Manualshelf

Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption
81828384858687888990
Security Management Server v10.2.11 AdminHelp
inventory. Once that endpoint group is established, you could then apply a specific policy set to just the
endpoints in your specified locale.
Conversely, creating an endpoint group based on a platform type would not be useful because policies
are already grouped by platform.
Endpoint groups are created using a group specification. This specification allows you to define the
endpoint characteristics used to add endpoints to a group. You cannot manually add endpoints to
endpoint groups. The system, based on the characteristics in the endpoint group specification,
automatically manages endpoints and endpoint group membership.
Endpoints can be members of many endpoint groups simultaneously, as there is no mutual exclusion
requirement for endpoints in groups. All endpoints are included in the default endpoint group in addition
to any defined endpoint groups that they may be a member of. This is similar to the way users are a
member of the domain they are a part of, in addition to any security groups. Like the user group
mapping, the endpoint group mapping creates a potential policy arbitration problem for endpoints. To
resolve this problem, the default endpoint group has the lowest possible precedence, and cannot be
altered. The endpoint groups that you create have medium precedence by default. For more information
on group precedence, see Modify Group Precedence
.
Endpoint Group Specification
The endpoint group specification is a domain specific language that allows you to define groups. The
endpoint group specification consists of a set of operators and a set of data fields that these operators
can be applied to. A group specification is a Boolean expression that is evaluated per endpoint to
determine whether or not a endpoint is a member of a group.
The information obtained to assign endpoints to endpoint groups happens when inventory is received,
not at activation time. If you set up endpoint groups, all endpoints will stay only in the default endpoint
group until inventory is received.
Group specifications are created using the following fields and expressions. Multiple fields and
operators can be used in a single group specification.
Field Name Description
CATEGORY
Endpoint category: WINDOWS, MAC, SED
UID
Windows hostname
DISPLAYNAME
Fully qualified hostname
OSVERSION
Operating system version as reported in inventory. Dell
recommends using other available fields, as discrepancies in
operating system versions may reduce the usefulness of this
field.
OS
Operating system name as reported in the endpoint's inventory
PROCESSOR
System processor information
SERIALNUMBER
Endpoint serial number
LOCALE
The current locale of the endpoint. This is typically only
reported by Encryption Enterprise.
WINCOMPUTERNAME
Fully qualified hostname
ASSETTAG
Asset tag of the computer manufacturer
SHIELDVERSION
Version of Encryption client
AGENTVERSION
Agent version for Manager
PLUGINVERSION
Plugin version for Manager
MEMBEROFGROUP
Active Directory group name
MEMBEROFDOMAIN
Active Directory domain name
SEDPRESENT
All SED clients
69