Endpoint DLP Plus provides an option to create custom group of computers, which can be used as targets for the deployment of policies.

The advantages of custom groups are:

  1. You can have any number of custom groups to group computers of users in a specific department. You can create this once and can use these groups as targets for deploying the configurations.

  2. You can add or remove computers from groups at any point of time.

  3. Groups once created can be used in any number of configurations.

  4. Creating Unique Custom groups, will leverage user management by defining specific scope (unique Custom Groups) to specific user devices.

  5. In version 10.0.598 and above, custom groups can be created by technicians with write permission for deployment activities. However these custom groups can be created only on the basis of computers and not users. The managed computers can be filtered by the created custom groups using custom group Filters.

  6. In version 11.2.2331.01 and above, custom groups can be created from Active Directory groups. Replicate organizational structure as exists in the Active Directory into the scope of the product, instead of repeating the process of defining individual groups. Predefined objects in the AD will be created and reflected as different groups in the product.

  7. Custom Group creation can also be done on the basis of Domains/Organizational Units (OUs)/AD Groups that exist in the Active Directory. Any sub-objects/ child OUs present under the selected domain/parent OUs will be automatically created as separate custom unique groups.

This document will explain you on the three types of custom groups, they are:

Static Custom Group

You can define a static group, when you have a definite set of computers to be added to this group. If you want to add or remove computers in this group, it has to be done manually.  A computer can be a part of more than one static custom group. These groups are created as target, for deploying policies.

Static custom groups can also be created by directly choosing the pre-existing subgroups from the AD. All the available groups under the AD will be listed in the product, and the necessary groups can be selected and created into a separate custom groups. Existing subgroups in the selected objects of the AD will be created as individual custom groups (if they aren't already a custom group in the product), with the following naming pattern: AD Group Name - Parent OU - Domain. In the case that the provided name already exists, sequential numbers will be added at the end. [Eg: AD Group Name - Parent OU - Domain (1)]

 

Static Unique Group

A Static unique group is a static group, where the computers belonging to this group cannot be added to any other groups. Computers added to a Static Unique group once, will not be listed, when you try to create another group of the same kind. The main purpose of the creating a Static unique group is to associate these groups as Scope for the users. All the privileges to manage this group can be defined only by the administrator.

The creation of static unique custom groups can also be done by syncing the AD with Endpoint DLP Plus server. By selecting the Domain/Organizational Unit (OU) while creating the static unique group, all the computers listed under that domain/OU will be associated into that static unique group. If a computer already exists in another group, it will not be added to the new static unique group. Only one particular Domain/OU can be mapped to a custom group. Sub OUs in the selected OU of the AD will be created as individual custom groups (if they aren't already a custom group in the product), with the following naming pattern: AD OU - Parent OU - Domain The Sub-OU based CGs will be mapped to the parent OU CGs.

 
  • You can also import a csv file to add computers to a static or static unique group. The csv should contain the name of the computer followed by the domain name as explained below: 

    Computer Name,Domain Name
    system101,companyorg

 

Create a Custom Group

To create a custom group, follow the steps below:

  1. Select the Admin tab

  2. Click the Custom Groups link available under the Global Settings. This will list all the Custom Groups that have been created.

  3. Click on Create New Group and specify the following values:

    1. Specify a name for the custom group. This should be unique.

    2. Select the Domain or the Workgroup from the list.

    3. Select the Group Type as Computers. This will list the available computers in the selected domain.

      Note: By default, the computers will be displayed in Tree View. Use List View link to view users/computers as a list. Manual entry of computers is possible using Manual Input option.

    4. Select the computers and move them to the Added list.

  4. Click Submit to create the group.

  5. Creating Static Custom Groups (automatic creation from AD):
    • Select AD Groups under the Membership section.

    • Click on +Select AD Groups and select the necessary objects.

    • Click on Save, and then Create Group.

  6. Creating Static Unique Custom Groups (automatic creation from AD):
    • Select Domain/Organizational Unit under the Membership section.

    • Click on +Select Domain/Organizational Unit and select the necessary objects.

    • Click on Create Group.

List View

    1. Click on the List View link for the computers to be displayed as a list.

    2. Click on a particular alphabet to view the computers with names that begin with alphabet specified. Use All link to list all the users/computers.

    3. Click on the Sort link to sort the listed computer names.

Ignore Prefix

Incase, all the computers name starts with "DC" followed by the unique machine names, then you can use "Ignore prefix" to ignore the the "prefixed characters" during the search/sort operation. The resultant list therefore shows all those computers with names beginning with the letter 'W' after ignoring the Prefix 'DC'.

 

Automate Custom Group creation

Custom groups can be created automatically using Active Directory objects by configuring the sync setting as follows:

    1. Select Custom Group under the tab Admin.

    2. Choose the Sync Settings tab and select Add AD Path.

      • Choose where the sync has to happen from, by clicking on the AD Groups and Organizational Unit checkbox. The AD Groups and subgroups in the selected AD path will be created as individual static groups while the parent and child OUs will be created as static unique groups.

      • Select the applicable Group Name Format from the drop list.

      • Select the required AD Path.

      • After the necessary actions have been performed, click Preview and Save.

You have now automated custom group creation from the Active Directory.

 
  • Note: A sync between the AD and Endpoint DLP Plus server happens everyday at particular time intervals each day (can be configured by the administrator). To reflect the AD changes immediately in the product, the sync can be initiated manually as well. The maximum number of tries for manual sync between the product and the Active Directory is limited to 4 times a day.

 

Add Computers Manually

    1. Click on the Add tab for the computers to be manually added.

    2. Specify a valid Computer in the text field.

    3. Click on >> button to add the computer in the custom group.

       
      • Incorrect Computer will not be added and the application will throw an error. In that case, specify the correct Computer name and add it again.
    4. Click on Create Group button to complete custom group creation.

You have successfully created a custom group.