j-gray 44 Posted July 31 Posted July 31 I'm not clear how the V&PM enablement is intended to work. I was following this documentation to enable it, created a new Common Feature policy and assigned it directly to a PC. This led to two critical errors, "Vulnerability management is non-functional" and "Patch Management is non-functional" on each device. I then found this documentation that indicates you must 'Enable' it on the specific container/group where you want it activated. Once I did that, it added a locked Common Feature policy and applied that policy to the test devices in that group and all was good after removing the manually created policy. I'm finding that when I manually apply either policy to enable V&PM I get the critical errors above. It seems the only way to activate without errors is via the Solutions > Enable V&PM menu option. I'm also finding that it can only be enabled this way for certain groups; it will let me do it on sync'd Active Directory groups (kind of), but it is not an option for any of the dynamic groups. So it seems that the only option is to enable it at the root level, contrary to the linked documentation that says "Select the computer/group where you want to enable Vulnerability & Patch Management". It's simply not an option to apply to any of the dynamic groups. I gather that I have to enable it at the root level, which adds the locked 'enable' policy. Then I have to create a secondary policy with the further desired settings? It's pretty confusing between the conflicting documents and the fact it can't be applied/enabled on only specific groups. Can anyone clarify how it is intended to work? Huge-Lighter-3486 1
j-gray 44 Posted July 31 Author Posted July 31 Also just finding that the V&PM policy settings indicate that they apply to Windows and/or Linux. It looks like none of the policy settings apply to macOS, even though it's supposed to be supported on v8 for Mac. Are updated policies still pending for macOS? Huge-Lighter-3486 1
j-gray 44 Posted August 9 Author Posted August 9 Still trying to understand how this is intended to work. It looks like it can't be enabled for any dynamic groups -the option just isn't present. It can be enabled on a static group, but the option to 'Always enable on new devices' isn't available on static groups. So any workstations added won't pick up the 'enable' policy. So it seems the only option is to enable it at the root for all devices all at once. Which I'd rather not do this early in testing. Any insights out there? Huge-Lighter-3486 1
Recommended Posts