A group in Enterprise Console is a collection of computers that will use the same policies. In ADSync, these groups are similar to your Organizational Units (OUs).
Groups and sub-groups are logical divisions that share common policy requirements. A new group is needed whenever you have a computer that requires a different Updating, Anti-Virus and HIPS, Firewall, Data Control, Device Control, Application Control, Tamper Protection, Patch, and/or Web Control, policy to the other computers on your network.
A common example of the need for multiple groups is for servers that have a special updating schedule in place so that the network is updated during quieter times of the day. Those servers will need their own group in Enterprise Console with a special updating policy applied, but they may share all other policies with the endpoint computers on your network.
We have compiled the following advice for designing your computers groups in Enterprise Console
If you don't have an existing structure, or you would rather create a new one, we find that a lot of our customers use location or department as a basis for their groups. So they may use a schema like:
City Department Laptop
At the minimum, you should create separate groups for your endpoints and servers, as you will likely want different scan settings and update schedules for your servers to ensure that scans and updates don't create server access delays.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.