Overview
A Deployment Policy defines the rules that control how and when a software package is deployed to target devices. It links a package from the Software Repository to a set of delivery instructions, including execution permissions, network conditions, retry behavior, and schedule.
Once published, a Deployment Policy is ready to be assigned to device groups or individual devices.
Navigation: Go to Manage → Deployment → Deployment Policy, then click Add Deployment Policy.
Section 1: Policy Details
Policy Name (Required) Enter a clear, descriptive name to identify this policy. Example: Deploy Microsoft Office 365 – Q1 Rollout, Install Zoom – Remote Workers
You can optionally click Add Description to include additional context about the policy’s purpose.
Category Select the type of deployment this policy will perform:
- Software : Deploy a software package from the Software Repository. Use this for application installations and removals.
- Script : Deploy a script from the Scripts Repository. Use this when you need to run automation without installing a traditional application.
Section 2: Package Settings
Operation Type Choose the action this policy will perform on target devices:
- Install : Install the selected package on target devices.
- Uninstall : Remove the selected package from target devices. The uninstall command configured in the package will be used.
Select Package (Required) Choose the software package you want to deploy from the dropdown list. This list is populated from your Software Repository.
If the package you need does not yet exist, click Add Package to create a new one directly from this screen without leaving the policy creation flow.
Section 3: Execution Context
The Execution Context determines the user account under which the installer runs on the target device. Selecting the correct context is important for ensuring the installer has the permissions it needs.
System (Run as System) (Default) The installer runs under the local System account with elevated administrator privileges. This is the recommended option for most enterprise software deployments.
Use this when:
- The software requires administrative access to install
- You want installation to happen in the background, even when no user is logged in
- The installer makes system-level changes (registry, services, system directories)
Logged-in User The installer runs within the session of the currently active user on the device. The user must be logged in for the deployment to proceed.
Use this when:
- The software installs to user-specific directories or profiles
- The application needs to inherit the user’s environment or preferences
- You are deploying user-scoped applications
Run as User The installer runs using a specific user account with credentials you provide. This is useful when the installer needs access to network resources, shared drives, or domain-protected directories.
Use this when:
- The installer accesses files on a network share that requires authentication
- You need controlled, credential-based access during installation
- Standard system privileges are insufficient for the deployment environment
💡 Note: When using Run as User, credentials must be configured in advance. Click Manage Credentials to add or update stored credentials.
Section 4: Deployment Handling Rules
These rules control how Zecurit behaves when a deployment encounters problems or connectivity issues.
Network Conditions Specify the network type under which deployments are allowed to run:
- Any Network : The deployment runs regardless of how the device is connected (Wi-Fi, wired, VPN, cellular).
- LAN Only : The deployment only runs when the device is connected to the local area network. Use this to avoid deploying large packages over slower or metered connections.
Retry on Failed Targets Enable this toggle to automatically retry the deployment if it fails on a device.
When enabled, configure:
| Setting | Description |
|---|---|
| Retry Count | The number of times Zecurit will reattempt the deployment after a failure |
| Retry Interval | The time (in minutes) Zecurit waits between each retry attempt |
| Retry After Reboot | When enabled, if a deployment fails and the device is rebooted, Zecurit will attempt the deployment again after the device comes back online |
💡 Tip: Enabling Retry After Reboot is useful for packages that require a system restart as part of the installation process.
Section 5: Schedule
The Schedule determines when the deployment begins on target devices.
Deploy Immediately The deployment starts automatically as soon as the target device next contacts the Zecurit server. Use this for urgent deployments that need to reach devices as quickly as possible.
Schedule Deployment Set a specific date, time, and time zone for the deployment to begin.
| Field | Description |
|---|---|
| Start Date | The date and time when the deployment should begin |
| Time Zone | The time zone used to interpret the start date and time |
If a device is offline at the scheduled time, the deployment will begin automatically the next time the device connects to the Zecurit server, no manual intervention is needed.
💡 Tip: Use scheduled deployments for off-hours installations to avoid disrupting users during business hours.
Section 6: Notification
Notify Administrators About the Deployment Status Enable this toggle to receive notifications when the deployment completes or fails on target devices. Notifications are sent to the administrators configured in your account settings.
Enabling notifications helps your team stay informed about deployment outcomes without having to manually check the console.
Saving and Publishing the Policy
At the bottom of the page, you have three options:
| Action | Description |
|---|---|
| Cancel | Discard all changes and return to the Deployment Policy list |
| Save as Draft | Save the policy without activating it. Use this to complete configuration later before going live |
| Publish | Save and activate the policy. Once published, it is ready to be assigned to groups or devices |
⚠️ Note: A policy that is saved as a draft will not deploy to any devices until it is published.