I have a new EPO 4.0 installation in process. My server will manage our windows server 2000/2003/2008 servers only. We have a good mix of sql,oracle,exchange,citrix and a ton of oddball vendor owned boxes. Trying to come to grips with how best to apply policies to these servers. I don't think I can use tags effectively since our server naming convention is not the best. Would it be best to apply exclusions for example at the root of the tree and have all groups in the tree inherit? How have you configured your environment and, what would you change at this point?
I'm really about to throw in the towel here, someone talk me off the ledge!!! I used to manage our desktops only. Those were better days.
Thought I should mention. I'm protecting a total of around 400 servers. Just looking for best way to kick off migrating servers in, in a way that makes sense now and as well, can be managed effectively over the longterm.
since you are only managing 400 machines you should in theory not have that many exclusions.....yes putting all your exclusions at the root is an easy solution....try to use wildcards when you can to avoid the number of exclusions.....if the list gets out of hand and starts to exceed around 30 exclusions then create a group and assign the biggest exclusion list to that group like exchange servers for example.....yes exclusions at the root works well as long as the list is not too big.
Is the 30 exclusion limit an epo setting or are you saying just so the list doesn't start to become unmanagable? Is there a price to pay as a result of enforcing a long list of exclusions on every server instead of targetting specific server types?
No that is not a hard limit....the hard limit is much higher, in the hundreds....its just a rough number so it doesn't become unmanageable. There is no official Penalty to pay but I have seen perf hits with really big lists. Just don't let it get out of hand.
You should find it much easier to create at root then apply lower down, I run around 400 servers off on box and I dont think I have more than 40 server exceptions set in total ( got a lot of mad apps servers)
Most stuff is pretty standardised, exchange, citrix, PDCs etc etc you can use wildcards to cover drive differences (search on the KB for wildcards to see the lists/best practice)