Parametric groups not applying policy

Hi All,

Firstly I want to say hi and introduce ourselves. He are new to Eset products and just moved away from SEP. We have several locations and a lot of laptop users which move around frequently. Thus to reduce WAN traffic for updates we implemented local update servers. For every LAN (branch) I created Parametric group and assigned it specific policy.

But they don't work: all my clients get Default Primary Client Policy instead of specific one attached to the group they can be found in. Any input is much appreciated.

P.S.

I can assign policies manually and they work but I want my clients to be dynamic.

Thank you.

 

Did you also create a rule in the policy manager to assign the policy to new clients in the specified group? If you synchronize manually does it work?

 

Yes I created rule in policy manager. Thing is that if i force the policy synchronization update it works good. But every time new clients connects to RA they dont apply proper policy and have a default one. This bring me back to the questions: can clients update their policy automatically based on their group or do we have to synchronize it manualy every time? If so is there a task of some sort so we can force this synchronization once every couple of hours.

Thank you

 

Have you tried creating dual update profiles?

Please refer to the following ESET knowledgebase article:

How do I create a dual update profile configuration with ESET Remote Administrator?
http://kb.eset.com/esetkb/index?page=content&id=SOLN761

 

Hi nsnidanko,

I have the same doubt since I started using this feature, but I never asked to ESET if there is some internal task that process "Refresh" of parametric groups. It would be very useful. Did you have any reply about this? Now, I really need to know how it works..

 

Yes in every policy we use dual profile for updates: one is for "Internal" server when client is inside our network and another one is when client goes outside so he can update from Eset's servers. I find this very useful feature.

Clients move around all branches and having them fully dynamic would offer enormous flexibility. We are not just planing to use policies for updates.

 

I've also submitted request to an eset sales engineer assisting us with deployment. I will update once i get some light into this. I know for a fact with Symantec dynamic groups automatically assign their policy to the clients but unfortunately their client product is just rubbings.

 

I find it works better to assign a policy rule directly to a set of clients instead of a group. Have you tried just creating policy rules that are not dependant on what group the clients are in?

 

We have alot of clients and managing everyone individually is just not an option. We just need to have dynamic groups that proactive in "pulling" assigned policy to that group. From what I understand Eset policy works only via manual "push" method.

 

Sometimes parametric groups is useful for other things, such as filter on reports. But each time I need to use this kind of group, I really need "Refresh" them manually. Because that, I would like to know if there are any way to get "Refresh" automated. I hope ESET is going say this is possible.

Thanks guys

 

Hi iptrust,

It is possible to define that time, however we recommend to use default settings. Here is how to do so:

From the ERA Console, click Tools >> Server options >> Advanced >> Edit Advanced settings...

You'll find time intervals for parametric groups and other frequent internal tasks here:

ESET Remote Administrator >> ERA Server >> Setup >> Advanced >> Scheduling options for more frequent internal tasks

Hope this helps.

 

Hi Tony,

This is exactly what we were looking for. Thanks!

On another note I've noticed a bug where a client belongs to 2 parametric groups at the same time. Our parametric groups have parameters based on subnet they belong to. Once the client moves from subnet A to subnet B you can see client in both parametric groups, even though correct policy is applied. Shouldn't they be removed from first paraetric group, since it doesn't match the "parameters" anymore?

Please advive if you need screenshots, logs and I'll happily provide them.

Thanks

 

Hi nsnidanko,

Can you please check the "sticky" option has not been checked when creating the groups?



Also, make sure you're running the latest version of ERA ( 4.0.138 ).

 

Yes you're absolutely right: "sticky" was enabled on those 2 groups.

Tons of thanks!