Parametric groups not applying policy

Discussion in 'Other ESET Home Products' started by nsnidanko, Jan 11, 2011.

Thread Status:
Not open for further replies.
  1. nsnidanko

    nsnidanko Registered Member

    Joined:
    Jan 11, 2011
    Posts:
    12
    Hi All,

    Firstly I want to say hi and introduce ourselves. He are new to Eset products and just moved away from SEP. We have several locations and a lot of laptop users which move around frequently. Thus to reduce WAN traffic for updates we implemented local update servers. For every LAN (branch) I created Parametric group and assigned it specific policy.

    But they don't work: all my clients get Default Primary Client Policy instead of specific one attached to the group they can be found in. Any input is much appreciated.

    P.S.

    I can assign policies manually and they work but I want my clients to be dynamic.

    Thank you.
     
    Last edited: Jan 11, 2011
  2. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    Did you also create a rule in the policy manager to assign the policy to new clients in the specified group? If you synchronize manually does it work?
     
  3. nsnidanko

    nsnidanko Registered Member

    Joined:
    Jan 11, 2011
    Posts:
    12
    Yes I created rule in policy manager. Thing is that if i force the policy synchronization update it works good. But every time new clients connects to RA they dont apply proper policy and have a default one. This bring me back to the questions: can clients update their policy automatically based on their group or do we have to synchronize it manualy every time? If so is there a task of some sort so we can force this synchronization once every couple of hours.

    Thank you
     
    Last edited: Jan 12, 2011
  4. TyeF

    TyeF Former Eset Moderator

    Joined:
    Feb 19, 2010
    Posts:
    78
  5. iptrust

    iptrust Registered Member

    Joined:
    Apr 13, 2010
    Posts:
    9
    Hi nsnidanko,

    I have the same doubt since I started using this feature, but I never asked to ESET if there is some internal task that process "Refresh" of parametric groups. It would be very useful. Did you have any reply about this? Now, I really need to know how it works.. :D
     
  6. nsnidanko

    nsnidanko Registered Member

    Joined:
    Jan 11, 2011
    Posts:
    12
    Yes in every policy we use dual profile for updates: one is for "Internal" server when client is inside our network and another one is when client goes outside so he can update from Eset's servers. I find this very useful feature.

    Clients move around all branches and having them fully dynamic would offer enormous flexibility. We are not just planing to use policies for updates.
     
  7. nsnidanko

    nsnidanko Registered Member

    Joined:
    Jan 11, 2011
    Posts:
    12
    I've also submitted request to an eset sales engineer assisting us with deployment. I will update once i get some light into this. I know for a fact with Symantec dynamic groups automatically assign their policy to the clients but unfortunately their client product is just rubbings.
     
  8. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    I find it works better to assign a policy rule directly to a set of clients instead of a group. Have you tried just creating policy rules that are not dependant on what group the clients are in?
     
  9. nsnidanko

    nsnidanko Registered Member

    Joined:
    Jan 11, 2011
    Posts:
    12
    We have alot of clients and managing everyone individually is just not an option. We just need to have dynamic groups that proactive in "pulling" assigned policy to that group. From what I understand Eset policy works only via manual "push" method.
     
  10. iptrust

    iptrust Registered Member

    Joined:
    Apr 13, 2010
    Posts:
    9
    Sometimes parametric groups is useful for other things, such as filter on reports. But each time I need to use this kind of group, I really need "Refresh" them manually. Because that, I would like to know if there are any way to get "Refresh" automated. I hope ESET is going say this is possible. :)

    Thanks guys
     
  11. tony_m

    tony_m Eset Staff Account

    Joined:
    Nov 22, 2010
    Posts:
    239
    Hi iptrust,

    It is possible to define that time, however we recommend to use default settings. Here is how to do so:

    From the ERA Console, click Tools >> Server options >> Advanced >> Edit Advanced settings...

    You'll find time intervals for parametric groups and other frequent internal tasks here:

    ESET Remote Administrator >> ERA Server >> Setup >> Advanced >> Scheduling options for more frequent internal tasks

    Hope this helps.
     
  12. nsnidanko

    nsnidanko Registered Member

    Joined:
    Jan 11, 2011
    Posts:
    12
    Hi Tony,

    This is exactly what we were looking for. Thanks!

    On another note I've noticed a bug where a client belongs to 2 parametric groups at the same time. Our parametric groups have parameters based on subnet they belong to. Once the client moves from subnet A to subnet B you can see client in both parametric groups, even though correct policy is applied. Shouldn't they be removed from first paraetric group, since it doesn't match the "parameters" anymore?

    Please advive if you need screenshots, logs and I'll happily provide them.

    Thanks
     
  13. tony_m

    tony_m Eset Staff Account

    Joined:
    Nov 22, 2010
    Posts:
    239
    Hi nsnidanko,

    Can you please check the "sticky" option has not been checked when creating the groups?

    parametric.png

    Also, make sure you're running the latest version of ERA ( 4.0.138 ).
     
  14. nsnidanko

    nsnidanko Registered Member

    Joined:
    Jan 11, 2011
    Posts:
    12
    Yes you're absolutely right: "sticky" was enabled on those 2 groups.

    Tons of thanks!
     
Thread Status:
Not open for further replies.