You can configure Inclusive policy rules to automatically associate specified agent management services with specified smart groups. Gaps between configured inclusive policy and actual management service deployment are handled in two ways:
If any endpoint is included in two or more rules that apply different management services with the same managed agent, the first rule wins and that is the management service that will be applied to the endpoint server.
If due to a change in filter configuration or in endpoint configuration an endpoint no longer belongs to a group, services are not accordingly removed but the rules will no longer be applied on it.
You can also configure Ban rules that will prevent specified agent management services from subsequently being deployed (manually or by policy) to specified smart groups.
The Tools> Selected tool > Policy tab contains a list of configured policy rules for a specific tool and is ordered by priority.
The Status of each rule is either Enabled (the management service is applied) or Disabled (the rule is inactive). For agent management services (not the connector), rules are marked by type: Include or Exclude.
You can manage the table.
To configure the policy:
- In order to edit an existing rule scroll to the right in the policy configuration window and click
Under Actions, you can Remove or Edit any rule.
- To add a rule:
- Click Create Rule
- Enter a Rule Name
- Select a Smart Group (or, All Servers)
- Select Required Service
- Select Auto Fix Mode
- Select Severity of Related Exceptions
- Choose either to enable the rule or not
- Click OK.
- Click Apply.