Overview
Once you have a published Deployment Policy and your scripts are in the Script Repository, the final step is targeting the right endpoints. In Zecurit, you distribute (associate) deployment policies to individual devices or entire device groups from the Groups and Devices section.
This page explains how to associate a script deployment policy at both the device and group level, how to track distribution status, and how to verify execution on individual endpoints.
Navigate to Manage → Groups and Devices to begin.
Understanding Targeting: Devices vs. Groups
| Target | Best For |
|---|---|
| Individual Device | One-off scripts for a specific machine (e.g., a diagnostic on a failing workstation) |
| Device Group | Batch deployment to a fleet of similar devices (e.g., all Windows laptops in the Sales department) |
Groups are the most efficient targeting method for ongoing automation. Any new device added to a group automatically receives policies associated with that group on its next check-in.
Method 1: Associate to Multiple Devices (Bulk)
Step 1 : Go to Groups and Devices
Navigate to Manage → Groups and Devices. Ensure you are on the Devices tab.
Step 2 : Select Target Devices
Check the checkboxes next to one or more devices you want to target. You can search or filter the list to narrow down your selection.
Step 3 : Open the Actions Menu
Click the Actions button (top-right of the list). A dropdown menu appears with two main sections: Distribute and Power.
Step 4 : Navigate to Deployment Policy
Under Distribute, click Deployment Policy. A sub-menu or modal will open.
Step 5 : Select and Associate the Policy
The Associate Deployment Policy dialog opens and lists all available published script deployment policies. You can:
- Use the Search bar to find a specific policy by name.
- Filter by Script or Software using the dropdown filter.
- See policy details including Platform, Last Modified By, Last Created Time, and Version.
Select the checkbox next to the policy you want to associate, then click Associate.
Note: Zecurit automatically matches policies to compatible devices. Policies are only applied to devices whose platform matches the policy’s script platform. For example, a Windows script policy will not be applied to macOS devices even if both are selected.
Method 2: Associate to a Device Group
Step 1 : Switch to the Groups Tab
In Manage → Groups and Devices, click the Groups tab at the top.
Step 2 : Select a Group
Find the group you want to target. Click the three-dot menu (⋮) next to the group, or select the group checkbox and use the Actions button.
Step 3 : Distribute the Policy
Select Actions → Distribute → Deployment Policy. The same Associate Deployment Policy dialog opens.
Select the policy and click Associate.
All devices within the group will receive the policy on their next check-in. Newly added devices to the group will also automatically receive associated policies.
Verifying Deployment on a Device
After associating a policy, you can verify its delivery and execution status on individual devices.
Step 1 : Open the Device Record
In Groups and Devices → Devices, click the device name (e.g., alexanderdaniel) to open the device detail view.
Step 2 : Click the Deployments Tab
In the device detail page, click the Deployments tab. This shows all policies distributed to the device.
Step 3 : Review the Deployment Status
The deployments table shows:
| Column | Description |
|---|---|
| Deployment Name | The name of the Deployment Policy |
| Profile Type | Deployment (for script policies) |
| Created By | Administrator who created the policy |
| Status | In Progress, Success, Failed, Pending |
| Version | Policy version currently distributed |
| Distributed Version | Version installed on this device |
| Associated Time | When the policy was pushed to this device |
| Remarks | Execution notes (e.g., “Execution…”) |
Click the Deployment Name link to open the full deployment report, including script output logs, exit codes, and error details.
Deployment Statuses Explained
| Status | Meaning |
|---|---|
| Pending | Policy distributed; waiting for device to check in |
| In Progress | Script is currently executing on the device |
| Success | Script executed and returned a defined success exit code |
| Failed | Script returned an error exit code or timed out |
| Retrying | Retry is in progress (if retry was enabled in the policy) |
Use Case: Deploy Security Audit Script to All Windows Laptops
Scenario: You need to run a security baseline audit across all 150 Windows laptops in your organization.
- Go to Manage → Groups and Devices → Groups tab.
- Find your group
Windows-Laptops-All. - Click Actions → Distribute → Deployment Policy.
- In the Associate Deployment Policy dialog, filter by Script.
- Select
WIN-SecurityBaseline-OnBoot(version 1). - Click Associate.
- All 150 devices will receive the policy. Devices currently online will begin execution immediately (or at the scheduled time). Offline devices will execute on next check-in.
- To monitor: click into any device → Deployments tab → look for
WIN-SecurityBaseline-OnBootwith statusSuccess.
Use Case: Target a Single Diagnostic Script to One Device
Scenario: One workstation (andrew75) is reporting high disk usage. You want to run a disk diagnostic script on it immediately without affecting other devices.
- Go to Manage → Groups and Devices → Devices tab.
- Check the box next to
andrew75. - Click Actions → Distribute → Deployment Policy.
- Select
WIN-DiskDiagnostic-OnDemandpolicy. - Click Associate.
- Navigate to
andrew75→ Deployments tab to monitor status and review script output.
Re-Distributing an Updated Policy
When you update a Deployment Policy (creating a new version), you need to re-associate it with devices or groups to push the updated version. Zecurit tracks the Version and Distributed Version in the device’s Deployments tab, making it easy to identify devices running outdated policy versions.
Removing a Policy Association
To remove a deployment policy from a device or group, open the device or group record, navigate to the relevant deployment, and select Remove from the actions menu. The policy will no longer execute on that endpoint on future check-ins.