Table of Contents
Advertisement
Inheritance
Inheritance is an important property that simplifies policy and task administration. Because of
inheritance, child groups in the System Tree hierarchy inherit policies set at their parent groups. For
example:
•
Policies set at the My Organization level of the System Tree are inherited by groups below it.
•
Group policies are inherited by subgroups or individual systems within that group.
Inheritance is enabled by default for all groups and individual systems that you add to the System
Tree. This allows you to set policies and schedule client tasks in fewer places.
To allow for customization, however, inheritance can be broken by applying a new policy at any
location of the System Tree (provided a user has appropriate permissions). You can lock policy
assignments to preserve inheritance.
Considerations when planning your System Tree
An efficient and well-organized System Tree can simplify maintenance. Many administrative, network,
and political realities of each environment can affect how your System Tree is structured. Plan the
organization of the System Tree before you build and populate it. Especially for a large network, you
want to build the System Tree only once.
Because every network is different and requires different policies — and possibly different
management — McAfee recommends planning your System Tree before implementing the McAfee ePO
software.
Regardless of the methods you choose to create and populate the System Tree, consider your
environment while planning the System Tree.
Administrator access
When planning your System Tree organization, consider the access requirements of those who must
manage the systems.
For example, you might have very decentralized network administration in your organization, where
different administrators have responsibilities over different parts of the network. For security reasons,
you might not have a global administrator account that can access every part of your network. In this
scenario, you might not be able to set policies and deploy agents using a single global administrator
account. Instead, you might need to organize the System Tree into groups based on these divisions
and create accounts and permission sets.
Consider these questions:
•
Who is responsible for managing which systems?
•
Who requires access to view information about the systems?
•
Who should not have access to the systems and the information about them?
These questions impact both the System Tree organization, and the permission sets you create and
apply to user accounts.
Considerations when planning your System Tree
®
®
McAfee
ePolicy Orchestrator
Organizing the System Tree
4.6.0 Software Product Guide
12
123
Advertisement
Chapters
Table of Contents
