Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 1762 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Policy Exception?

DJ

Just evaluating at the moment and im ompletely new to the Enterprise console so excuse me if this is a silly question. 

In our mcafee console we have a couple of pcs within an ou which do not have the same policy as the other clients. 

How do i create exceptions in the sophos console? I only seem to be able to assign a policy to an OU.

Best Regards

Dave Jerome

:2588


This thread was automatically locked due to age.
  • 0

    Hello Dave,

    SEC assigns policies to groups. If you want to snychronize the AD structure you need different containers in AD for computers with different policies. If you just "mirror" the AD structure initially you can create sub-groups (but then you have to assign new computer manually to the correct groups).

    Christian

    :2608
  • 0

    Hi,

    With the inclusion in SESC 9 of the command line parameter -G

    http://www.sophos.com/support/knowledgebase/article/12570.html

    to specify the SEC group at install, this might give you an alternative to using AD Sync.  So you could import the AD structure into SEC and trim away all of the non computer groups.  Then based on some logic in a deployment script (maybe a start-up script) pass the relevant group path to setup to ensure they machine is placed in the right group and receives the correct policies at install.  The script would need to check for the presence of SAV already being installed to save a redeployment loop :).  http://www.sophos.com/support/knowledgebase/article/13090.html has some info you could use regarding this.

    The mapping logic could use, IP address, substring of the computername, a particular registry key created in the image, anything that can be checked to provide the mapping.  Or you could simply have hardcoded groups and multiple start-up scripts linked to different OUs.

    I hope this offers a possible solution if re-organising your AD containers is not possible.

    Thanks,

    Jak

    :2664
Unfiltered HTML