Setup guide
McAfee ePO
Advanced Suite Installer Product Guide
Page 22 McAfee ePO
Advanced Suite Installer
Policy and task inheritance in the System
Tree
Policies
By now you have noticed a recurring phrase when assigning policies and tasks. Namely “
The policy (or
task) is now assigned to that group and all its subgroups
.” In short, child objects (subgroups and
individual systems) inherit settings from their parent container unless you break inheritance at a specific
point in the tree. Recall the File Reputation policies for VirusScan that you applied earlier. We broke
inheritance on the Laptops group, and assigned the
High
protection level instead, since those systems are
often more exposed than those on the internal network.
Note: If you assign policies for a product to a group of systems where that product is not installed, there
is a zero sum effect. Since that particular product is not installed, the policy has no effect on those
systems.
Client Tasks
The inheritance concept is similar to that of Client Tasks when breaking inheritance at the subgroup or
individual system level. At that point, your choices range from selecting a different task from the Client
Task Catalog, to making a simple scheduling change without affecting the rest of the task’s settings.
Viewing Broken Inheritance
ePolicy Orchestrator provides easy visibility of broken inheritance within the System Tree.
1 Click the System Tree button on the favorites bar.
2 Highlight My Organization.
3 Click the Assigned Policies tab.
4 From the Product drop-down menu, select VirusScan Enterprise 8.8.0.
5 On the line that lists On-Access General Policies, note the Broken Inheritance column states 1
doesn’t inherit. The ability to drill down on broken inheritances provides a way to both view and reset
any policies that may have been applied in incorrectly.
6 Click on the 1 doesn’t inherit link to see the list of objects that do not inherit that policy from the My
Organization container. In this case, it is just the Laptops group. Note that the Actions button provides
an option to reset inheritance if that is ever required.
7 Click Close.
Deploy the McAfee Agent
The McAfee Agent is the distributed component of ePolicy Orchestrator. It must be installed on each
system in your network that you wish to manage. The agent collects and sends event information at
intervals to the ePolicy Orchestrator server. It also installs and updates the endpoint products, and
applies your endpoint policies. Systems cannot be managed by ePolicy Orchestrator unless the McAfee
Agent is installed.
The steps taken so far have focused on populating the System Tree, as well as creating and assigning
policies and tasks. With those now in place you can begin to deploy protection on your systems. Again,
based on their location in the tree, managed systems will inherit the policies and tasks of their parent
container. With the Deployment tasks assigned, you will now push the McAfee Agent. By installing the
Agent, the clients will begin communicating with ePolicy Orchestrator, download and install protection
based on configured tasks, and enforce policies specific to the products installed.