Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1516
Views
10
Helpful
2
Replies

Parent/Child groups Endpoint Upgrade Policy

Go to solution
verasme
Level 1
Level 1

‎01-26-2022 09:56 AM - edited ‎01-26-2022 09:59 AM

I have a group and child groups. I can separately assign Endpoint versions to each group in the Product Updates section of their respective policy object. If I set the policy at the parent group to offer a new version of the Endpoint in the Product Updates section, and then set the product version in the policy for the child group to None will the child group receive the updates set by the policy at the parent group?

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
johnosn
Level 1
Level 1

‎01-26-2022 02:14 PM

The endpoint version is not set on the group, but on the policy and you do not need to set a unique policy for every distinct group. If you want this to work, then you would specify the policy at the parent group and then have the child groups inherit the policy.

 

Scenario

You have the following groups:

  • "Workstation Parent Group"
    • "Workstation Child Group - HR"
    • "Workstation Child Group - IT"

You also have a single policy:

  • "Workstation Policy"

Both of the workstation child groups are nested under the workstation parent group.

On the "Workstation Parent Group" you would assign the "Workstation Policy".

On both of the workstation child groups you would set the policy as "Inherited Policy (Workstation Policy)"

 

Then when you change the version on the "Workstation Policy" it would be deployed to the parent and all child groups that are set to inherit that policy.

 

Policies get deployed as a single XML file to the connector software. The Cisco Secure Endpoint console will not allow you to only let a portion of the policy be inherited. It is all of that policy or none of that policy.

 

 

 

 

View solution in original post

2 Replies 2

Go to solution
Ken Stieers
VIP
VIP

‎01-26-2022 10:10 AM

No...There is no policy inheritance in the Secure Endpoint

0 Helpful

Go to solution
johnosn
Level 1
Level 1

‎01-26-2022 02:14 PM

The endpoint version is not set on the group, but on the policy and you do not need to set a unique policy for every distinct group. If you want this to work, then you would specify the policy at the parent group and then have the child groups inherit the policy.

 

Scenario

You have the following groups:

  • "Workstation Parent Group"
    • "Workstation Child Group - HR"
    • "Workstation Child Group - IT"

You also have a single policy:

  • "Workstation Policy"

Both of the workstation child groups are nested under the workstation parent group.

On the "Workstation Parent Group" you would assign the "Workstation Policy".

On both of the workstation child groups you would set the policy as "Inherited Policy (Workstation Policy)"

 

Then when you change the version on the "Workstation Policy" it would be deployed to the parent and all child groups that are set to inherit that policy.

 

Policies get deployed as a single XML file to the connector software. The Cisco Secure Endpoint console will not allow you to only let a portion of the policy be inherited. It is all of that policy or none of that policy.

 

 

 

 

Customers Also Viewed These Support Documents