Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 5 subscribers
  • Views 1989 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User/Computer Container

Agonist_Inhaler

Hi,

Is there a way to maybe programatically create and move users/computers to a created Group in MC?

I am just wonder if its possible to create a group inside MC and be able to move Users or Computer to this group. The reason why I am asking is becase we have a rather complex OU in our AD and I can't deploy same policy on specific group of users or computers because they are members of different OU.

I'm thinking that I can perhaps move these Users/Computers temporarily to an OU in our AD where they can all be together then sync in on SafeGuard MC then after the Groupings are reflected on MC I can just put them back. But this would require a lot of involvement from our IT and approvals from different department heads.

Thanks,

:6277


This thread was automatically locked due to age.
  • 0

    You should just be able to use AD security groups for this.

    Create a security group in AD, add in all the accounts that you want to apply the policy to, then sync the MC. Then just link the policy at the highest OU level that encompasses all the accounts, remove "Authenticated Users" and "Authenticated Computers" from the policy Activation pane and drop in your AD security group. That way the policy will only apply to the users or machines that you've placed into the group.

    :6631
  • 0
    Spad wrote:

    You should just be able to use AD security groups for this.

    Create a security group in AD, add in all the accounts that you want to apply the policy to, then sync the MC. Then just link the policy at the highest OU level that encompasses all the accounts, remove "Authenticated Users" and "Authenticated Computers" from the policy Activation pane and drop in your AD security group. That way the policy will only apply to the users or machines that you've placed into the group.

    Spad,

    That is a really good solution to the problem. Thank you for posting it. I would also like to add that while it's possible to create a group and assign Users and/or Computers to the Group, it can also be done programically using the SGN API. Then assign the policy to using the SG Management Cetner. In the SGN installation ZIP file, in the samples directory are sample scripts to help someone get started.

    :6647
Unfiltered HTML