Endpoint Protection

 View Only

  • 1.  establish clear separate groups/policies, how??

    Posted Sep 22, 2010 03:59 PM

    I've read about groups and policies on this forum...

    I want to have two major groups: desktops and servers, with different settings for each AND common settings for both.

    Using the 'My Company' group/policies doesn't work for me since only one or a few policies might be the same for servers and computers.

    Is the correct way to set it up to create the client hierarchy as:

    0 My Company

    1 ALL Computers -- do not inherit from My Company, set all the common settings like LiveUpdate, un-check Lotus Notes, etc. etc.

       2 Desktops -- inherit from #1 above plus specific settings

       2 Servers -- inherit from #1 above plus specific settings

    Then under each #2 above I could set subsets as necessary and have subset-specific settings (policies)??

    Should I copy policies and make them shared or non-shared??

    Where is any documentation that would help me understand how to do what I want herein??

    Some of these policies etc. need to apply whether the computer is within the network or outside of the network...

    Thank you, Tom



  • 2.  RE: establish clear separate groups/policies, how??

    Posted Sep 22, 2010 04:45 PM



  • 3.  RE: establish clear separate groups/policies, how??
    Best Answer

    Posted Sep 22, 2010 04:45 PM

    My Company

      Default 

      Clients (do not inherit from My Company)

     Servers (do not inherit from My Company)

     

    Now go to SEPM -Policies

    Select the policy which you want different

    ADD--new policy--Configure your policy then ASSIGN it to the group you want

     

    So now

     

    My Company

      Default 

      Clients (do not inherit from My Company) --New Added Policy

     Servers (do not inherit from My Company)--Default Policy



  • 4.  RE: establish clear separate groups/policies, how??

    Posted Sep 22, 2010 05:41 PM

    I would probably create a policy with the settings you want both groups to have in common, then duplicate it then change the settings you want to be group- or location-specific.  After that, after disabling policy inheritance, assign the client policy to the specific client group and the server policy to the specific server group... or from one location (internal to network) to the next (external to network).

    "Shared" only means more than one group can use it, not that they necessarily do.  I have found non-shared policies can be harder to keep track of.  This may be stating the obvious, but changes to shared policies affect all groups using it, even when policy inheritance is off.

    I hope this makes sense.

    sandra



  • 5.  RE: establish clear separate groups/policies, how??

    Posted Sep 22, 2010 11:08 PM

    Since you only have 2 major groups. I suggest you create 2 separate policies for the servers and for the clients. so the groupings would look like this:

    My company

    - Desktop - 1st set of policies inherited by subgroups

    - Servers - 2nd set of policies inherited by subgroups

    Then modify each subgroup depending on your requirements.

    You can copy-paste policies in the SEPM console.