Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 1 subscriber
  • Views 8267 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to apply policies to all sub-groups?

faygate

Been wondering for weeks why my client computers haven't been picking up my policies and it turns out that even if you set the policy at the top of the group any sub-groups underneath do not automatically get the same policies. Fine if you've got a small setup, not so great if you're syncing with a complicated Active Directory structure.

Does anyone know how to do this in Enterprise Console 4.0 or even with an SQL script? Can't find an option anywhere which I think is a bit lame.

:1719


This thread was automatically locked due to age.
Parents
  • 0

    Hello Scissor,

    I expected that when I applied a new policy to the "top" of a group "tree" that the policy would be inherited by all sub-groups as well

    Understandable. But equally understandable is to expect that a sub-group for which you have created/set a special policy retains this policy. An old argument and while in theory you can have it all (well, almost all) the price is complexity with which you'd have to cope.

    If you could export/import a policy (right now this is possible only for firewall) it would cover the cases where you want to change all instances of a policy. Export the policy, make desired changes and save it. If you need to revert to changes import the previously saved settings. Leaves the problem of assigning another policy to a "sub-tree". In most cases a ramified group structure is not really necessary - sub-estates/role-base access and synchronizing with AD being the exceptions.

    Keep in mind that while the current behaviour may be a nuisance (ex-)changing policies not something you do on a regular basis. And as long as you don't have dozens or hundreds of groups (and the the question is - what for?) it's not a Herculean task.

    Christian

    :1889
Reply
  • 0

    Hello Scissor,

    I expected that when I applied a new policy to the "top" of a group "tree" that the policy would be inherited by all sub-groups as well

    Understandable. But equally understandable is to expect that a sub-group for which you have created/set a special policy retains this policy. An old argument and while in theory you can have it all (well, almost all) the price is complexity with which you'd have to cope.

    If you could export/import a policy (right now this is possible only for firewall) it would cover the cases where you want to change all instances of a policy. Export the policy, make desired changes and save it. If you need to revert to changes import the previously saved settings. Leaves the problem of assigning another policy to a "sub-tree". In most cases a ramified group structure is not really necessary - sub-estates/role-base access and synchronizing with AD being the exceptions.

    Keep in mind that while the current behaviour may be a nuisance (ex-)changing policies not something you do on a regular basis. And as long as you don't have dozens or hundreds of groups (and the the question is - what for?) it's not a Herculean task.

    Christian

    :1889
Children
No Data