Running into an issue with deploying the endpoint encryption software. I haven't tried this yet but I'm thinking when I create the policy for the encryption, how can I tell it what machines to deploy to. McAfee mirrors Active Directory and we have a mixture of desktops and laptops in our domain. We only want encryption on our laptops. In each OU, we have laptop and desktops. So when we create the policy and push out the agent then do a wake up agent, the encryption software will be deployed to desktops as well. Do I need to separate desktops from laptops in Active Directory? Any help on this would be appreciated.
Use Tags. Tag your machines as desktops or laptops. Then deploy software checking tags. If system has "laptop" tag, run EE deployment tasks.
You can also apply policies using tags, but this gets more convoluted.