lleysan 1 Posted August 9, 2023 Share Posted August 9, 2023 Hello everyone! I ran into the problem of missing exceptions or filters to create exceptions. Maybe there is a solution, let me know please. Problem: There is a dynamic group that, when a computer enters there, applies a number of policies to the object. There is a static group to which I want the PC to be removed from the dynamic group and thus the policies set for the dynamic group are not applied to it, but those that are set for the static group are applied. I did not find an option to set the filter for a dynamic group to exclude if the object is in a static group. Also, I did not find any options for setting policy enforcement exceptions. Are there any options how to implement this? I found only an option with duplication of all policies and forced application of parameters, but this is not an option. I then need to duplicate both the policies themselves and then making any change to duplicate each setting. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,306 Posted August 9, 2023 Administrators Share Posted August 9, 2023 There are no such exceptions possible. However, if you give a concrete example of what you would like to achieve, maybe we could suggest a way how to accomplish it, e.g. using parent and child groups somehow. Link to comment Share on other sites More sharing options...
lleysan 1 Posted August 9, 2023 Author Share Posted August 9, 2023 The main idea behind this implementation is the requirement to clear policies before deleting a device. According to the steps: 1. Reset Endpoint settings 2. Stop computer management 3. Remove computer from databaseTherefore, to implement the first point, I would like to come up with some kind of container where I would move computers before deleting them. The fact is that the second step is not performed for me, if I do not take the first one, the task hangs endlessly in work and does nothing. I tried to ignore the first two steps and go straight to the third one, but then the next time the device is connected to the network, it again appears in my console as a new but not activated device. Maybe if the options are how to perform the first step in a different way? Link to comment Share on other sites More sharing options...
lleysan 1 Posted August 25, 2023 Author Share Posted August 25, 2023 Hello everyone! Really nobody knows how to implement it? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,306 Posted August 25, 2023 Administrators Share Posted August 25, 2023 It is not possible to create exclusions from dynamic groups. However, you can use nested dynamic groups and let the policies from the parent and other superior dynamic groups propagate to lower level groups. Link to comment Share on other sites More sharing options...
Recommended Posts