Policies (esp. Exclusions Policies) need to work like Group Policies: Cumulatively
In smaller systems, particularly, one has maybe a dozen servers, each with multiple roles. Those roles all call for different exceptions. For redundancy at least 2 servers will perform at the same role, So no 2 servers are likely to have the same roles, and no 2 servers, therefore, will have the same exceptions.
With Group Policy, I can create multiple, granular GPOs and link multiple, prioritized GPOs to a single OU.
In SEPM, I'd like to create granular Centralized Exclusions Policies for each server technology, and link multiple, prioritized Policies to SEPM Groups (that each may contain only 1 server). Like Group Policy, it would be a lot more self-documenting, and much easier to manage. We'd also need a tool to show the cumulative effects of the various Policies, simliar to Group Policy Modeling/Results in GPMC.
Comments
I cannot agree
I cannot agree more.
Especially for enterprise organisations that use AD synchronisation in SEP, this would be a more than welcome improvement.
Agreed, but with current model, it is hard for them to do
I agree this is one of better ways to set up server av scan exclusion, we do not want to broad centralize exclusion to all servers, and It would be troublesome to access individual server to add additional exclusion on each server. I really wish they can provide those function in the product or updated release. Few things that I could do with automated exclusion fashion in SAV, now I can not do those with SEP. such as, migration of individual server av scan exclusion to SEP (note: not the centralized one), native system environment variable, I want to use %username% to allow current logon user to exclude the Windows desktop search indexing to increase desktop search performance. I also wish Symantec will support SEP policy consolidation.
I agree with that... this
I agree with that...
this will simplify policy administration.
Nel Ramos
What about a Roll Up
Could this be modeled after the custom IPS library? For example, you create an list of exclusions for a server acting as a web server, another for your mail server, another for DC's, etc. Then, for each group of clients, you enable each exclusion as needed for that group.
As it is, we are creating a base policy which is applied to all servers, then making copies of that policy to build additional exceptions for specialized servers. When we need to change the base policy, I have to manually replicate that change across *every* CE Policy I have.
Would you like to reply?
Login or Register to post your comment.