1 Reply Latest reply on May 9, 2013 4:33 AM by Attila Polinger

    Are Policy Subsets available?




      Is there a way in ePO to have subsets of policies? (I'm sure there must be a better word for it).  


      For example, if we look at VSE configuration and exclusions, ideally I want to be able to:


      - define a list of exclusions for SQL server

      - define a list of exclusions for Microsoft recommended Exclusions

        - define a list of exclusions for another application etc.


      Obviously this is possible with diffent policies, but really what I want to be able to do is then take a branch of the of the System Tree and say that for these machines apply a policy that contains the list of exclusions from both the "SQL server" and "Microsoft recommend exclusions" list that I defined above.


      Therefore meaning that if I need to change the "Microsoft recommended Exclusions" list then I just do it in one place, and it filters through into the any policy referencing the above lists - rather than today have to check every policy that I think maybe affected.   I suppose it's like saying that I want to be able to apply two "On-Access Default Processes Policies" to a system branch and then have ePO merge the policies when applying it to a client.


      Obviously I've used VSE exclusions for example purposes, but this could be VSE Access Protection or any other application.


      Hopefully you'll understand what I'm trying to explain.


      I'm currently running ePO 4.6


      Anything possible in 4.6 or 5?.


      Thank you



        • 1. Re: Are Policy Subsets available?
          Attila Polinger



          did you consider using the policy assigment rules? These might be just for the purpose you mention here, I think. You create a policy assigment rule for all your SQL server another for all your Exchange servers. First rule have the policy with exclusions for SQL servers the second with exclusions for Exchange.


          You need to apply tags your particular servers for this and assign the respecitve policy rule to those tags (the policy will be applied to systems that have those tags). All you need to make sure that your tags are applied to each new server that are created.


          See also ePO 4.6 manual p. 166.


          Otherwise what prevents you from applying the exclusions in the general policy? You can say that those exclusions will be never met in the case of non-SQL and non-Exchange servers, and according to my (previous) information, around 1000 exclusions will there be a noticeable lag in OAS scanning.. Just being curious...




          Message was edited by: apoling on 09/05/13 11:33:32 CEST