Jump to content

New Dynamic Group based on Static Groups


Palps
 Share

Go to solution Solved by MichalJ,

Recommended Posts

Hi together,

 

I was already searching for this question but I couldn't find an answer.

 

Is it possible to create a new dynamic group based on more then one static group?

 

The background is that we have several locations and I want each admin to maintain their own devices. So my idea was to create a new dynamic group based on the static groups (synchronized from the AD) which belong to this location. Each location has it's own groups in the ad for clients and server.

This new dynamic group, containing all devices from the different static ad groups should be used for a location based dashboard.

 

Or is there a more simple way to create a dashboard where the admins have an overview about their own devices?

IP based is not an option because our users are traveling very much, so they are getting a different IP address in each location.

 

Thank you in advance :)

Link to comment
Share on other sites

Hi together,

 

I was already searching for this question but I couldn't find an answer.

 

Is it possible to create a new dynamic group based on more then one static group?

 

The background is that we have several locations and I want each admin to maintain their own devices. So my idea was to create a new dynamic group based on the static groups (synchronized from the AD) which belong to this location. Each location has it's own groups in the ad for clients and server.

This new dynamic group, containing all devices from the different static ad groups should be used for a location based dashboard.

 

Or is there a more simple way to create a dashboard where the admins have an overview about their own devices?

IP based is not an option because our users are traveling very much, so they are getting a different IP address in each location.

 

Thank you in advance :)

 

 

+1 on this, I was looking for the same thing, even with static and dynamic groups combined :)

 

thx

Link to comment
Share on other sites

I think it is not possible

the only thing you can do is to create static groups with subfolders or you will have to give rights on all the folders for each users

Edited by comunic
Link to comment
Share on other sites

  • ESET Staff

Basically, what you can do, for dashboards / groups, you can create a structure in the way:

 

Location 1 (static group)

- desktops (static group)

- servers (static group)

- whatever... (static group)

 

Location 2 (static group)

- desktops (static group)

- servers (static group)

- whatever... (static group)

 

When creating users, you can grant them access to a specific static group.

This will filter their view in "Computers" to only selected sub-tree (Admin 1 = Location 1, Admin 2 = Location 2).

All dashboards will be filtered to that view as well.

 

You can still have "root" administrator, that has access to all groups.

 

If this is not working for your case, and you want to filter just the dashboards, you need to duplicate report templates for each one of the users, and you have to define "filter" to each by the selected static group. So you will have general dashboard, and dashboard for user 1 and dashboard for user 2.

Link to comment
Share on other sites

First, thanks for your prompt answer.

 

But how can I be sure that I don't miss any device in this folders? I assume they would have to be maintained manually without AD sync.

Via the AD synchronized static folders I can be sure, that I don't miss any device and can check if there are devices which are not managed yet.

 

In our infrastructure only devices in our AD are getting ESET, so the synchronized folders are the best way to check if there are devices without ESET installed.

 

Thanks!

Link to comment
Share on other sites

  • ESET Staff
  • Solution

Ok, if I understand this correctly, your active directory structure does not copy the location structure, is that correct?
If this is not the case, and you have it done by location, then it should not be a problem. Basically you will periodically run the AD sync task and ERA will make sure, that correct computers are in correct groups.

Even if a new computer is added to a corresponding AD group, it will be synced to ERA.

 

In ERA, device can be a member of only ONE static group at a time. Meaning, if it synced from AD, you can´t keep it there, and at the same time has in the other static group (per my advice above).

 

Other solution I have in mind for you, is to have location-based dynamic groups, based on the peer certificates. Meaning, if agent is using a specific certificate, it will fall into the particular dynamic group.
You will have to create multiple agent certificates, based on locations, and apply them to agents via policies. Also use those certs upon agent installation on computers.

You can then use those dynamic groups as filters for reports.

Link to comment
Share on other sites

Our AD structure is synchronized on a daily basis to our ERA.

 

I just checked permission sets and native users.

I created a new permission set for location 1 and assigned only the static groups for location 1 and as you said the reports are automatically adapted according to the permissions of the user.

 

I also like the idea with the different peer certificates and the dynamic group filtered by it. This would be the option I would go for but I discussed this topic with my colleagues again and we decided to go for the reports filtered by the different location subnets.

Simply because we are one company and we have to support each other. So when a user is traveling and has a virus or problems with ESET the admins of the user's current location have to support because they are on-site and may provide the better support then the remote admin.

 

Thank you very much for your information.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...