This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Assigning a policy to one device

Hi

 

Is it possible to assign an AV policy to one device?

 

We use sync'd AD groups and this one device is in an OU with other devices. The user has asked for certain changes to accommodate a new software package which in turn requires a new policy, but I can't get approval for the OU change. 

 

Any ideas how I can assign a new policy to one device in a sync'd OU without creating a new OU/Group for it?

 

Olly



This thread was automatically locked due to age.
Parents
  • Hello Olly,

    policies are only indirectly assigned by SEC group membership. And if you use AD sync the SEC groups reflect the OUs.
    What are these certain changes? Generally if the changes are safe you can apply them to the whole group.

    Christian

  • It's mainly exclusions based on folders and some file types. Normal stuff. I suspect it's more that the vendor can't be arsed to test it so they've just asked for their files to be excluded. 

     

    Which is fine. 

     

    However it's sods law that if I exclude x,y and z on all machines in that OU then one of the machines, for which the exclusions aren't required, manages to pick up the only malware in the universe that saves itself to one of those folders. 


    Trying to make things as tight as possible. 

     

    Olly

  • Hello Olly,

    totally agree. And it's already known that the software doesn't run without the exclusions? In the majority of similar cases I've had it was clear that the vendors (or their "emissaries") had almost no idea how AV really works. Sometimes they just took my word for it that I had made the "required" exclusions ... and in other cases I actually added them only to take them back later.

    Trying to make things as tight as possible
    but this doesn't convince the powers of AD to donate an OU?

    Christian

Reply
  • Hello Olly,

    totally agree. And it's already known that the software doesn't run without the exclusions? In the majority of similar cases I've had it was clear that the vendors (or their "emissaries") had almost no idea how AV really works. Sometimes they just took my word for it that I had made the "required" exclusions ... and in other cases I actually added them only to take them back later.

    Trying to make things as tight as possible
    but this doesn't convince the powers of AD to donate an OU?

    Christian

Children
No Data