This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Minimizing the number of policies to maintain

I am rebuilding my Sophos Enterprise Console setup from scratch as we move (finally!) from 5.2.1r2 to 5.5.0. In the old setup we have ended up with a bunch of similar but not identical policies, due to specific subgroups of clients needing specific variations from the default - mostly additional scan exemptions due to software they run, or a different scheduled scan time.

Ideally, policies would be able to have an inheritance structure - use the default except where overridden by these specific settings, so a change in the default would affect all systems. But Sophos does not seem to support this. Has anyone found a better way to keep a flock of policies like this from drifting apart?



This thread was automatically locked due to age.
  • Hello Anne Pender,

    policy inheritance isn't simple, especially if you want more more than one level (Central has for some settings global definitions which are amended with the per-group policies), want exclude/include, or enable/disable.
    As far as exclusions are concerned, cumulated exclusions do normally no harm. I'll think about schedules ...

    Christian