2.3 Working with Managed Groups

Nested groups let you define different models of your company structure. Each of these top-level groups represents one view of your organization, such as organizational hierarchy, physical location of computers, or type of service the computers perform. Choose a managed group structure that maps to the setup of your organization. If your company IT infrastructure changes, you can drag and drop endpoints from group to group. Alternatively, you can organize your assets by vulnerability risk. For example, group all high-risk assets in one managed group so you can schedule pertinent policy templates to run against your most vulnerable systems more often than against lower-risk assets.

Ensure that you assign all endpoints to a managed group. Both the Asset Compliance View and the Security and Compliance Dashboard use your user-defined managed groups for displaying policy template results. For more information about the Asset Compliance View, see Section 5.4, Using the Asset Compliance View for Evaluation. For more information about the Security and Compliance Dashboard, see the NetIQ Security and Compliance Dashboard Installation and Configuration Guide.

Your console user account, which enables you to log on to the Secure Configuration Manager console, must have proper permissions to create and modify groups. You can also set permissions for viewing managed groups. For more information about permissions, see Section 3.6, Managing Permissions.

NOTE:Users must have the Access IT Assets permission with the Allow for All Groups setting enabled to add groups and see those groups they created. For example, console user John can add groups, such as Group C and Group D, but does not see the groups because he does not have the Allow for All Groups permission. Another user with the Allow for All Groups setting enabled must grant John access to the managed groups he created.

2.3.1 Creating a Managed Group

You can create empty managed groups so those groups are available when you add endpoints later.

To create a managed group:

  1. In the left pane, click IT Assets.

  2. In the IT Assets tree pane, expand Managed Groups and select My Groups.

  3. Right-click and then click Add Group.

  4. (Optional) To make your new group a child of an existing group, select the existing group in the Available Groups list.

  5. Specify the appropriate values.

    NOTE:Managed Group names must be unique, but also are case-sensitive.

  6. Click Create New Group.

  7. Click Finish.

2.3.2 Moving Existing Endpoints into Groups

After deploying your agents and endpoints, move those existing endpoints into groups for easier categorization. Moving endpoints from one group to another does not affect scheduled jobs.

To add endpoints to a group:

  1. In the left pane, click IT Assets.

  2. In the IT Assets tree pane, expand Managed Groups and select the folder in which the endpoints currently exist.

  3. In the content pane, select the endpoints you want to add to the group.

  4. Right-click and then click Add to Group.

  5. In the Available Groups list, select the group to which you want to add the endpoints.

  6. Click OK.