2 Replies Latest reply on Jan 13, 2015 11:44 AM by Richard Carpenter

    ePO 4.6.6 - 5.1 Migration

    Joshua Kennedy


      I went to training in November that was invaluable and refer to my manuals on a regular basis. I am now overseeing over 30,000 systems covering the multiple continents, domains, and about 100s of OUs inside of our ePO server. In 2015, I will be building a new ePO 5.1 server and moving / updating all the agents to the new ePO server. Currently, our 4.6.6 server is a mess of what each "expert" decided they wanted while they had responsibility for the system. 


      As I start to work out and document a company SOP (standard operating procedure) I am looking for what is working for others using McAfee products (DLP, SolidCore, AD Sync, Disaster recovery, Super Agent vs. UNC repositories, Policy concepts, trouble ticketing, etc.)


      My 1st question of many is:

      Our current ePO server has more policies than I can list (1000s is not an over statement) most not being used. We are a global company and there is a big push to have uniformity; with that in mind is it unreasonable to have one policy per domain or at least one policy per cotenant? (all software is uniform and must be approved globally so am I wrong in thinking that exceptions should be close to the same too?)  


      another question I have is:

      Currently AD sync is done at the domain level for some sites and at the OU level for other sites.  What would be the advantage or disadvantage to moving everyone to Domain level AD sync and having that be the standard?

        • 1. Re: ePO 4.6.6 - 5.1 Migration
          Peter M

          Moved to ePO for better support - Moderator

          • 2. Re: ePO 4.6.6 - 5.1 Migration
            Richard Carpenter


            We have been through a similar process of the past year. 

            We have standardised our Endpoint Policies and managed to get them down to about 10. Most of the extra policy are in the Very rusSan Low risk process group, but where possible we have decided to maintain one set of policies.

            We currently ad sync 5 domains, all at the root excluding any 'empty OUs' and this keeps our system tree pretty tidy.

            If your AD is well organised logically it helps when delegating permission sets. 



            McAfee Certified Product Specaliat - ePO