[GH-ISSUE #1293] Agent assigned Automation Policy - patch policy not used. #2746

New issue

Closed

opened 2026-03-14 05:20:38 +03:00 by kerem · 5 comments

kerem commented 2026-03-14 05:20:38 +03:00

Owner

Copy link

Originally created by @af7567 on GitHub (Sep 23, 2022).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/1293

Server Info (please complete the following information):

• OS: Ubuntu 20.04.5
• Browser: Chrome
• RMM Version (as shown in top left of web UI): v0.14.8

Installation Method:

• [*] Standard

Agent Info (please complete the following information):

• Agent version: v2.3.1
• Agent OS: Win 10 v21H2

Describe the bug
When an automation policy which includes a patch policy is applied to an agent by right click > Assign Automation Policy the patch policy is not used. Instead the Client or Site patch policy is used.
In the agent edit screen the correct automation policies are shown, but the effective patch policy used is the one from the site/client.

Each agent can have its own "patches" settings applied which can be used as a workaround, but I expected the patch policy from the automation policy to be used. It's also a lot easier to assign an automation policy to a few agents than to edit the patches section in each :)

Originally created by @af7567 on GitHub (Sep 23, 2022). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/1293 **Server Info (please complete the following information):** - OS: Ubuntu 20.04.5 - Browser: Chrome - RMM Version (as shown in top left of web UI): v0.14.8 **Installation Method:** - [*] Standard **Agent Info (please complete the following information):** - Agent version: v2.3.1 - Agent OS: Win 10 v21H2 **Describe the bug** When an automation policy which includes a patch policy is applied to an agent by right click > Assign Automation Policy the patch policy is not used. Instead the Client or Site patch policy is used. In the agent edit screen the correct automation policies are shown, but the effective patch policy used is the one from the site/client. Each agent can have its own "patches" settings applied which can be used as a workaround, but I expected the patch policy from the automation policy to be used. It's also a lot easier to assign an automation policy to a few agents than to edit the patches section in each :)

kerem 2026-03-14 05:20:38 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-03-14 05:20:54 +03:00

Author

Owner

Copy link

@silversword411 commented on GitHub (Sep 23, 2022):

How are you determining that it's the Client/Site policy, and not the Agent policy that's being applied?

<!-- gh-comment-id:1256462515 --> @silversword411 commented on GitHub (Sep 23, 2022): How are you determining that it's the Client/Site policy, and not the Agent policy that's being applied?

kerem commented 2026-03-14 05:20:59 +03:00

Author

Owner

Copy link

@af7567 commented on GitHub (Sep 23, 2022):

The Agent policy patch policy has a different installation time to the Client policy but patches had not been getting installed at that time. So I checked by right clicking the agent > Edit and looked in the Automation Policies - Effective Patch Policy section and can see the time shown there is the one from the Client policy.
The Agent policy above is shown correctly, only the effecive patch policy is wrong.

<!-- gh-comment-id:1256487923 --> @af7567 commented on GitHub (Sep 23, 2022): The Agent policy patch policy has a different installation time to the Client policy but patches had not been getting installed at that time. So I checked by right clicking the agent > Edit and looked in the Automation Policies - Effective Patch Policy section and can see the time shown there is the one from the Client policy. The Agent policy above is shown correctly, only the effecive patch policy is wrong.

kerem commented 2026-03-14 05:21:04 +03:00

Author

Owner

Copy link

@af7567 commented on GitHub (Sep 23, 2022):

I think the problem is here:

github.com/amidaware/tacticalrmm@5a1cbdcd3b/api/tacticalrmm/agents/models.py (L627-L634)

It seems to be going through the policies in the order agent, site, client, default. But since there is no break after finding a valid policy it always continues through to the end even if a valid agent policy is found. Since I don't have any default policy set, it ends up with the client policy.

I haven't really tested that theory though :) If that is the problem wouldn't it also affect site and client policies?

