1 Reply Latest reply on Jul 18, 2011 1:50 PM by joeleisenlipz

    ePO AD Sync yes or not?

      I grandly appreciated if someone guide me to what use as ePO configuration, we are migrating to ePO 4.6 and we are revising our McAfee architecture. So the question is do we need AD Synchronization? What are the props and the cons with the ePO 4.6?

        • 1. Re: ePO AD Sync yes or not?
          joeleisenlipz

          There are only a few uses for this integration....

          1. ePO console authentication, permission sets, and auto-creation
            • This is great, and in most places it works like a champ
          2. User-based policy assignment
            • There aren't too many McAfee products that support this right now, but it does work well. Off the top of my head SiteAdvisor and the Disk Encryption stuff both can use it.
          3. System Tree asset import
            • This is where almost everyone goes wrong. If you pull from AD you need to decide on what your goal is.
              • In small environments, AD is generally pretty clean and using the same OU structure can save you time--maybe.
              • In large environments, AD is always a mess and using the directory structure is just a waste of time. Import flat lists into groups within the L&F, and then build your tree from there. Use sorting criteria to automatically clean things up, and abandon any hope of AD helping you any further.

           

          As for whether you need AD synchronization, the answer is no. You might want it, but you don't need it.

           

          Also, this all holds true for 4.5 as well as 4.6--the only change I have noticed in 4.6 is the ability to automatically tag imported systems.