Insufficient disk space can also hinder the installation of patches. Based on recommendations from Microsoft, the total free disk required for patching can vary. “Feature updates require 6 GB – 11 GB or more of free space, while quality updates require 2 GB – 3 GB or more.”
The requirement for free space can have severe consequences as unpatched devices are vulnerable to attacks from viruses, malware, and cybercriminals. I’m sure every CIO or CISO would agree, one of their goals is to make sure their company never makes it into the news for a ransomware attack or for being hacked, simply because endpoints weren’t patched.
While making sure a device has adequate disk space sounds easy, it can be challenging for a variety of reasons.
- The Estate has IT tools that don’t provide sufficient visibility into devices with limited disk space.
- IT tools may be able to gather the necessary information on disk space, but it is time-consuming and difficult to find Noncompliant devices and generate accurate reports.
- Depending on scripts to free up disk space without the input of the end user can cause the loss of important data.
- Scripts needed to free up disk space may be difficult to deploy or may run undependably if the user disconnects from the network.
So, what’s the solution?
1E’s Endpoint Automation makes it easy for Administrators to get visibility into devices experiencing issues with disk space and can help to solve the problem of insufficient disk space in real time, even if the device is offline. It can even be configured to provide options to the end user to guide them through the process of identifying folders that consume the greatest amount of disk space.
The 1E Endpoint Automation module uses Rules, built with 1E to ensure the configuration state of the device. There are two basic components to a Rule,a Check and Fix— Fixes are optional.
In the case of Disk Space, we can use a Check to determine the threshold for the minimum amount of hard drive space. We can use a Fix to free disk space and bring the device back into compliance.
A key feature of 1E Endpoint Automation is that once a rule has been downloaded and deployed using a Policy, the Endpoint doesn’t have to query a central server to enforce the rule. This allows the Policy\Rules to work even if the device isn’t connected to the network. E.g., if a user is flying on a plane.
Let’s explore the capabilities of 1E’s Endpoint Automation with an example of a custom rule recently authored for a retail company that needs to expand its operation in the US. Approximately half of the company’s users are expected to work remotely, and IT needed a way to ensure that end user devices always have adequate disk space. The primary driver was to help increase patch efficiency across the estate. The company wanted to leverage a 1E Endpoint Automation that’d allow them to quickly and easily identify devices with limited disk space and allow users to correct the issue.
Setting a Policy to control disk space is a straightforward process.
1. Navigate to Endpoint Automation Rules > Administration > Rules and locate the Disk – Free Disk Space Rule and Edit the Rule. (Note the Rule must be licensed and enabled)
2. We will accept the default Pre-Conditions for the policy are accurate. Note: Pre-Conditions are a series of checks that must be satisfied for the Rule to run on the Endpoint
3. Navigate to Triggers and select a periodic interval, for IntervalHours we entered 1. This means that disk space will be checked every hour
4. Navigate to Check and select the threshold for the minimum disk space required on the endpoint. In this example the amount is 10GB
5. The last section of the Endpoint Automation Rule is the Fix. For the Fix we make sure that the following Fix has been selected: Automatically Clear Disk Space. RaiseTopic Fix-DiskAutoClearSpace is selected, and in the Raise Topic field we enter ClearDiskSpaceManual — Note this is a custom fix that’ll notify the user that there is a problem with diskpace.
6. The final steps are to save the Rule and to deploy it using a Policy.
When the Endpoint goes below 10GB of available storage the Rule will be triggered that notifies the user of insufficient disk space and will provide a list of options to help resolve the issue.
Administrators can easily see which devices are compliant and Noncompliant with the rule.
1E Endpoint Automation uses the power of its Rule-based Policy Engine to prevent a minor problem like disk space from becoming a major issue that could negatively impact the performance and the security of Endpoints within the estate. It simplifies the process of detecting devices that are low on disk space. 1E Endpoint Automation can also provide capable users with self-service options to fix issues with disk space or automate the process of clearing of disk space for users that are less capable.