4 Replies Latest reply on May 2, 2009 9:09 AM by jawuk


      I am trying to install HIPS on just a few machines in a particular OU. I set the task to run at the top of that Site (for example site name Building) then disable it so the OU's below ot don't get this task because I don't want it applied here. I then move to a particular OU (named Rome) then go to the task that is populated there from creating at the "Building Level", however it is disabled since it inherits the policies from the "Building" Level. After doing so, I re-enable policy and set to run immediately, then do wakeup call on that machine. Under Reporting, then wakeup call completes with no errors. However, I get a "broken inheritance" for that machine under tasks (for the task that I just tried to run - deploy HIPS). I tried to go back into that machine and reset the inheritance and try to run the task again, however it immediately breaks the inheritance again.

      How can I get this to work without having to to physically to the machine. We have many machines at remote sites so I would not be able to get on it to do a local install.

      Also, I notice if I don't set the task to run at the top level - "Building", and go to the OU where the machine is located - "Rome" and select a new task to deploy HIPS at that machine level. It works. What is going on with the "broken inheritance" issues.

      Any help will be appreciated as this is frustrating. I'm running EPO 4.0, HIPS 7.0

      Thank you!
        • 1. RE: Inheritance
          But you WANT the inheritance to be broken

          If you dont break the inheritance at that machine level (after it has inherited the task from top level first obv) then how can you enable the task at that point.....

          I dont see the problem?
          • 2. RE: Inheritance
            I'm obviously missing something fundamental here sad - this is the way (I guess) most folk use ePO - define most standard settting at the directory or site level and the create your sites and groups etc. - break the inheritance at the site level and then tailor each sites specific tasks and policy setting accordingly - everything created below the site level now has all the "customised" settings and tasks active as desired ?

            • 3. Inheritance
              That is true. Howerver, when I create the task at the parent level and say disable this. I then enable the task at the child level. So the inheritance will be broken, because we want this to be enabled at the child level. However, the task that is set to run, does not run, for example deploy the HIPS module, agent, or to remove a particular module.

              So even though the inheritance is broken at the child level, the machines in that group, or individually are not getting the task, even after performing wake-up call. Task is set to run immediately.
              • 4. RE: Inheritance
                sounds good to me. In my experience though ''Run Immediately'' is not as immediate as you think. Leave it for 10-15 minutes and see if the task as invoked on the client machine. Open thw EPO Agent status monitor to see if it kicks off (Right click on the epo agent icon taskbar and click status, or , run cmdagent.exe /show from the commandline (located in the Common Framework directory)