<!-- gh-comment-id:1256522927 --> @af7567 commented on GitHub (Sep 23, 2022): I think the problem is here: https://github.com/amidaware/tacticalrmm/blob/5a1cbdcd3baf7ef85d60eeda353195db0e441efb/api/tacticalrmm/agents/models.py#L627-L634 It seems to be going through the policies in the order agent, site, client, default. But since there is no break after finding a valid policy it always continues through to the end even if a valid agent policy is found. Since I don't have any default policy set, it ends up with the client policy. I haven't really tested that theory though :) If that is the problem wouldn't it also affect site and client policies?

kerem commented 2026-03-14 05:21:10 +03:00

Author

Owner

Copy link

@af7567 commented on GitHub (Sep 28, 2022):

I have tested adding that break in the loop and now updates are getting installed when I expect them to. It was also preventing the site automation patch policy from overriding the client automation patch policy for me. So I suspect anyone who has default policies set wil have them in effect rather than any patch policy set in site/client/agent.

Since then, one problem I noticed is that on the frontend, the "Effective Patch Policy" displayed on the right click > edit menu still shows the client patch policy even though it is actually executing the agent patch policy (I can see it is executing at the right time from DebugLog messages I added). Is this frontend data cached or something? It should be getting the data from agent.get_patch_policy() as far as I can tell. Nevermind, I guess I needed to restart more than just the celery service for changes to take effect on the frontend :) So now that seems OK too.

<!-- gh-comment-id:1261469726 --> @af7567 commented on GitHub (Sep 28, 2022): I have tested adding that `break` in the loop and now updates are getting installed when I expect them to. It was also preventing the site automation patch policy from overriding the client automation patch policy for me. So I suspect anyone who has default policies set wil have them in effect rather than any patch policy set in site/client/agent. ~Since then, one problem I noticed is that on the frontend, the "Effective Patch Policy" displayed on the right click > edit menu still shows the client patch policy even though it is actually executing the agent patch policy (I can see it is executing at the right time from DebugLog messages I added). Is this frontend data cached or something? It should be getting the data from `agent.get_patch_policy()` as far as I can tell.~ Nevermind, I guess I needed to restart more than just the celery service for changes to take effect on the frontend :) So now that seems OK too.

kerem commented 2026-03-14 05:21:15 +03:00

Author

Owner

Copy link

@wh1te909 commented on GitHub (Oct 2, 2022):

@af7567 thanks so much for debugging this, would you be able to submit a PR with the fix?

<!-- gh-comment-id:1264726175 --> @wh1te909 commented on GitHub (Oct 2, 2022): @af7567 thanks so much for debugging this, would you be able to submit a PR with the fix?

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

master

1.0.0

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.20.1

v0.20.0

v0.19.4

v0.19.3

v0.19.2

v0.19.1

v0.19.0

v0.18.2

v0.18.1

v0.18.0

v0.17.5

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.5

v0.16.4

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.12

v0.15.11

v0.15.10

v0.15.9

v0.15.8

v0.15.7

v0.15.6

v0.15.5

v0.15.4

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.8

v0.14.7

v0.14.6

v0.14.5

v0.14.4

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.4

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.3

v0.11.2

v0.11.1

v0.11.0

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.2

v0.9.1

v0.9.0

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.32

v0.4.31

v0.4.30

v0.4.29

v0.4.28

v0.4.27

v0.4.26

v0.4.25

v0.4.24

v0.4.23

v0.4.22

v0.4.21

v0.4.20

v0.4.19

v0.4.18

v0.4.17

v0.4.16

v0.4.15

v0.4.14

v0.4.13

v0.4.12

v0.4.11

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.23

v0.2.22

v0.2.21

v0.2.20

v0.2.19

v0.2.18

v0.2.17

v0.2.16

v0.2.15

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.8

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

In Process

  

bug

  

bug

  

dev-triage

  

documentation

  

duplicate

  

enhancement

  

fixed

  

good first issue

  

help wanted

  

integration

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

requires agent update

  

security

  

ui tweak

  

wontfix

No labels

In Process

bug

bug

dev-triage

documentation

duplicate

enhancement

fixed

good first issue

help wanted

integration

invalid

pull-request

question

requires agent update

security

ui tweak

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/tacticalrmm#2746

No description provided.