Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherEPOLICY ORCHESTRATOR 3.6 - WALKTHROUGH GUIDE
31323334353637383940
When a system is sorted into Lost&Found, it is placed in a subgroup named for the system’s
domain. If no such group exists, one is created.
NOTE: If you delete systems from the System Tree, you also need to remove their agents.
Otherwise, these systems continue to appear in the Lost&Found group because the agent
continues to communicate to the server.
Inheritance
Inheritance is an important property that simplifies policyand task administration. Because of
inheritance, child groups in the System Tree hierarchy inherit policies set at their parent groups.
For example:
Policies set at the My Organization level of the System Tree are inherited by groups below
it.
Group policies are inherited by subgroups or individual systems within that group.
Inheritance is enabled by default for all groups and individual systems that you add to the
System Tree. This allows you to set policies and schedule client tasks in fewer places.
However, inheritance can be broken by applying a new policy at any location of the System
Tree (provided a user has appropriate permissions) to allow for customization. You can lock
policy assignments to preserve inheritance.
Considerations when planning your System Tree
An efficient and well-organized System Tree can simplify maintenance. Many administrative,
network, and political realities of each environment can affect how your System Tree is
structured. Plan the organization of the System Tree before you build and populate it. Especially
for a large network, you want to build the System Tree only once.
Because every network is different and requires different policies — and possibly different
management — McAfee recommends planning your System Tree before implementing the
software.
Regardless of the methods you choose to create and populate the System Tree, consider your
environment while planning the System Tree.
Administrator access
When planning your System Tree organization, consider the access requirements of those who
must manage the systems.
For example, you may have very decentralized network administration in your organization,
where different administrators have responsibilities over different parts of the network. For
security reasons, you may not have a global administrator account that can access every part
of your network. In this scenario, you may not be able to set policies and deploy agents using
a single global administrator account. Instead, you may need to organize the System Tree into
groups based on these divisions and create accounts and permission sets.
Questions to consider include:
Who is responsible for managing which systems?
Who requires access to view information about the systems?
Who should not have access to the systems and the information about them?
Organizing Systems for Management
Considerations when planning your System Tree
39McAfee ePolicy Orchestrator 4.0 Product Guide