Jump to content

Recommended Posts

Posted

I'm not clear how the V&PM enablement is intended to work. I was following this documentation to enable it, created a new Common Feature policy and assigned it directly to a PC. This led to two critical errors, "Vulnerability management is non-functional" and "Patch Management is non-functional" on each device.

I then found this documentation that indicates you must 'Enable' it on the specific container/group where you want it activated. Once I did that, it added a locked Common Feature policy and applied that policy to the test devices in that group and all was good after removing the manually created policy.

I'm finding that when I manually apply either policy to enable V&PM I get the critical errors above. It seems the only way to activate without errors is via the Solutions > Enable V&PM menu option.

I'm also finding that it can only be enabled this way for certain groups; it will let me do it on sync'd Active Directory groups (kind of), but it is not an option for any of the dynamic groups.

So it seems that the only option is to enable it at the root level, contrary to the linked documentation that says "Select the computer/group where you want to enable Vulnerability & Patch Management". It's simply not an option to apply to any of the dynamic groups.

I gather that I have to enable it at the root level, which adds the locked 'enable' policy. Then I have to create a secondary policy with the further desired settings?

It's pretty confusing between the conflicting documents and the fact it can't be applied/enabled on only specific groups. Can anyone clarify how it is intended to work?

Posted

Also just finding that the V&PM policy settings indicate that they apply to Windows and/or Linux.

It looks like none of the policy settings apply to macOS, even though it's supposed to be supported on v8 for Mac.

Are updated policies still pending for macOS?

  • 2 weeks later...
Posted

Still trying to understand how this is intended to work.

It looks like it can't be enabled for any dynamic groups -the option just isn't present.

It can be enabled on a static group, but the option to 'Always enable on new devices' isn't available on static groups. So any workstations added won't pick up the 'enable' policy.

So it seems the only option is to enable it at the root for all devices all at once. Which I'd rather not do this early in testing.

Any insights out there?

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...