Most computer networks are based on either Windows Active Directory or Workgroups. System administrators can configure the actions to be performed by Endpoint Central when a computer is added or removed from the Active Directory. This is possible by configuring the SoM Policy. From there on, onboarding these computers onto Endpoint Central is just a click away!
This document provides everything you need to know to configure Scope of Management in Endpoint Central.
Active Directory (AD) domains are typically auto-discovered, but if needed, you can add them manually.
Learn how to add a domain in Endpoint Central here.
If you encounter issues while adding workgroups, check our Knowledge Base for troubleshooting tips.
Note: Computers in Novell eDirectory-based networks are managed as Workgroups in Endpoint Central.
In a workgroup setup, administrators can manually push agents to workgroup computers. This ensures that non-domain devices are brought under management for policy enforcement and software distribution.
To learn more, refer here.
Endpoint Central uses credentials to sync with AD and install agents. If the password changes due to expiration or policy, the credentials must be updated.
To update credentials, go to the domain/workgroup in the console and click Modify under the Actions column. Edit the credentials and click Update Domain Details.
More info available here.
By configuring the Scope of Management policy, IT administrators can automate the onboarding and deprovisioning of computers in Endpoint Central. Computers from AD that are not currently managed will be listed for easy addition.
You can configure the sync to run at a specific time daily, with options to notify on detected changes. Sync can be run in two modes: sync only modified data or sync all.
Learn more here.
If agent installation fails, you can use the troubleshooting option under Scope of Management:
Note: To perform push installation of agents, either Domain Administrator privilege or Domain Admin with Local Administrator privilege is required. If these privileges are not available, you can use a Domain user account without admin access for AD sync only — agent installation from the console will not be possible in this case.