Endpoint Protection

Hi there

Our Active Directory computer objects are dynamically updated courtesy of a logon script.  Each computer object is moved into an OU according to its IP address, we have around 300 sites therefore 300 OUs.  The servers (which act as GUPs for each site) are separated from the desktops, they do not move and are located in a different part of the AD structure.  In previous versions of Endpoint it was necessary to:

i)  Synchronize the desktop OUs into the SEP console
ii)  Create a new group for each site and place the server (GUP) in this group
iii)  Create a policy for each site with the server defined as the GUP.
iv)  Assign the policy to the desktop OU and the server OU.

This system works quite well but there was a lot of work to get it going.  What I would like to know is if the new version and the GUP improvements will make life easier for this setup from here on in.

Jonathan Higgs

Hi,

In the new GUP design, you can do the following:

Suppose, site A as all the IP addresses in the range 192.168.10.* . Your server's OS is Windows Server 2003 enterprise edition. All the other machines are XP.

Then,

1.In the Liveupdate Settings policy, define multiple GUPs.
2. Add a new Rule Set in the policy for Site A
3. You can provide the OS as Windows Server 2003, and optionally you can specify the IP of the server as well.
4. So, when a client receives this policy, it should have the OS AND the IP address [ i.e your server ]
5. When you apply this policy, servers IP will be listed in globallist.xml in data\outbox\agent\gup folder in SEPM
5. when clients receive this list of GUPs, they will apply a Subnet Filter
6. So, computers of site A will only get the server's IP as a result, even if they receive a list of 100 GUPs
7. This is how they will come to know which gup to contact.
8. You can create similar rule sets for each location.




Let me know if this answers your question.

best,
Aniket