Looking good. If you have a automated way to move the systems in the system tree to apply the right policy, then even better.
System sorting by tag, IP, AD sync or server tasks to move systems around.
There's basically two ways to implement policies for VSE: 1 stick everything in one policy 2. create a policy for each device type.
The first one has the potential to open "holes" on all your device but is much easier to manage, the second one is more secure but if you want to add one exception to all you devices then you have to update all your policies.
Hi, Thanks fro the response. I run an ad synch frequently. In each menu in system tree I have the synch apply to certain OU's -
How would i work it for machines that are missed. i.e. If someone created a new OU and it wasn't added to the system tree synch settings. Is that what rogue detection would do for me ?
Try synching the whole domain to the top of your organization, then continue with synching specific ou. Unsorted devices will show up at the top of your tree or in their specific OU if you sort the structure of AD.
RSD can help you as long as you have a sensor installed on every subnet, easier said than done.
System that have the McAfee agent, but didn't sync will show up in Lost and found. The key really is to get the agent in an automated manner on all your systems.