ServiceDesk

I need to create a deny/allow policy for computers on a certain software. I have created a new Application Metering policy and selected Allow under the Options. I have imported the Security Group into ServiceDesk that I created in Active Directory. I added both the user and computer name into the Security Group.

Once that was done, I select Apply to -- Computers -- Add Rule

I add a rule THEN: Exclude computers not in Group and browse to the Security Group. The security group itself doesn't show up, but the  OU that holds the Security Group does show up. So basically, I want to only allow this software to run if they are added to this security group.

When I update the results, no computers pull into the results sections.

How can I filter a policy to run on the members of an Active Directory Security Group? Is this possible?

Thanks,

Steven B.

You will need to use the AD Connector to import computers from security groups into the SMP database.  This will create a filter for each security group targeted by that import rule.  You can then use that filter when you create the target for the application metering policy.

We already use the AD Connector. We are able to import from Active Directory; however, the security groups don't work.

You have to create a specific rule for Security Groups and specify the Security Groups individually that you want to Import.
 

I had already made a specific rule too. Thanks for all the replies, but I figured out my issue.

When I was creating the rule, I was selecting group. However, when you import the security group from AD, it applies it as a filter, instead of a group.

So, I had to go to: Add Rule -- Exclude computers not in -- Filter, then find the filter that it created.

Instead, I was going to:  Add Rule -- Exclude computers not in -- Group, and selecting the group OU.

Thanks again

I am glad that my explanation helped.