4 Replies Latest reply on Aug 22, 2017 1:58 AM by nineminds

    Difference Between Policy Assignment & Policy Assignment Rules

    nineminds

      Hi,

       

      I am new with ePO, would like to know what's the difference between Policy Assignment (PA) vs Policy Assignment Rules (PAR)

      I can see if using PA then the rules that we applied is there under System Tree, but seems like PAR is almost the same just that the method to apply is different

      Any articles or simple explanation is highly appreciated

       

        • 1. Re: Difference Between Policy Assignment & Policy Assignment Rules
          twenden

          In our environment, we use policy assignment rules to apply certain policies to say Tags. As an example, I have a policy assignment rule called Virus Scan 8.8i Patch 9 Test. As shown below, this rule is tied to a Tag called Patch9Test and a policy that pulls a patch from the evaluation branch. So when I want to test a new VSE Patch, then all I have to do is apply that Tag to select systems. These systems would then pull is the assigned policy. I use policy assignment rules a lot. We have ones that deactivate encryption, test scan engines, enable ENS Firewall etc.

           

           

          • 2. Re: Difference Between Policy Assignment & Policy Assignment Rules
            nineminds

            Is it okay to define, PA is the Policy that will be permanently assigned to Groups, and PAR is like add-on method to assigned test or temporary Policy, since PAR is much more easy to be used with Tags and Tags computer sometimes doesn't really sits in a group if u have multiple sites in your Organization.

            • 3. Re: Difference Between Policy Assignment & Policy Assignment Rules
              Moe Hassan

              Policy assignment : You create your custom policies and apply to containers in system tree. Now, IF a system is moved out of a particular container where you have that policy applied, depending on the parent container, it may get lost and it will revert to default policies. If you have a tight grip on movement on system tree movement, this is fine.

               

              Policy assignment rules : To overcome the issue I just described above, you can create custom "Tags", associate your desired policies with these tags and finally apply that tag to systems. This way, even if the systems are moved around in the system tree, they will retain policies as long as they have the tags.

               

              If you have well organized system tree, folder/container based policy assignment is fine. If you want to make sure certain systems get certain policies, you can add PAR in addition. So you can use both.

              • 4. Re: Difference Between Policy Assignment & Policy Assignment Rules
                nineminds

                Very nice explanation Sir, thanks for this

                Now i understand the difference for this two methods