cancel
Showing results for 
Search instead for 
Did you mean: 
JayMan
Level 10
Report Inappropriate Content
Message 1 of 4

Is it possible to 'layer' policies in ePO?

Jump to solution

Hi All,

Just wondering if it is possible 'layer' policies in ePO, similar to what is done in Active Directory Group Policies.

So... Instead of Setting Policy 1 at the Root, and then at a sub folder breaking inheritance & applying Policy 3... Can you set Policy 1 at the Root, and then at a sub folder set Policy 2 and have the policies combined to = Policy 3.

This will save us from having to duplicate common setting across multiple policies (which is a massive management overhead).

Cheers!

Message was edited by: JayMan on 6/10/11 5:04:28 PM
1 Solution

Accepted Solutions

Re: Is it possible to 'layer' policies in ePO?

Jump to solution

You can not do what you want as a general rule. In the case of products such as Host Intrusion Prevention (HIPS) IPS policy that have "slotted" policy design, you can make multiple assignment of policies at different branches. They do not behave the same as Microsoft Group policy that supercede each other. The policies are combined following the rules of the product policy design.

Policies that are not slotted can only have policy assignments that replace the policy of the parent once inheritance is broken.

Take a look at https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/20000/PD20752/en_US/....

In ePO 4.6 you can also assign policy via policy assignment rules and tags which can be quite flexible to get specific policy assigned to computer without changing the policy on ePO branch/group.

Message was edited by: HBullock on 10/6/11 10:44:56 PM CDT
3 Replies

Re: Is it possible to 'layer' policies in ePO?

Jump to solution

You can not do what you want as a general rule. In the case of products such as Host Intrusion Prevention (HIPS) IPS policy that have "slotted" policy design, you can make multiple assignment of policies at different branches. They do not behave the same as Microsoft Group policy that supercede each other. The policies are combined following the rules of the product policy design.

Policies that are not slotted can only have policy assignments that replace the policy of the parent once inheritance is broken.

Take a look at https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/20000/PD20752/en_US/....

In ePO 4.6 you can also assign policy via policy assignment rules and tags which can be quite flexible to get specific policy assigned to computer without changing the policy on ePO branch/group.

Message was edited by: HBullock on 10/6/11 10:44:56 PM CDT
Highlighted
JayMan
Level 10
Report Inappropriate Content
Message 3 of 4

Re: Is it possible to 'layer' policies in ePO?

Jump to solution

Thanks for confirming my thoughts. I find it interesting that a Product Enhancement Request I loaded about 12 months ago was closed as 'already in product'.

Policy assignment rules wont help with what I want unfortunately, as it still means having the same 'common' settings applied to mulitple policies. So then when maintaining those common settings you need to do so with multiple policies...

As a person who looks after alot more than just ePO, this is a big pain in the butt, due to the extra management overhead...

Re: Is it possible to 'layer' policies in ePO?

Jump to solution

I feel your pain.  I have implemented common generic policies at My Organization for just that reason. I can not maintain multiple policies when the same updates have to be applied to many policies.

I have made some suggestions as well, but they are too involved to type them here and do them any justice in terms of completeness and clarity.

They will again be raised at Focus once I get to the right person.

Message was edited by: HBullock on 10/6/11 11:42:35 PM CDT