Highlighted
Absent Member.
Absent Member.
1982 views

Policy Assignment to AD Groups

Perhaps I'm going about this the wrong way, but can someone explain if this should work or not?

I have ZESM 4.1 IR 1 installed on a Windows 2003 server with a seperate SQL box - all installed and configured fine.

Created a user source pointing at AD, and have a single OU set up with 2 groups that I want to assign the policies to. When I open up a policy and click on the publish tab, I can expand down the AD tree to the OU and can see the relevant groups I've created.

If I then add a user to one of the groups then attempt to publish a policy to the group, the ZESM Management Console says "Policy Assignment Complete", however, if I then right click on the agent on the taskbar and "Check for Update", its saying there is "No Policy Update at this time"

If I assign the policy directly to the user, then it works correctly.

Am I missing something?

The reason I want to restrict it to a single OU and specific named groups is because we've had issues in the past with multiple admins in the system overwriting users policy assignments so I want to try and control policy assignments as much as possible.
0 Likes
4 Replies
Highlighted
Absent Member.
Absent Member.

Forgot to mention, the plan is, if any users are added/removed from the groups then the policy would be re-published to the group - I'm assuming this will work also?
0 Likes
Highlighted
Not applicable

Hum, I think you're out of luck.

At least with 3.5 it doesn't refreshes group memberships once they're added to the DB. So, group memberships are only "read" at directory configuration time. You can try this by deleting and re-creating the directory config once you update the group memberships and see if they publish to the correct users.

However, I haven't tried this with the current 4.1. Good news are, this issue is addressed in ZCM/ZESM 11, since we'll be using the LDAP configuration that comes with ZCM.

HTH,
Daniel


>>>

From: andystewartSL<andystewartSL@no-mx.forums.novell.com>
To:novell.support.zenworks.endpoint-security-management
Date: 8/3/2010 5:16 AM
Subject: Re: Policy Assignment to AD Groups

Forgot to mention, the plan is, if any users are added/removed from the
groups then the policy would be re-published to the group - I'm assuming
this will work also?


--
Andy Stewart - Somewhere In Scotland
zcm 10.2.2, 4 servers in esx vm environment, 2000 users so far...
(i'd still rather be snowboarding)
------------------------------------------------------------------------
andystewartSL's Profile: http://forums.novell.com/member.php?userid=1054
View this thread: http://forums.novell.com/showthread.php?t=417317
0 Likes
Highlighted
Absent Member.
Absent Member.

So I need to stick with doing policy assignments direct to user accounts, and wait for ZESM/ZCM 11? - Any ETA on this yet?
0 Likes
Highlighted
Not applicable

As I said, I haven't tried with 4.1 IR1. My answer was based on 3.5.x
Maybe you can confirm?

Our ZCM11 is currently in Public Beta2, which you can download at: http://www.novell.com/communities/node/4067/zenworks-community-builds?id=3525&type=1

I think we are on track to release it in a couple of months. Maybe sooner....


>>>

From: andystewartSL<andystewartSL@no-mx.forums.novell.com>
To:novell.support.zenworks.endpoint-security-management
Date: 8/4/2010 5:06 AM
Subject: Re: Policy Assignment to AD Groups

So I need to stick with doing policy assignments direct to user
accounts, and wait for ZESM/ZCM 11? - Any ETA on this yet?


--
Andy Stewart - Somewhere In Scotland
zcm 10.2.2, 4 servers in esx vm environment, 2000 users so far...
(i'd still rather be snowboarding)
------------------------------------------------------------------------
andystewartSL's Profile: http://forums.novell.com/member.php?userid=1054
View this thread: http://forums.novell.com/showthread.php?t=417317
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.