This location will be checked every 'x' seconds setting
I've left this at the default of 4 seconds.
Right now because we have so many offices, I add locatons to the My Company group and there are close to 40 locations right now.
I understand for the location-awareness, it's recommended to have no more than 7 different locations and as you can see I'm well over that mark.
My questions is should I change this setting to something else like 4 hours?
I have so many locations setup because they all have a GUP at their location but otherwise policies are pretty much the same across the board.
I didn't want to start unchecking inheritance for each location because each time I make a change, I have to go to each subsequent location and make the change and it seems like a management nightmare.
Unless, I'm missing something?
Comments
How often the client checks
How often the client checks to see if it is in the correct location is entirely up to you. I wouldn't put it up into the hours range though. The point of location switching is to apply a different set of policies as soon as a condition is met, i.e. if a computer gets taken out of your local network and needs to be locked down further, these policies will be put into place immediately (4 seconds) rather than potentially 4 hours later.
What are you hoping to gain by setting a longer time in between location checks?
I'm not sure. I have my
I'm not sure.
I have my clients checking thru 40 different locations every 4 seconds. That seems excessive to me. This seems like a best practice no-no but I don't notice issues with the clients in terms of performance so I wonder if I should leave it alone or adjust it?
Endpoint Knowledge Base
Security Best Practices
Moveclients?
I try to stick to 3 different locations:
If my remote sites are single subnet sites then I use the multiple GUP list feature and don't really need many groups.
If my remote sites have multiple routed subnets/vlans then I need clients in seperate groups for the purpose of assigning GUP's or Liveupdate servers I will create the groups and then use the MoveClients script included in the Tools\NoSupport directory within the SEP media.
Your SEP clients are churning through all those groups every 4 seconds.
Your SEPM is keeping track of up to 7 unique policies per location as well as all the other settings.
Might be working ok for you now...but as things scale it becomes problematic.
Z
When I uncheck policy
When I uncheck policy inheritance, I only have 3 groups:
GUP
ON Network - but maybe I should do away with this?
OFF Network
But for the most part all my groups have policy inheritance checked.
The problem is I don't want to manage all these groups separately so I keep adding locations to the top level (My Company) and I worry about the amount of locations being added.
I'm also AD synched but will be breaking this within the next month to allow for better management.
Most of my remote sites are single subnet but there are some with multiple subnets but I just can't do multiple GUPs, mainly because of politics.
Endpoint Knowledge Base
Security Best Practices
Would you like to reply?
Login or Register to post your comment.