Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

User Mode, OU's GUPs, Servers - How best to handle

Updated: 26 May 2010 | 1 comment
RAJP's picture
RAJP
0 0 Votes
Login to vote

We are using user Mode. We have an AD OU called Remote Office. Each remote office is on its own subnet. Each remote office has a server that will become its Group Update Provider.

Servers, since no one logs into them, are in a non-AD group called Servers using Computer Mode.

We need a Location-specific LiveUpdate policy for each subnet to define the GUP. We created a new Location for each subnet in the Remote Office OU and defined the GUP.

So far so good, except it doesn't work because the servers are in a different group and do not get that Location-specific LiveUpdate policy telling them that they are the GUP. We confirmed this by creating a second Location-specific policy in the Servers group.

Obviously we do not want to have to create two Location-specific LiveUpdate policies for each subnet, one in the Server group and one in the Remote Office OU.

Is there another way to do this? If we create a LiveUpdate policy definging the GUP, it replaces all of the existing ones where it's assigned.

Thanks for your thoughts,

Ray

Discussion Filed Under:
, , ,

Comments

David Slatter's picture
16
Apr
2009
0 Votes 0
Login to vote
David Slatter
Symantec Employee

User mode

If at all possible I'd try and avoid user mode mainly because it adds complexity to any SEP design and inherently ties the SEP infrastructure to you AD design. There are few cases where this makes sense as the two are usually setup with very different purposes in mind.

A good practice in setting up SEP is to create the locations at the root (My Company) level, then create you client groups, keeping the structure as simple as possible (Often just a "Workstation" and "Server" group will suffice) and once this is done, break inheritance by unchecking the "Inherit policies and settings from parent group x". You can then customise policies specific from that group.

To answer you question about GUPs, you need to make sure the GUP belongs to a group and location that has applied to it the LiveUpdate policy that designates itself as the GUP otherwise it won't know it is a GUP. You can create the one LiveUpdate policy and apply it to both the server and workstation groups and the specific location.

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,017