Hi,

I need to apply a policy on specific machines which they are in different groups, i can not move those machines to same Group as my SEPM is integrated with AD.

Thanks

Not Poosible,

You need to create New OU and Move system that particular system and assgin policy.

See same question related thread

https://www-secure.symantec.com/connect/forums/policy-only-one-computer

I have applied AD GP on those machines which as i said they are on different OUs, if this is the case then Symantec should know about this and fix it in the next version as this is really a disadvantage for SEP Product.

I am trying to apply scanning exclusion list to those machines, if i apply the exclusion list on the head group and that apply on all machines (Scanning Exclusion) would that be an issue??

Does all Sub Group ënable Inherit policies and settings from parent group "group name" ?

If it's enable when you apply head group policy apply all machine and there is no issue.

Managing exceptions in Symantec Endpoint Protection

Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 12.1

One of the reasons that I don't use AD sync.

It's not a bug, this is by design.

You can use the moveclients.vbs utility to move clients from different groups even if they're AD synched so try that. Should be on the download ISO in Part 2 under the NoSupport folder.

Hello Sniper,

You can move AD integrated machines to different group within SEPM.

Select the OU in SEPM, Select the Computer- Right click- Select Copy 

Move it to any Groups you like. You can apply your custom policy

The machine entry in the original OU will show as Offline ( which you dont be able to get rid of )