and Portal Managers display open requests from direct reports

When either the Symantec Administrator or Software Portal Manager roles log in to the Software Portal, the Subordinate Request tab applies the following filters by default:

• Request Status = open
• Requests = only from my direct reports

This change helps these roles respond more quickly to the requests of their direct reports.
Purge Not Installed software
You can now see all software components that are not installed on any managed computers:
Open the Symantec Management Console, and then select Manage > Software, and then expand the Software Catalog folder. Select the Not Installed Software view.

There is also a new purging schedule for the Not Installed Software in the Software Catalog Configuration page. There is View software to be deleted report where you can see what software components will be purged. By default, this purging is disabled.
When enabled, a scheduled task named 
NS.Software catalog maintenance schedule.{bce36b8e-dfc5-4cf6-be7e-afb9282b0d3a} 
runs Daily at 12:30 AM.

The Purge Not Installed Software section has the following three options:

Delete associated policies and tasksWhen you select this option for the Not installed Software component to delete, then the associated Managed Delivery policies, Targeted Software Inventory policies, Quick Delivery and Package Delivery tasks delete as well. If not selected, then the policies or tasks associated with the selected component will not be deleted.

Preserve deliverable softwareIf you select this option, a Not installed Software component that has associated packages or command lines will not be deleted.

Preserve components associated with software productsIf you select this option, a Not installed Software component that is a part of a software product configuration will not be deleted.

New Deployment Solution Features

Admins can now edit or delete SOI packagesAdministrators can now use the OS Files page to edit and/or delete existing SOI packages. For more information, see Adding or Importing OS Files.
LinuxPE version updateDeployment Solution 8.7.2 updated the version of LinuxPE, and now allows drivers to be imported into LinuxPE. For more information, see the following Knowledge Base article: 244316: LinPE Support and Access to Files.
iPXE is updated to version 1.21.1+The iPXE binaries have been updated to the latest available iPXE version: 1.21.1+. For more information, see the following Knowledge Base article: KB280113.
Bypass reboot if client already booted into preboot environmentThe Boot To task now includes a setting called Do not reboot if current environment is Preboot. This feature enables the system to bypass rebooting into the Preboot environment if the client is already booted into it. For more information, see Creating a Boot To Task.
Improved TFTP server performance8.7.2 now has improved TFTP server performance. For more information, see KB article 281045: DS 8.7.2 – Improving optimal TFTP settings starting from 8.7.2.

With ITMS 8.7.2 various improvements or «fixed issues» in the following solutions were also addressed:

  • Symantec Management Platform
  • Asset Management Solution
  • Data Connector Solution
  • Deployment Solution
  • Inventory Solution
  • Monitor Solution
  • Patch Management Solution
  • Software Management Solution
  • Workflow Solution

Release Notes and User Guides

The release notes and other useful documents for Altiris can be conveniently found at:

Altiris links & downloads

As with all updates, there are a few things to consider, especially if you are running multiple clients and servers. We have profound experience in this area and would be happy to advise you on updating to the latest version. Feel free to contact us.