Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
584 Views 4 Replies Latest reply: Oct 7, 2013 8:38 AM by andrep1 RSS
tcorrea Newcomer 21 posts since
Sep 24, 2012
Currently Being Moderated

Oct 1, 2013 1:05 PM

Pros and Cons between AD/ePO Policy Assignments

Hello everyone,

We are about to let ourcustomer know the pros and cons between administrating policies with ADmanagement or manually from ePO in order to restrict computers from usingdevices with McAfee Device Control and we need to gather some info.

¿Ideas? Thank you.

 

Tomas Correa.


Tomas Correa M.
Ingeniero de soporte.
NovaRed.

  • Laszlo G Veteran 1,213 posts since
    May 23, 2007
    Currently Being Moderated
    1. Oct 2, 2013 2:58 AM (in response to tcorrea)
    Re: Pros and Cons between AD/ePO Policy Assignments

    This depends on what you need but this can help:

     

    Do you need a specific computer to never have an USB device connected by anyone or do you need a specific user not to use USB devices on any computer?

     

    For the first option you'll need computer-based policy and for the second option you need user-based policy

  • Laszlo G Veteran 1,213 posts since
    May 23, 2007
    Currently Being Moderated
    3. Oct 4, 2013 4:25 AM (in response to tcorrea)
    Re: Pros and Cons between AD/ePO Policy Assignments

    Hi tomas,

     

    There are two different things.

     

    First one is that there's no difference adding computers manually or by an AD sync, it only create computer objects under system tree so it's up to you how you want to add them. If your AD computer groups are up-to-date then an AD sync will add all your computers (if you want to) so you know you are managing all of them.

     

    The second thing is the user policy assignement. This one can only be achieved defining an AD server under Registered Servers and an automated server task that will cache AD users (If I'm right) periodically. The example I posted before was just to make you understand that if (for example) I don't want Mr. Smith to connect a pendrive on a computer then I usually don't want him to connect a pendrive to ANY computer and that's why I need to create a user-basd policy instead of a computer-based policy

     

    Edit: For products like VirusScan (for example) you won't usually need a user-based policy but a computer-based policy

     

    El mensaje fue editado por: ulyses31 on 4/10/13 11:25:46 CEST
  • andrep1 The Place at McAfee Member 246 posts since
    Apr 26, 2011
    Currently Being Moderated
    4. Oct 7, 2013 8:38 AM (in response to Laszlo G)
    Re: Pros and Cons between AD/ePO Policy Assignments

    ¡Hola Tomas!

     

    We use Ad synch for our computer objects and also synch the OU. When you have a lot of computers and and distributed organization, it makes management a lot easier.

    One plus of synching from AD is the ability to know about computers before they are managed in ePO. You could potentially push the agent to those unmanaged devices.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points