Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 12249 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD sync and multiple policies

JTech

Howdi. If I have a folder in Enterprise Console 5.1, which is synchronizing my client machines from multiple AD OU's, is it possible to have systems in the synchronization to have different policies, AV policy in this use? I went and made a new group with the correct policies, and then to move the machine out of the sync folder in Enterprise console, only to have "Unable to move - the following computers are part of a synchronized group and may not be moved". The only way I can see around this is to either change the synchronization.. which is a lot of work due to multiple OU's OR move the single machine in AD to a new OU, outside of the synchronized folder.. which in itself has knock-on complications. Anything I can do? Thanks.

:36227


This thread was automatically locked due to age.
Parents
  • 0

    Im just going to reuse this thread since it pertains to my question. If its rpeferrred I create a new one, please let me know and Illdo so in the future.

    Same boat as JTech. We want to avoid creating additional OU's just for AV policy reasons but want to keep sync on for ease of managment. Is there anything down the road to make this a feature and if not, for what reason(s) ? For the time being, would  setting the endpoint policy manually be a suitable workaround, even though it will constantly flag on the console?

    An example would be as opposed to a general "Order Entry Servers" OU policy which consists of the application server, batch server, as well as the SQL servers we would like to create different exceptions per server role. The batch servers dont need the SQL exceptions, SQL servers dont need the Application Server exceptions and so on. As I understand it, the less unecessary exceptions the OnAcces scanner has to look for, the better perfomance.

    Thank You in Advance.

    :51320
Reply
  • 0

    Im just going to reuse this thread since it pertains to my question. If its rpeferrred I create a new one, please let me know and Illdo so in the future.

    Same boat as JTech. We want to avoid creating additional OU's just for AV policy reasons but want to keep sync on for ease of managment. Is there anything down the road to make this a feature and if not, for what reason(s) ? For the time being, would  setting the endpoint policy manually be a suitable workaround, even though it will constantly flag on the console?

    An example would be as opposed to a general "Order Entry Servers" OU policy which consists of the application server, batch server, as well as the SQL servers we would like to create different exceptions per server role. The batch servers dont need the SQL exceptions, SQL servers dont need the Application Server exceptions and so on. As I understand it, the less unecessary exceptions the OnAcces scanner has to look for, the better perfomance.

    Thank You in Advance.

    :51320
Children
No Data