cancel
Showing results for 
Search instead for 
Did you mean: 

Why there are 35 policies assigned to newly created group?

Jump to solution

Hello, i just want to create one policy and remove all others. How can i do that? And i don't understand why there are 35 policies assigned to new group.

 

1 Solution

Accepted Solutions
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 10 of 10

Re: Why there are 35 policies assigned to newly created group?

Jump to solution

For each point product extension that you check in (such as VSE, ENS, Drive Encryption, etc), that extension is what adds the point product policies.  By default, to manage the systems, the default policies for each point product is assigned at the my organization level.  This is as designed so that when the agent checks into epo, it has some policy to use for each point product.  You cannot delete that default assignment - it is there on purpose so each point product immediately is in a managed state when the agent checks in.

When you set up your system tree in groups, you then can go to each group, assigned policies, then choose the point product you want to look at for policies.  You don't need to see all products at once.  For each point product, there may be one or more policies due to different categories, such as access protection, on access scanning, etc. For each policy category you want to change for that particular group, click on edit assignment, break inheritance, and choose the policy you want assigned.

You can change what policies are assigned at the my organization level by following the same process.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

9 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 10

Re: Why there are 35 policies assigned to newly created group?

Jump to solution

Where are you seeing 35 policies assigned to a group?  Do you have the filter set to show all product policies?  When you create a new group, they will receive the policies for each point product that are assigned at the my organization level unless you break inheritance at that group and assign it a different policy.  Most all products can only have one policy per product and category at a time, so you should not be seeing multiple point product policies assigned.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Why there are 35 policies assigned to newly created group?

Jump to solution

 

Creating a new group and seeing all these assigned as soon as i create it. how can i remove it all?

12.PNG

McAfee Employee Hawkmoon
McAfee Employee
Report Inappropriate Content
Message 4 of 10

Re: Why there are 35 policies assigned to newly created group?

Jump to solution

Hi whatisthis,

The short answer is 'inheritance'!

The new group will be inheriting policy from the root of the system tree (The 'my organization' level).

In the ePO/MA product guides there are sections that discuss the use of Inheritance, and more importantly  the 'break inheritance' option in MA policy to allow a device, or group to effectively ignore policy from an upper level and use only the policy defined to the group or device level.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Why there are 35 policies assigned to newly created group?

Jump to solution

But when i click on create new group, there is no option to break inheritance. And there is no way to delete assigned policies.

 What i need to do is, create a group for server, a group for workstations, then create deployment package for these groups and push package, voila. Why it's near impossible to do this ?

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 6 of 10

Re: Why there are 35 policies assigned to newly created group?

Jump to solution

You are looking at this all wrong.  You will always have policies assigned at the global root for each product.  You can't have a product installed with its extensions and not have a policy assigned, that is the way epo works.  If you choose the drop down for each particular product, you will see only a few policies for that product.  When you click on edit assignment at the group level, you can then break inheritance and assign it whatever policies you want.  But they will always have by default the McAfee default policies assigned unless you change that.

As for tasks, you would go to the assigned client tasks tab, new client task assignment and choose a task you have already created, or create new.  You might want to refer to the product guide for guidance on setting things up the way you want them to be.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Why there are 35 policies assigned to newly created group?

Jump to solution

This is extremely confusing. I still have no idea how to deploy mcafee.

By logic, i should be able to create a group, assign a policy to that group, then computers i'm adding into that group should be done.

I will try to read more to understand mcafee's logic.

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 8 of 10

Re: Why there are 35 policies assigned to newly created group?

Jump to solution

Policies are merely settings that control the behavior of the software.  For deploying products, those are tasks, not policies.  If you go to the main menu, client task catalog, go to the mcafee agent, deployment.  Then create a task that will push out the desired software.  Next, go to the system tree, desired group, click on assigned client tasks, then new task assignment.  Choose McAfee agent, deployment as type and then choose the task you created and set it to push out on desired schedule.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Why there are 35 policies assigned to newly created group?

Jump to solution

I am not trying to use polices to deploy mcafee.

ok there are many ways to deploy mcafee and i understand them. The problem is how can i manage clients after deployment.

to do that i have to group clients and servers in system tree groups right?


And when i add them into groups i should be able to configure settings with policies.

but i still dont get why there are many policies already set in groups.

ive used symantec and trend micro in the past and never saw such weird way to manage policies. mcafee is really odd.

what i want is delete all current policies in a group and assign single policy where i can configure settings for group members.

 

Also im surprised when i try to google this issue there are no results. Its really interesting everyone using mcafee understands this and i cannot

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 10 of 10

Re: Why there are 35 policies assigned to newly created group?

Jump to solution

For each point product extension that you check in (such as VSE, ENS, Drive Encryption, etc), that extension is what adds the point product policies.  By default, to manage the systems, the default policies for each point product is assigned at the my organization level.  This is as designed so that when the agent checks into epo, it has some policy to use for each point product.  You cannot delete that default assignment - it is there on purpose so each point product immediately is in a managed state when the agent checks in.

When you set up your system tree in groups, you then can go to each group, assigned policies, then choose the point product you want to look at for policies.  You don't need to see all products at once.  For each point product, there may be one or more policies due to different categories, such as access protection, on access scanning, etc. For each policy category you want to change for that particular group, click on edit assignment, break inheritance, and choose the policy you want assigned.

You can change what policies are assigned at the my organization level by following the same process.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center