- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-18-2022 05:40 AM
What is the proper method of applying a custom exception to just a group of computers within a policy?
is there a way to do this without having to clone a policy? that seems to defeat having groups.
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-18-2022 05:56 AM
That doesn't defeat using groups... groups are the only way to define which boxes get which policy.
What you're wishing for is policy inheritance and override. Maybe someday...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-18-2022 05:56 AM
That doesn't defeat using groups... groups are the only way to define which boxes get which policy.
What you're wishing for is policy inheritance and override. Maybe someday...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-18-2022 06:10 AM
Thank you Ken,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-18-2022 06:10 AM
Hi Dave,
At this moment there is no way to apply an exclusion set to only some devices, you can have a generic Test Policy/ Test Group /Test Exclusions Set and move some machines there.
Aside of that, is suggested to have your endpoints segmented in different groups depending on the purpose of the devices there you can have:
-AMER Group Main Group
--US Group (child)
---US Workstation Group (Child)
----Design Group (Child)
----Sales Group (Child)
---US Server Group (Child)
----IT Group (Child)
----AD Group (Child)
So when you want to test some exclusion, that exclusion will apply only to the machines with the same kind of software, in the example if I want to exclude Adobe for the Design team, I don't have to create a clone of the policy because my Adobe exclusion won't affect the servers or the IT Team, it will apply only to the machines I want.
Is common seeing customers that have only 2 groups, 1 group for all the servers (regardless if they are Active Directory or Web Servers) and another group for all the workstations (regardless if on that group you can find the CEO of the company and the IT machines)
Have a good one!!
