3 Replies Latest reply on Sep 11, 2014 7:57 AM by Peter M

    Potential issues of System-based PARs with 'does not have tag'




      Different query, but related to earlier post related to performance.  With a 'has tag' approach, you are in control of what has the tag.  With a 'does not have tag' approach, in my mind you lose control - take the following scenario:


      - HIPS is deployed to 3000 clients (laptops, workstations etc)

      - HIPS is being deployed to 2000 servers.  200 of these servers have the tag 'FOO'

      - System-based PAR dictates that Policy 'PolicyX' is assigned to all systems that do not have tag 'FOO'.  Not getting into too much depth, but the main high level reason behind this is to temporarily assign a log-only protection policy to systems that do not have tag 'FOO' during content update/patch/hotfix deployments.


      Main issue with this is that as a result of this below, the policy will be assigned to the clients also, when we only need to apply it to the servers.  We could add another selection criteria - AND has tag 'Server' which will get around this.


      I appreciate that the above has kind of included the answer, but I am posting this as more of a sanity check, and for an open discussion :-)